Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >





Overview

Start working with the JFrog Platform

The purpose of this guide is to easily get you started with your JFrog cloud or self-hosted instance. Going through the steps below will introduce you to some of the basic functionality of the JFrog Platform and these JFrog solutions that are included with your subscription:

  1. JFrog Artifactory: Universal package management supporting all major packaging formats, build tools, and CI servers.
  2. JFrog Xray: Open source security scanning and license compliance enabling DevSecOps and ensuring application security throughout your SDLC.
  3. JFrog CLI: Compact client, developed to enhance and simplify command line interactions with JFrog products. JFrog CLI commands will deploy, resolve and upload multiple artifacts in parallel.

This guide is customized for npm users.

Be sure to follow the guide and use the default names provided.

Before you start

Here’s what you’ll need:

Page Contents


Step 1: Login to your environment

Login using the credentials provided to you by email, or any other administrator user created after login.

Step 2: Build and Run your npm project

The name npm (Node Package Manager) stems from when npm first was created as a package manager for Node.js. All npm packages are defined in files called package.json. npm can manage dependencies and install all the dependencies of a project in one command.

  • Fork the JFrog DevRel GitHub repository. Here you will find the JFrog npm challenge repository, containing the Go project.
  • Move to the project directory and run the build command:

    $ node helloworld.js

Step 3: Add repositories & artifacts

This step will walk you through creating a npm repository type and uploading your go project, allowing you to use Artifactory as your artifact repository. You can then follow the instructions to create other types of repositories, such as Maven, Go, and Docker.

  1. Navigate to the Administration Module. Expand the Repositories menu and click on the Repositories menu item.
  2. Create 3 new npm package type repositories:
    • Add a new Local Repository with the Repository Key “npm-challenge-local” and keep the rest of the default settings.
    • Click on the Remote tab and add a new Remote Repository with the Repository Key “npm-challenge-remote” and keep the rest of the default settings.
    • Click on the Virtual tab and add a new Virtual Repository with the Repository Key “npm-challenge”.
      • Add the local and remote npm repositories you just created.
  3. Configure JFrog CLI, a smart client that provides a simple interface that automates access to JFrog products simplifying our automation scripts.
  4. Take the following steps to build the project with npm and resolve the project dependencies from Artifactory.
    • Configure the project's npm repositories.

      $ jfrog rt npm-config
    • Build the project with npm and resolve the project dependencies from Artifactory.

      • Install the project while resolving the project dependencies from Artifactory.

        $jfrog rt npm-install --build-name=npm-challenge-build --build-number=1.0.0
      • Publish the npm Packages into Artifactory

        $ jfrog rt npm-install --build-name=npm-challenge-build --build-number=1.0.0


      • Collect environment variables and add them to the build info.

        $ jfrog rt bce npm-challenge-build 1.0.0


      • Publish the build-info to Artifactory.

        $ jfrog rt bp npm-challenge-build 1.0.0
  5. Navigate to the Application Module, in the Platform UI, expand the Artifactory menu and click the Artifacts menu item. Here you’ll be able to see the details of your new artifacts.

Step 4: Scan for OSS security vulnerabilities & compliance

This step will walk you through defining a Policy, assigning it to a Watch, selecting a repository to monitor, and running your scan!

  1. Navigate to the Administration Module. Click on the Xray Security & Compliance menu and the Indexed Resources menu item.
  2. Add your “npm-challenge-local”, “npm-challenge-remote” repositories to your indexed resources by clicking Add a Repository.
  3. Define a security policy that you will later enforce in a watch.
    • Navigate to the Application module, expand the Security & Compliance menu and click the Policies menu item.

    • Create a new policy called “npm-security”, of type Security, with a rule called “npm-all-severities” set with All Severities
  4. Define a watch that includes your new security policy. A watch provides context to a policy by assigning it to resources such as repositories.
    • Navigate to the Application module, expand the Security & Compliance menu and click the Watches menu item.
    • Create a new watch called “sample-watch”, with your 2 repositories (“npm-challenge-local” and “npm-challenge-remote”) and your “npm-security” policy assigned to it by clicking Manage Policies.

      Watches, Policies & Rules

      Policies allow us to define security and license compliance behaviors specific to your organization. Once they are defined, they are enforced by applying them to Watches. Rules define the behaviors that we want to enforce.

  5. Run your scan by hovering over your watch and clicking on Apply on Existing Content to manually trigger it.

    The Xray scan may take some time to complete and show the vulnerabilities results. You can return to this step later to see your vulnerabilities.

  6. View any discovered vulnerabilities by clicking on your watch.

Congratulations! You’re all set and ready to continue exploring the JFrog Platform.


Learn More

Now that you’re familiar with the basic functionality of the JFrog Platform and the solutions included in your subscription, here are some useful resources to continue learning and exploring the Platform.

Documentation Resources

Other Resources



  • No labels
Copyright © 2022 JFrog Ltd.