Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >

Search





Overview

Start working with the JFrog Platform

The purpose of this guide is to easily get you started with your JFrog cloud instance. Going through the steps below will introduce you to some of the basic functionality of the JFrog Platform and these JFrog solutions that are included with your subscription: 

  1. JFrog ArtifactoryUniversal package management and container registry in one, supporting all major packaging formats, build tools, and CI servers.
  2. JFrog XrayOpen source security scanning and license compliance enabling DevSecOps and ensuring application security throughout your SDLC.
  3. JFrog Pipelines: CI/CD pipeline orchestration all the way from code to production.

Be sure to follow the guide and use the default names provided.

Before you start

Here’s what you’ll need:



Page Contents


Step 1: Login to your environment

Login using the credentials provided to you by email, or any other administrator user created after login.

Step 2: Add repositories & artifacts

This step will walk you through creating a Docker repository type and uploading your container images, allowing you to use Artifactory as your Docker Registry. You can then follow the instructions to create other types of repositories for additional binaries out of the 27 supported technologies such as npm, Maven, Go, and others.

  1. Navigate to the Administration Module. Expand the Repositories menu and click on the Repositories menu item.

  2. Create 3 new Docker package type repositories:
    • Add a new Local Repository with the Repository Key “docker-quickstart-local” and keep the rest of the default settings.
    • Click on the Remote tab and add a new Remote Repository with the Repository Key “docker-quickstart-remote” and keep the rest of the default settings.
    • Click on the Virtual tab and add a new Virtual Repository with the Repository Key “docker-quickstart”.
      • Add the local and remote Docker repositories you just created. 
      • Select your local repository as the Default Deployment Repository and keep the rest of the default settings.

        When creating your remote and virtual repositories, you’ll see a pop-up window with some basic Docker commands. Copy these commands for future use. You’ll also need your server name and repository in the next steps.

  3. Fork the JFrog Project Examples GitHub repository. Here you will find the JFrog QuickStart example GitHub repository, containing a simple Dockerfile that you will use to build your custom image.
  4. Update the base image reference.
    • Clone your forked repository and update the FROM line of the Dockerfile to reference your virtual Docker repository.

      FROM ${SERVER_NAME}.jfrog.io/${VIRTUAL_REPO_NAME}/ubuntu:16.04
      

      The SERVER_NAME is the first part of the URL given to you for your environment: https://SERVER_NAME.jfrog.io
      The VIRTUAL_REPO_NAME is the name “docker-quickstart” that you assigned to your virtual repository in the steps above.

  5.  Using the following commands, log in to your virtual repository “docker-quickstart”, build, tag and push your custom image to your Docker repository:

    $ docker login ${SERVER_NAME}.jfrog.io
    
    $ docker build --tag ${SERVER_NAME}.jfrog.io/${VIRTUAL_REPO_NAME}/my-docker-image:latest .
    
    $ docker push ${SERVER_NAME}.jfrog.io/${VIRTUAL_REPO_NAME}/my-docker-image:latest
  6. Navigate to the Application Module, in the Platform UI, expand the Artifactory menu and click the Artifacts menu item. Here you’ll be able to see the details of your new artifacts.

Step 3: Scan for OSS security vulnerabilities & compliance

This step will walk you through defining a Policy, assigning it to a Watch, selecting a repository to monitor, and running your scan!

  1. Navigate to the Administration Module. Click on the Xray Security & Compliance menu and the Indexed Resources menu item.
  2. Add your “docker-quickstart-local”, “docker-quickstart-remote” repositories to your indexed resources by clicking Add a Repository.

    Keep in mind for your future work that indexing all repositories is resource intensive. It is recommended to select only the repositories you need to scan according to your organization needs.


  3. Define a security policy that you will later enforce in a watch.
    • Navigate to the Application module, expand the Security & Compliance menu and click the Policies menu item.

    • Create a new policy called “docker-security”, of type Security, with a rule called “docker-all-severities” set with All-Severities.
  4. Define a watch that includes your new security policy.
    • Navigate to the Application module, expand the Security & Compliance menu and click the Watches menu item.
    • Create a new watch called “sample-watch”, with your 2 repositories (“docker-quickstart-local” and “docker-quickstart-remote”) and your “docker-security” policy assigned to it by clicking Manage Policies.

      Watches, Policies & Rules

      Policies allow us to define security and license compliance behaviors specific to your organization. Once they are defined, they are enforced by applying them to Watches. Rules define the behaviors that we want to enforce.


  5. Run your scan by hovering over your watch and clicking on Apply on Existing Content to manually trigger it.

    The Xray scan may take some time to complete and show the vulnerabilities results. You can return to this step later to see your vulnerabilities.




  6. View any discovered vulnerabilities by clicking on your watch.

Step 4: Define a pipeline

This step will walk you through creating a simple automated CI/CD pipeline with JFrog Pipelines.

  1. Add an Artifactory integration.
    Your Pipeline will be consuming and producing artifacts/builds. First, we need to connect your Artifactory instance to it.
    • Generate and copy an API Key from your User Profile, by clicking on the admin username on the top right and selecting Edit Profile.
    • Navigate to the Application Module. Click on the Pipelines menu and the Integrations menu item.
    • Create a new integration called “art” of type Artifactory, with the url “<JFrog Cloud Platform URL>/artifactory” (e.g. “https://<server_name>.jfrog.io/artifactory”), User “admin”, and the API Key you just copied.
  2. Add a GitHub integration.
    Your pipeline will execute a YAML file stored in GitHub.

    • Log in to your GitHub account and generate a new personal access token called “pipelines-token” that has all scopes selected.
    • In the JFrog Platform, navigate back to the Application module, create a new integration called “my_github” of type GitHub, with the Token you just created in your GitHub account.
  3. Create your first sample pipeline triggering GitHub.
    • Fork the JFrog Github Pipeline, containing a simple YAML example of a pre-defined pipeline.
    • Update the pipeline definition by editing the pipelines.yml file, and changing the path from: “jfrog/jfrog-pipelines-simple-example”
      to your forked GitHub repository: “<github_user_name>/jfrog-pipelines-simple-example”.

  4. Add a pipeline source.
    • Navigate back to the Application module, in the Platform UI, expand the Pipelines menu and the Pipeline Sources menu item. Add your forked GitHub repository as a Single Branch pipeline source, with the Integration “my_github”, Repository Full Name “<your_GitHub_user_name>/jfrog-quickstart-repo-example”, Branch “master”, and Pipeline Config File Filter “pipelines.yml”.
  5. Manually trigger the pipeline.
    • Navigate to the Application module, expand the Pipelines menu and click the My Pipelines menu item. Click on the basic_pipeline, click on step_1 and trigger the step.

Congratulations! You’re all set and ready to continue exploring the JFrog Platform.


Learn More

Now that you’re familiar with the basic functionality of the JFrog Platform and the solutions included in your subscription, here are some useful resources to continue learning and exploring the Platform.

Documentation Resources

Other Resources


  • No labels
Copyright © 2021 JFrog Ltd.