Set Up Xray Security

  1. In your JFrog Platform instance, go to Administration > Xray > Watches & Policies.

    Watches & Policies

  2. Click Create a Policy.

  3. Call the security policy, High-Severity.

    Policy Name

  4. Click on New Rule.

  5. Name the rule High-Severity and select High for the Minimal Severity. Click Save.

    Xray Rule

  6. Click Create to create this new security policy.

  7. Click on the Watches tab under Watches & Policies.

    Setup Watch

  8. Click on Set up a Watch.

  9. Name the new watch Docker-Scanning.

  10. Click Add Repositories.

  11. Move the repositories workshop-docker-local and workshop-docker-prod-local to the Included Repositories.

    Scanned Repositories

  12. Click Save.

  13. Click Manage Policies.

  14. Move the High-Severity policy to the Included Policy.

    Selected Policy

  15. Click Save.

  16. Click Create to create the new watch. This watch will scan the workshop-docker-local and workshop-docker-prod-local Docker repositories for new images and check for high severity security vulnerabilities.

    Created Watch

JFrog Xray scans your artifacts, builds and release bundles for OSS components, and detects security vulnerabilities and licenses in your software components. Policies and Watches allow you to enforce your organization governance standards. Setup up your Policies and Watches to reflect standard governance behaviour specifications for your organization across your software components.