Overview

Start Working with the JFrog Platform

The purpose of this guide is to easily get you started with your JFrog cloud or self-hosted  instance. Going through the steps below will introduce you to some of the basic functionality of the JFrog Platform and these JFrog solutions that are included with your subscription:

This guide is customized for Maven and Gradle users.

Be sure to follow the guide and use the default names provided.

Before You Start

Here’s what you’ll need:


Step 1: Build and Run your Maven or Gradle Project

As you already know Maven and Gradle are build systems that provide built-in capability to resolve dependencies from configurable repositories. Both are able to cache dependencies locally and download them in parallel.

  1. Fork the JFrog DevRel GitHub repository. Here you will find the JFrog Gradle and Maven challenge repositories, containing the Maven and Gradle projects.
  2. Move to the project directory and run the clean install command:

    $ mvn clean install

Step 2: Login to Your Environment

Login using the credentials provided to you by email, or any other administrator user created after login.

Step 3: Add Repositories and Artifacts

This step will walk you through creating a Maven/Gradle repository type and uploading your project, allowing you to use Artifactory as your artifact repository. You can then follow the instructions to create other types of repositories, such as npm, Docker, and Go.

  1. Navigate to the Administration Module. Expand the Repositories menu and click on the Repositories menu item.
  2. Create 3 new Maven/Gradle package type repositories:
    1. Add a new Local Repository with the Repository Key “maven-challenge-local” or “gradle-challenge-local” and keep the rest of the default settings.
    2. Click on the Remote tab and add a new Remote Repository with the Repository Key “maven-challenge-remote” or “gradle-challenge-remote” and keep the rest of the default settings.
    3. Click on the Virtual tab and add a new Virtual Repository with the Repository Key “maven-challenge” or “gradle-challenge”.
      1. Add the local and remote Maven/Gradle repositories you just created.
  3. Configure JFrog CLI, a smart client that provides a simple interface that automates access to JFrog products simplifying our automation scripts.
    1. Configure the Artifactory server.

      $ jf c add


  4. Take the following steps to build the project with Maven/Gradle and resolve the project dependencies from Artifactory.
    1. Move to the root project directory (cd Maven_Challenge or Gradle_Challenge directory)
    2. Configure the project's repositories.

      $ jf mvn-config

      or

      $ jf gradle-config
    3. Build the project with resolve the project dependencies from Artifactory.

      $ jf mvn clean install -f path/to/pom-file --build-name maven-challenge --build-number 1.0.0

      or

      $ jf gradle clean artifactoryPublish -b path/to/build.gradle  --build-name gradle-challenge --build-number 1.0.0
    4. Publish the build info to Artifactory.

      $ jf rt bp maven-challenge 1.0.0

      or

      $ jf rt bp gradle-challenge 1.0.0
  5. Navigate to the Application Module, in the Platform UI, expand the Artifactory menu and click the Artifacts menu item. Here you’ll be able to see the details of your new artifacts.



Step 4: Scan for OSS Security Vulnerabilities and Compliance

This step will walk you through defining a Policy, assigning it to a Watch, selecting a repository to monitor, and running your scan!

  1. Navigate to the Administration Module. Click on the Xray Security & Compliance menu and the Indexed Resources menu item.
  2. Add your “maven/gradle-challenge-local”, “maven/gradle-challenge-remote” repositories to your indexed resources by clicking Add a Repository.

  3. Define a security policy that you will later enforce in a watch.
    1. Navigate to the Application module, expand the Security & Compliance menu and click the Policies menu item.

    2. Create a new policy called “maven/gradle-security”, of type Security, with a rule called “maven/gradle-high-severities” set with High-Severities
  4. Define a watch that includes your new security policy. A watch provides context to a policy by assigning it to resources such as repositories.
    1. Navigate to the Application module, expand the Security & Compliance menu and click the Watches menu item.
    2. Create a new watch called “sample-watch”, with your 2 repositories (“maven/gradle-challenge-local” and “maven/gradle-challenge-remote”) and your “maven/gradle-security” policy assigned to it by clicking Manage Policies.

      Policies allow us to define security and license compliance behaviors specific to your organization. Once they are defined, they are enforced by applying them to Watches. Rules define the behaviors that we want to enforce.

  5. Run your scan by hovering over your watch and clicking on Apply on Existing Content to manually trigger it.

    The Xray scan may take some time to complete and show the vulnerabilities results. You can return to this step later to see your vulnerabilities.

  6. View any discovered vulnerabilities by clicking on your watch.

Congratulations! You’re all set and ready to continue exploring the JFrog Platform.


Learn More

Now that you’re familiar with the basic functionality of the JFrog Platform and the solutions included in your subscription, here are some useful resources to continue learning and exploring the Platform.

Documentation Resources

Other Resources