Amplify SDLC Change Events and Xray Security Vulnerabilities
Stay Alert to Xray Security Vulnerabilities
As your mission-critical tools for DevOps, key events that occur in Artifactory, Xray, and Pipelines, and Distribution reveal whether or not your software pipeline is on-track to deliver production-quality releases.
JFrog integrations for thePagerDuty incident response platformbring real-time visibility and awareness of what’s happening in your JFrog-powered software pipelines to your entire team through one of the leading operations management tools. The PagerDuty incident management system provides reliable notifications, automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.
JFrog一rtifactory is the universal artifact repository manager at the core of the JFrog Platform’s binaries-driven formula for DevOps success. JFrog Xray is the universalsoftware composition analysis (SCA) toolthat enablesDevSecOpsteams to proactively identifyopen source vulnerabilities and license complianceviolations before they manifest in production. JFrog Pipelines powers the Platform with traceable CI/CD automation.
With JFrog integrations for PagerDuty, incident teams can direct an early response by the right person to resolve DevOps, security, and change events as they occur.
欧洲一体化的好处
- Proactively manage security and compliance在软件开发和发布lifecycle.
- Reduce mean time to resolution (MTTR)through early PagerDuty notifications onsecurity vulnerabilitiesand compliance violations.
- Customize notifications and policiesbased on type of violation and severity.
- Granular visibilityon impacted artifacts, components and dependencies.
- Monitor yourSoftware Distributionpipeline in real-time.
Integration Features
In the JFrog Platform, DevOps administrators can configure Artifactory events and granular Xray watch policies to trigger outbound event webhooks, and associate each with a PagerDuty service. Once received, PagerDuty can direct each incident report to an individual or group to alert them of events in Artifactory, and of security or license violations detected by Xray.
 |
 |
 |
| Artifactory can trigger incidents on a PagerDuty service to report change events for artifacts, builds, and release bundles. For example: an artifact uploaded, a Docker tag pushed, or a release bundle distributed. |
Xray can trigger PagerDuty to direct incident reports to individuals or groups to alert them of security or license policy violations detected in scanned repositories, builds, and release bundles. | Pipelines can deliver real-time CI/CD event information to a PagerDuty service. Respond quickly to build failures and receive actionable, granular information about a particular pipeline step. |
Use Cases
- SRE/IT Admin Oversight– Configuring Xray policy settings can ensure robust, continuous scanning of all production releases. Incident reports sent through PagerDuty enable rapid response to all relevant security vulnerabilities that are discovered.
- Quality Assurance– QA teams can configure Xray policies and watches to monitor targeted artifact repositories used for test and staging environments, and report security violations through PagerDuty incident services for prompt resolution.
- Shift Left Security– Developers and Dev managers configure Xray policies and watches to continuously scan targeted artifact repositories used for milestone dev builds. Incident reports sent through PagerDuty alert the development team of any security vulnerabilities and enable resolution at the earliest point in the development lifecycle.
