What to Do When Xray Stops Scanning Your Builds

Screenshots are relevant for Xray version 2.x

You've set up Xray, connected it to Artifactory, and deployed new a build. However, you then discover that Xray hasn't scanned it. Why? Well, by default,Xray doesn't scan every deployed build. Indeed, for Xray to scananybuilds, you'll need to configure it to do so by following these steps:

1.Select the builds you want Xray to index

Navigate toXray UI>Admin>Configuration>Artifactory> select the relevantArtifactory instance> select theBuildstab, and add your relevant builds:

2.Create a new policy

Policies are the actions that Xray will perform whenever it discovers a violation(s) in scanned artifacts. To create a new policy, navigate toPolicies>New policy, and configure it as desired. The following example will result in the failure of any build that contains an artifact containing a critical severity:

3.Create a new watch

To configure watches such that Xray willtrackandkeep you informedabout particular artifacts, navigate toWatches>New Watchand then configure a watch to track whatever you’d like. In the example below, we’ll track thetest-mavenbuild and assign to it the policy created in Step #2 above:

4.Configure a build to trigger an Xray scan

This step is related to the way deploy the build to Artifactory, see the relevant documentation for the possible deployment:
• Trigger build scan usingJFrog CLI.
• Configure build scan as part ofJenkins pipeline.
• Configure build scan as part of Bamboo build usingArtifactory Bamboo plugin.