As you already know Maven and Gradle are build systems that provide built-in capability to resolve dependencies from configurable repositories. Both are able to cache dependencies locally and download them in parallel.
Move to the project directory and run the clean install command:
$ mvn clean install
Login using the credentials provided to you by email, or any other administrator user created after login.
This step will walk you through creating a Maven/Gradle repository type and uploading your project, allowing you to use Artifactory as your artifact repository. You can then follow the instructions to create other types of repositories, such as npm, Docker, and Go.
Configure the Artifactory server.
$ jf c add
Configure the project's repositories.
$ jf mvn-config
$ jf gradle-config
Build the project with resolve the project dependencies from Artifactory.
$ jf mvn clean install -f path/to/pom-file --build-name maven-challenge --build-number 1.0.0
$ jf gradle clean artifactoryPublish -b path/to/build.gradle --build-name gradle-challenge --build-number 1.0.0
Publish the build info to Artifactory.
$ jf rt bp maven-challenge 1.0.0
$ jf rt bp gradle-challenge 1.0.0
This step will walk you through defining a Policy, assigning it to a Watch, selecting a repository to monitor, and running your scan!
Create a new watch called “sample-watch”, with your 2 repositories (“maven/gradle-challenge-local” and “maven/gradle-challenge-remote”) and your “maven/gradle-security” policy assigned to it by clicking Manage Policies.
Policies allow us to define security and license compliance behaviors specific to your organization. Once they are defined, they are enforced by applying them to Watches. Rules define the behaviors that we want to enforce.
Run your scan by hovering over your watch and clicking on Apply on Existing Content to manually trigger it.
The Xray scan may take some time to complete and show the vulnerabilities results. You can return to this step later to see your vulnerabilities.
Now that you’re familiar with the basic functionality of the JFrog Platform and the solutions included in your subscription, here are some useful resources to continue learning and exploring the Platform.