Xray CLI scan
About this plugin
This plugin provides an easy way for getting security issue and licenses about your project dependencies.
Installation with JFrog CLI
Since this plugin is currently not included in JFrog CLI Plugins Registry, it needs to be built and installed manually. Follow these steps to install and use this plugin with JFrog CLI.
- Make sure JFrog CLI is installed on you machine by running
jfrog
. If it is not installed, install it. - Create a directory named
plugins
under~/.jfrog/
if it does not exist already. - Clone this repository.
- CD into the root directory of the cloned project.
- Run
make build-install
to create the binary in the current directory.
Usage
Commands
There is 2 way for using xray scan :
- Standard input : you redirect the output of "mvnw dependency:list" or "go list -m" to the scan like this
mvn dependency:list | jfrog xray-scan scan
go list -m all | jfrog xray-scan scan
This will display a summary of the vulnerabilities (high/medium/low) and license for all the dependencies found.
- "--component" flag : you will search for vulnerabilities and license for a single component
jfrog xray-scan scan --component "golang.org/x/net v1.8.2"
Environment variables
Additional info
None.
Release Notes
The release notes are available here.