Scanning Workspaces with JFrog Xray
Integrating JFrog Xray with Coder Kubernetes Workspaces
March 17, 2024This guide describes the process of integrating JFrog Xray to Coder Kubernetes-backed workspaces using Coder's JFrog Xray Integration.
Prerequisites
- A self-hosted JFrog Platform instance.
- Kubernetes workspaces running on Coder.
Deploy the Coder - JFrog Xray Integration
-
Create a JFrog Platform Access Token with a user that has the
readpermission for the repositories you want to scan. -
Create Kubernetes secrets for the JFrog Xray and Coder tokens.
kubectl create secret generic coder-token \ --from-literal=coder-token=''kubectl create secret generic jfrog-token \ --from-literal=user='' \ --from-literal=token='' -
Deploy the Coder - JFrog Xray integration.
helm repo add coder-xray https://helm.coder.com/coder-xrayhelm upgrade --install coder-xray coder-xray/coder-xray \ --namespace coder-xray \ --create-namespace \ --set namespace="" \ --set coder.url="https://" \ --set coder.secretName="coder-token" \ --set artifactory.url="https://" \ --set artifactory.secretName="jfrog-token"
> [!IMPORTANT]
> To authenticate with the Artifactory registry, you may need to
> create a Docker config and use it in the
> imagePullSecrets field of the Kubernetes Pod.
> See the Defining ImagePullSecrets for Coder workspaces guide for more information.
Validate your installation
Once installed, configured workspaces will now have a banner appear on any workspace with vulnerabilities reported by JFrog Xray.