Comments (7)
The build scanning is performed by Xray, but the build scanning API is exposed by Artifactory. Artifactory mainly serves as proxy to Xray. This helps the JFrog build agents which already have tight integrations with Artifactory, to include build scanning as part of the CI/CD process.
Other REST APIs exposed by Xray should probably be warped using the jfrog-client-go library, using a new Xray service manager. So yes - let's use the same design and API structure we have for Artifactory and Distribution also for Xray. As for others helping with the design, let's see if we need more eyes on this. I think I can support you for now.
from jfrog-client-go.
@josh-barker-coles,
We plan to release this early next week, but we may be able to release this one even sooner.
from jfrog-client-go.
Really like this idea @josh-barker.
Would you like to help and contribute this code to the library? If so, feel free to share with us the suggested code design.
from jfrog-client-go.
Hi @eyalbe4,
I've started work on this.
At a high level, I'll be making 4 methods.
- Get
- Create
- Update
- Delete
However, I have 2 questions.
-
How can I authenticate using an API Token to
https://<server>.jfrog.io/xray/api/v2/watches
? As far as I can tell, I can only authenticate with a username/password. If that's a limitation, can you please raise a ticket to have this added? -
The sdk is designed around supporting the
/artifactory
service collection. For example,-rt.url
defaults tohttp://localhost:8081/artifactory
However, the xray watches belongs under a separate endpoint -/xray
. How should the repo be structured to support this?
One option would be to remove the /artifactory
from the end of the url, and add it internally based on the service area. However, that would also be a breaking change
References:
from jfrog-client-go.
Apologies for my delayed answer @josh-barker!
I'll try to be more responsive to help you with this important initiative.
-
Xray 3.x does supports authentication using Access Tokens. You can create a token from the JFrog Platform UI. You cam't however use the same token for both Artifactory and Xray. Sharing the same token between multiple services is planned to be supported in the future though. As for using the token through the REST API, you can look at how this is done for Artifactory in the jfrog-client-go code. This should be the same for Xray. Please let me know if you run into issues with this.
-
The jfrog-client-go code already supports JFrog Distribution, which like Xray, is a different service, You can look how the API looks like here and implement the Xray APIs the same way.
When developing the new Xray APIs, I suggest we try to be consistent with the existing Artifactory and Distribution APIs.
Thanks
from jfrog-client-go.
Hi @eyalbe4,
Ah, okay.
Originally, I was planning to extend the existing terraform provider to support an artifactory_watches
resource, as artifactory and xray are tightly integrated. I also was under the impression the authentication methods were consistent across both services, so the way I was thinking about it was that someone could use any of the 3 auth methods, and configure artifactory repos and xray watches, etc.
Is there someone else we can include on this discussion to help with the design?
In terms of implementing the xray watch functionality, I saw that xray scan already exists under artficatory/services/xrayscan.go, so I've started creating the functionality alongside that.
Are you recommending that the xray watch functionality should belong under an xray
directory, mirroring what we have in the distribution
directory?
Cheers
from jfrog-client-go.
Hey @eyalbe4 , just wondering when the next release will be created?
Then we can close this issue! 😃
from jfrog-client-go.
Related Issues (20)
- race-condition in servicesManager
- Configure `Enable Dependency Rewrite` and `Patterns Allow List` for Remote Helm Repositories HOT 1
- Opentelemetry: Option to pass context
- Repositories fields not covered by the Go client
- Remote repositories - manage passwords HOT 1
- Correct way to get if a search returned no results?
- Does ContentReader of DownloadFileswithsummary have file information in Bytes HOT 5
- Improve SetUrl Logic to handle `$URL` and `$URL/`. HOT 3
- Missing `include_reference_token` parameter when creating a new access token.
- Create Access Tokens for other users using the Access service
- Security v2 API HOT 1
- AccessServiceManager create access token
- GetAllUsers() only returns mostly empty User struct, only the username and authentication method HOT 1
- GetAllRepositoriesFiltered(params services.RepositoriesFilterParams) should honor the API HOT 1
- CreateFolder function is missing
- Jfrog CLI fails with `400 Bad Request` instead of maybe `403 Forbidden`, returning error impossible to debug error message HOT 3
- httpclient.DoRequest retry logic ignores value of closeBody
- Which utils from utils.FileInfo is it referring to in the README? HOT 1
- build scan command with flag --project is returning xray_details_url without project key
- TempDir is not getting created when the jfrog docker scan command is ran.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jfrog-client-go.