View Results in JFrog

We have built and published our Docker image. Let’s view these results in the JFrog Platform.

  1. Go to your JFrog Platform instance and switch to the Packages view in Artifactory. Go to ArtifactoryPackages.
  2. Search for the name of the Docker image that was built in your workshop. For the ECS build, search for ecs-docker-compose-workshop-app. For the EKS build, search for eks-workshop-app.
  3. Click on the Docker image listing. Npm App Package
  4. This will show a list of the versions. Click on the latest version that was built. Npm Build Published Modules
  5. In the Xray Data tab, view the security violations. License violations are available in the JFrog Platform Pro and Enterprise tiers. Npm Build Xray Data
  6. Click on any violation to see the details and impact in the Issue Details tab. Npm Build Xray Detail
  7. Scroll down to the References section to access links to documentation that can help you remediate the issue. Npm Build Xray Detail References In many cases, you just need to update the component and Xray will indicate this. Npm Build Xray Detail Versions

    Xray supports all major package types, understands how to unpack them, and uses recursive scanning to see into all of the underlying layers and dependencies of components, even those packaged in Docker images, and zip files. The comprehensive vulnerability intelligence databases are constantly updated giving the most up-to-date understanding of the security and compliance of your binaries.

  8. Close the Issue Details tab.

  9. View the Docker configuration for the image in the Docker Layers tab.

  10. On the Builds tab, click on npm_build in the list. Npm Build List

  11. Then click on your most recent build.

  12. In the Published Modules tab, view the set of artifacts and dependencies for your build. Npm Published Modules

Our JFrog CI/CD “pipeline” provided an overview of a typical build, docker build and push, security scan and promotion process using JFrog Pipelines, Artifactory and Xray. With the JFrog Platform, you can view the results of your software build from versions to vulnerabilities.