JFrog Xray & Microsoft Teams

John Peterson — Thu, 30 Jul 2020 22:50:09 +0000

JFrog Xray & Microsoft Teams

More than ever we need to be made aware when security issues arise. JFrog Xray is a great product that brings operational awareness to your software development lifecycle combined together with Microsoft Teams we have the channel of communication we need to ensure our team is always on top of the latest security concerns.

Getting Started

Let's get started by opening up Microsoft Teams. We will need to make a new connector on the channel we want to deliver our messages into. Click on the more options "..." icon to bring up the menu of options for a channel. Select "Connector app" to bring up the popup.

Inside of the Connector popup search for "Incoming Webhooks" and click the "Add" button which will then bring you to the Configure screen shown below.

Enter the name "Xray Webhook" and download and save the Xray image to upload into the new webhook.

Scroll down in the popup after adding the webhook to grab the URL for the incoming webhook

Deploy the integration server

Download the Github repo here

Build the code using Golang

go build

Export environment variable MICROSOFT_TEAM_WEBHOOK with the URL of the incoming webhook

export MICROSOFT_TEAM_WEBHOOK=http://the-incoming-webhook-url

Run the integration server

./xray_msteam

Grab the hostname/ip address of the machine running the integration server we will use this to supply to Xray webhook in the below format

http://ip/host:8080/api/send
This is the endpoint to send the messages from Xray. Last stop let's configure Xray to send the outgoing webhook.

Xray Outgoing Webhook

As an admin user, open up JFrog Unified Platform and goto the administration setting shown below for Xray

Click on Webhooks and click on + New Webhook to open the new webhook screen. In this screen give a name and supply the URL of the integration server. Save the new webhook.

The next step is to add the new webhook to an Xray policy as a new rule. This is what will trigger the webhook when new violations are found in a watch associated to this policy. Click on Policies and create a new policy or update an existing one to add a new rule using the webhook as shown below.

That's it! Your done!

Congrats begin to watch the messages flow...

Artifactory & Xray on Openshift via OperatorHub

John Peterson — Wed, 27 May 2020 21:25:37 +0000

OpenShift Operators for JFrog Artifactory Enterprise & Xray

OpenShift Operators are a method of packaging, deploying, and managing a Kubernetes application. They help handle the complex details of running containerized software, monitoring the state of the OpenShift Container Platform to make automated real time operating decisions.

The OpenShift operator now available for JFrog Artifactory Enterprise is compatible with OpenShift 4 and performs this automated monitoring for your deployment of Artifactory. It helps keep Artifactory running in your K8s cluster by:

Setting up the correct RBAC policies to run JFrog Artifactory securely
Deploying JFrog Artifactory in a high availability (HA) mode
Provisioning the required storage and service endpoints

The OpenShift operator now available for JFrog Xray is also compatible with OpenShift 4 and performs the same automated monitoring for your deployment of Xray. It helps keep Xray running in your K8s cluster by:

Setting up the correct RBAC policies to run JFrog Xray securely
Deploying Openshift certified RabbitMQ instance for enhanced security

Deploying Artifactory Enterprise Instance via Operatorhub

Our first step will be to configure a Postgresql instance to be used by the JFrog Enterprise Operators as they require an external database to be configured ahead of time. In this case we picked Postgresql as we can then leverage the same component for both Artifactory & Xray.

Configure Artifactory Database

CREATE USER artifactory WITH PASSWORD 'password'; CREATE DATABASE artifactory WITH OWNER=artifactory ENCODING='UTF8'; GRANT ALL PRIVILEGES ON DATABASE artifactory TO artifactory;

Configure Xray Database

CREATE DATABASE xraydb WITH OWNER=artifactory ENCODING='UTF8'; GRANT ALL PRIVILEGES ON DATABASE xraydb TO artifactory;

Create TLS Secret for Artifactory SSL

oc create secret tls tls-ingress --cert=tls.crt --key=tls.key

Access Openshift OperatorHub to install JFrog Artifactory Enterprise Operator

Find new Artifactory HA Provided API under Installed Operators

Click on the Artifactory HA Provided API to create a new instance

Fill in all necessary fields marked with "OVERRIDE"

Use the "oc" CLI to view pods and external IP exposed from Openshift

Congratulations!

Next Steps

(Optional) Map DNS to the external IP
Access Artifactory with default credentials user: admin password: password
Update Artifactory credentials in the onboarding wizard
Add at least one license per Artifactory node in the onboarding wizard
Complete onboarding wizard with desired options selected

Deploying Xray Instance via Operatorhub

The following steps will assume you have deployed a Postgresql instance into Openshift with xraydb already created and granted permissions to the artifactory user.

If you wish to use another database for Artifactory other than Postgresql you will need to create a Postgresql instance at this point as Xray requires Postgresql.

Next we will deploy the Xray operator via the Operatorhub and create a new instance of Xray that will communicate to the Artifactory and Postgresql we just created in the prior steps. Let's head back to the Openshift web console to find the Xray Operator available to install below.

Access Openshift OperatorHub to install JFrog Xray Operator

Find new Xray Provided API under Installed Operators

Click on the Xray Provided API to create a new instance

Fill in all necessary fields marked with "OVERRIDE"

Use the "oc" CLI to view pods and external IP exposed from Openshift

Congratulations!

Next Steps

Complete onboarding wizard with desired options for Xray

Congratulations! We now have deployed Artifactory Enterprise and Xray into Openshift!

Forem: John Peterson

JFrog Xray & Microsoft Teams

JFrog Xray & Microsoft Teams

Getting Started

Deploy the integration server

Xray Outgoing Webhook

That's it! Your done!

Artifactory & Xray on Openshift via OperatorHub

OpenShift Operators for JFrog Artifactory Enterprise & Xray

Deploying Artifactory Enterprise Instance via Operatorhub

Configure Artifactory Database

Configure Xray Database

Create TLS Secret for Artifactory SSL

Access Openshift OperatorHub to install JFrog Artifactory Enterprise Operator

Find new Artifactory HA Provided API under Installed Operators

Click on the Artifactory HA Provided API to create a new instance

Fill in all necessary fields marked with "OVERRIDE"

Use the "oc" CLI to view pods and external IP exposed from Openshift

Congratulations!

Deploying Xray Instance via Operatorhub

Access Openshift OperatorHub to install JFrog Xray Operator

Find new Xray Provided API under Installed Operators

Click on the Xray Provided API to create a new instance

Fill in all necessary fields marked with "OVERRIDE"

Use the "oc" CLI to view pods and external IP exposed from Openshift

Congratulations!