Protecting production systems is mission-critical, and any issues or vulnerabilities found must be remediated as quickly as possible. However, as we all know, prevention is better than cure, and we would prefer to avoid infected components from ever getting into our production systems in the first place. Xray’s CI/CD integration does exactly this. Using a dedicated plugin, Xray communicates with your CI/CD server* through JFrog Artifactory, scans a build, and notifies the CI/CD server if any components with known issues or vulnerabilities are found. You can configure your CI/CD server to take appropriate action such as failing the build, notifying an administrator or anything else your CI/CD server allows.
By including Xray in your automated CI/CD workflow, you can discover issue or vulnerabilities at build time, before a component goes to production, and thereby, reduce the cost of remediation.
(*Currently supported: Jenkins CI and JetBrains TeamCity)