JFrog Artifactory Integration
Checkmarx One provides an integration with JFrog Artifactory, enabling you to automatically pull images from your private JFrog Artifactory and scan them using the Checkmarx One Container Security scanner. We provide a convenient wizard on the Checkmarx One Integrations page that enables you to submit your JFrog credentials and create the integration.
Prerequisites
A Personal API key for the repository where the images are located, with read access to the container registry.
Notice
In JFrog go to Admin > Identity & Access > Users then select your user and go to the Authentication tab and generate the API key.
Limitations
The integration is not effective for scans run via the Checkmarx One CLI tool or associated plugins.
Setting up an Integration
To set up a JFrog Artifactory Private Registry Integration:
Open the Integrations
page.Click on the JFrog Artifactory tile under Private Registries for Containers, then click Start.
The JFrog Artifactory Integration wizard opens on the right side of the screen.
Name Your Account and optionally fill in the Description and Associate Tags fields, then click Next.
Under Username enter the Username for your JFrog account.
In the API Key field, enter the API key for your JFrog Artifactory (as described above in Prerequisites).
In the URL field, enter the URL for your JFrog account using the format
https://<subdomain>.jfrog.io.Click Add Account.
Monitoring Integration Status
You can monitor the status of your JFrog integrations to see whether or not the integration is connected. Possible statuses are:
Pending - The integration was just set up and hasn't connected yet.
Connected - The integration is running and you are able to scan images in your JFrog Artifactory.
Disconnected - Checkmarx One is not currently able to access your private JFrog Artifactory.
To monitor the integration status:
Go to Integrations
> Inventory tab, and select Runtime & Cloud.Check the Status column for each of your integrations.
