We are having AzureCR as our container registry and our Azure Devops build pipelines having docker image build and push tasks to create various application specific custom images over the dockerhubs base images.
We need to have all these custom images and the dockerhub- base public images scanned using the Jfrog Xray before the custom images pushed to the ACR and other deployment taks.
How the Jfrog xray tool can be integrated with Azure Pipeline yaml file to scan the newly built custom images just after the maven build & docker image build tasks and before the image push to ACR .
Is there any way to integrate Azure Devops and jfrog Xray together to scan these custom images as part of Azure Pipeline build just before the push to ACR ?
Tried pipeline
parameters:
imageName: ''
includeLatestTag: false
buildContext: '$(System.DefaultWorkingDirectory)/release/target/docker'
publishDocker: ''
steps:
- task: Docker@1
inputs:
azureSubscriptionEndpoint: 'mysub'
azureContainerRegistry: $(containerRegistry)
command: build
includeLatestTag: ${{ parameters.includeLatestTag }}
dockerFile: '${{ parameters.buildContext }}/Dockerfile'
useDefaultContext: false
buildContext: ${{ parameters.buildContext }}
imageName: ${{ parameters.imageName }}
arguments: $(buildArgs)
name: Build_Docker_Image
displayName: 'Build Docker image'
- task: JFrogDocker@1
inputs:
command: 'Scan'
xrayConnection: 'jfrog xray token'
watchesSource: 'none'
licenses: true
allowFailBuild: true
threads: '3'
skipLogin: false
- task: Docker@1
inputs:
azureSubscriptionEndpoint: 'mysub'
azureContainerRegistry: $(containerRegistry)
command: push
includeLatestTag: ${{ parameters.includeLatestTag }}
dockerFile: '${{ parameters.buildContext }}/Dockerfile'
useDefaultContext: false
buildContext: ${{ parameters.buildContext }}
imageName: ${{ parameters.imageName }}
name: Push_Docker_Image
displayName: 'Push Docker image'
I tried to add the below task in between Dicker image build and push tasks . But not getting any option scan them . Any guidance?
The new JFrog extension, JFrog Azure DevOps Extension, has the JFrog Docker task that allows scanning local docker images (as well as pulling and pushing them from/to Artifactory).