Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >





Overview

Starting from Xray version 3.54.0, Xray includes the Scans List page, which combines Xray scan details into a single screen and enables you to view details for repositories, builds, release bundles, and packages. For each of these items, you can drill down further to view the Report overview, Policy Violations, c omponents, and s ecurity issues.

In addition to the scan details, the Scans List page enables you to:

  • Search in all tables in a report
  • Filter attributes in all tables
  • View the versions list of each scan type
  • The Scans List page is available with Artifactory version 7.39.4 and above.
  • The Scans List page displays only those items that Xray has already indexed. The full list of both indexed and non-indexed resource scans is available through the Xray data tab in Artifactory. For more information, see Analyzing Resource Scan Results .
Page Contents


Viewing Scans List

To view the Scans List:

  1. Log in to the platform.
  2. Click the Application tab, and the Security & Compliance button.
  3. Click Scans List.
    The Scans List screen appears. From here, you can:
    • Navigate between various tabs and view Xray scan reports for Repositories (default), Builds, Release Bundles, and Packages.
    • Click any of the rows to view detailed information for each scan report.

Scan Results

On the scan details page, click any of the rows. The resulting page provides information about Violations, Security, and Components. To learn more about the information contained in each tab, see Analyzing Resource Scan Results.

The following sections describe the Xray Data sub tabs displaying the Packages resource as an example. 

Violations

Displays the violations detected on the package version based on the watches and associated policies set by the users. They are only reported for the root component, not for its dependencies. You can view the vulnerability severity, type and the associated policies.  To view a component and its dependencies, click the Component icon. In some cases, when violations are detected, as a security or legal personnel, you would like to accept or add some of these violations to an Allow List. For more information, see Ignore Rules.

Security Issues

Displays the known CVEs for the selected package version and the effected versions and fixed versions that do not contain the CVE.

Components

Displays the licenses assigned to a specific version and triggers violations in case it matches the criteria of any existing Watches. 

Searching and Filtering

For all the tabs, you have the option of searching and filtering scans list to quickly find specific items. For example, Repositories list can be filtered based on creation date and indexed artifacts.

Exporting Xray Data

For each item in the scans list, you have the option of exporting the Scan Results to CSV, PDF, and JSON formats. In addition, you can export the Xray data as an SBOM report using one of the two supported SBOM formats, SPDX and CycloneDX. The exported data will include full details for the selected component, including policy violations, CVEs, and more.

To export data:

  1. Hover over an item and click the Action icon.
    The Export Scan Data window appears.
  2. Click to select:
    • The relevant security data.
    • The export format.
  3. Click Export.

The file is downloaded to your local drive.

You can also automate exporting component details using the Export Component Details REST API endpoint.


REST API Support

The following REST APIs support the Scans List feature. 


  • No labels
Copyright © 2022 JFrog Ltd.