Stay Alert to Security With Xray and PagerDuty

When it comes to2022世界杯时间表 againstopen source vulnerabilities, the earlier action occurs — by the right person — the safer you and your enterprise will be.

Many IT departments rely on thePagerDuty incident response platformto improve visibility and agility across the organization. The enterprise-quality incident management system provides reliable notifications, automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.

JFrog Xrayis theuniversal software vulnerability scanning solutionthat natively integrates with Artifactory as part of the卡塔尔世界杯赛程时间表 , givingDevSecOpsteams an easy way to proactively identify open source vulnerabilities and license compliance violations, before they manifest in production.

We’ve made it easy to combine these two solutions through JFrog’s addition to the family ofPagerDuty Integration Partner Program’s Verified integrations.. With thePagerDuty integration for Xray, key personnel can receive PagerDuty notifications for security violations detected by JFrog Xray’s deep recursive scanning of artifacts.

Once the integration is configured, PagerDuty can turn any security or license policy alert into an incident report. This is useful to:

• Proactively manage security and complianceacross the software development andsoftware distribution生命周期。接受早期notifications within PagerDuty on vulnerabilities and compliance violations impacting artifacts, builds and components before releasing to production.
• Customize notifications and configure granular policieswithin JFrog Xray based on the type of violation, severity and receive notifications on repositories, builds or release bundles of interest.
• Granular VisibilityReceive a continuously updated list of impacted components and their associated dependencies as part of the notification payload sent by JFrog Xray to PagerDuty.

Integration For Vulnerabilities Vigilance

In the JFrog Platform, DevOps administrators can define granular watch policies based on type of violation and severity, and configure Xray to regularly scan repositories, builds, and release bundles against those policies. Administrators can associate these rules with an outbound event webhook, and any violations found will trigger sending the webhook.

The PagerDuty integration for Xray can be associated with a PagerDuty service that will receive the webhook from Xray. Once received, PagerDuty can direct an incident report to an individual or group to let them know of the security or license violation detected by Xray.

Once Xray is configured to work for you, these benefits are yours:

• Deep recursive scanning examines all the underlying layers and dependencies of components, even those packaged in Docker images and ZIP files.
• Be confident with the most timely and comprehensive vulnerability intelligence VulnDB, plus other sources of vulnerabilities, license compliance, component versions and others.
• Unprecedented visibility of your artifacts and dependencies enables Xray to provide an impact analysis of any issues discovered in your software.

Quick and Easy Security

We’ve provideddetailed instructionswith the integration, but integrating Xray with PagerDuty takes these three simple steps:

1. Configure PagerDuty

Add the PagerDuty integration for Xray to a new or existing PagerDuty service. Note the integration key provided by PagerDuty.

PagerDuty is now ready to receive notifications from Xray through a webhook. You can configure the service to direct incident reports to the persons or groups who should receive them.

2. Add Webhook to JFrog Platform

In the JFrog Platform,add a new webhookfor the PagerDuty Events API in theAdmin > General > Webhookstab.

Great! Now your JFrog Platform is ready to talk to PagerDuty, and PagerDuty is ready to listen.

3. Configure Xray Policy Rules and Watches

For each Xray policy setting you want to send an incident report for,configure its Policy RuletoTrigger Webhook, and select the PagerDuty Xray integration webhook that you created.

Once you’ve set up your rule,configure watchesfor the resources (repositories, builds, release bundles) you want to scan for any violations of that policy.

Stay Alert, Stay Safe

如果你不是已经使用x光,sta很容易rt exploring its capabilities and the benefits of the JFrog DevOps platform with a free cloud subscription on the cloud platform provider of your choice. And you can start issuing notifications right away!

With thePagerDuty integration for Xray, it’s easy to make Xray’s security scanning a vigilant part of your incident management system. Through PagerDuty, you can help ensure that the right personnel are immediately alerted to the types of security and license violations you most care about.