Step 1: Login to Your Environment
Login using the credentials provided to you by email, or any other administrator user created after login.
Step 2: Build and Run Your Go Project
Go is a great language for creating simple yet efficient web servers and web services. It provides a built-in HTTP package that contains utilities for quickly creating a web or file server.
- Fork the JFrog DevRel GitHub repository. Here you will find the JFrog Go challenge repository, containing the Go project.
Move to the project directory and run the build command:
$ go build challenge.go
Run the challenge executable file to start the webserver on port 9090.
./challenge
Open http://localhost:9090 to check the webserver.
Step 3: Add Repositories and Artifacts
This step will walk you through creating a Go repository type and uploading your go project, allowing you to use Artifactory as your artifact repository. You can then follow the instructions to create other types of repositories, such as Maven, npm, and Docker.
- Navigate to the Administration Module. Expand the Repositories menu and click on the Repositories menu item.
- Create 3 new Go package type repositories:
- Add a new Local Repository with the Repository Key “go-challenge-local” and keep the rest of the default settings.
- Click on the Remote tab and add a new Remote Repository with the Repository Key “go-challenge-remote” and keep the rest of the default settings.
- Click on the Virtual tab and add a new Virtual Repository with the Repository Key “go-challenge”.
- Add the local and remote Go repositories you just created.
- Configure JFrog CLI, a smart client that provides a simple interface that automates access to JFrog products simplifying our automation scripts.
Configure the Artifactory server.
$ jfrog rt c
Configure the project's Go repositories using the command:
$ jfrog rt go-config
- Take the following steps to build the project with Go and resolve the project dependencies from Artifactory.
- CD to the root project directory
Build the project with go and resolve the project dependencies from Artifactory.
$ jfrog rt go build --build-name=go-challenge-build --build-number=1
Publish version v1.0.0 of the package to the go-challenge-local repository in Artifactory.
$ jfrog rt gp go-challenge v1.0.0 --build-name=go-challenge-build --build-number=1
Collect environment variables and add them to the build info.
$ jfrog rt bce go-challenge-build 1
Publish the build info to Artifactory
$ jfrog rt bp go-challenge-build 1
- CD to the root project directory
- Navigate to the Application Module, in the Platform UI, expand the Artifactory menu and click the Artifacts menu item. Here you’ll be able to see the details of your new artifacts.
Step 4: Scan for OSS Security Vulnerabilities and Compliance
This step will walk you through defining a Policy, assigning it to a Watch, selecting a repository to monitor, and running your scan!
- Navigate to the Administration Module.
- Click the Xray Security & Compliance menu and the Indexed Resources menu item.
- Add your “go-challenge-local”, “go-challenge-remote” repositories to your indexed resources by clicking Add a Repository.
- Define a security policy that you will later enforce in a watch.
- Navigate to the Application module, expand the Security & Compliance menu and click the Policies menu item.
- Create a new policy called “go-security”, of type Security, with a rule called “go-high-severities” set with High-Severities.
- Navigate to the Application module, expand the Security & Compliance menu and click the Policies menu item.
- Define a watch that includes your new security policy. A watch provides context to a policy by assigning it to resources such as repositories.
- Navigate to the Application module, expand the Security & Compliance menu and click the Watches menu item.
Create a new watch called “sample-watch”, with your 2 repositories (“go-challenge-local” and “go-challenge-remote”) and your “go-security” policy assigned to it by clicking Manage Policies.
Watches, Policies & Rules
Policies allow us to define security and license compliance behaviors specific to your organization. Once they are defined, they are enforced by applying them to Watches. Rules define the behaviors that we want to enforce.
Run your scan by hovering over your watch and clicking Apply on Existing Content to trigger it manually.
The Xray scan may take some time to complete and show the vulnerabilities results. You can return to this step later to see your vulnerabilities.
View any discovered vulnerabilities by clicking on your watch.
Congratulations! You’re all set and ready to continue exploring the JFrog Platform.
Learn More
Now that you’re familiar with the basic functionality of the JFrog Platform and the solutions included in your subscription, here are some useful resources to continue learning and exploring the Platform.
Documentation Resources
- JFrog Platform: JFrog Platform Overview, Application Module, Administration Module, REST API
- JFrog Artifactory: Package Management, Browsing Artifacts, Go Registry
- JFrog Xray: Indexing Resources, Creating Xray Policies and Rules, Configuring Xray Watches
- JFrog Pipelines: GoCI Pipelines Template
- Administration: Identity and Access
- Tools & Integrations: CLI for JFrog Artifactory, JFrog CLI, IDE Integration
Other Resources
- Free, self-paced training for JFrog solutions at the JFrog Academy
- Get introduced to the JFrog Platform capabilities