Reputation: 5926
Malware scanning in JFrog Artifcatory
We plan to use generic package type for JFrog Artifcatory repository.
We are using Enterprise + which includes XRay as well.
Does Artifactory scans the files/artifacts uploaded for malware as well ?
AFAIK XRay works on certain package types and just checks if there is any vulnerability in the uploaded artifact.
Best Regards,
Saurav
Upvotes: 1
Views: 1095
Answers (1)
Reputation: 579
Yes Saurav your understanding is correct. Xray can check for vulnerabilities in artifacts that are uploaded to Artifactory. You can perform on demand scanning for identifying vulnerabilities in your artifacts without uploading to Artifactory too. Xray's functionality is to find out license vulnerabilities and security vulnerabilities. But Xray's functionality is not to identify the malware at this moment. Also, the supported packages for Xray are mentioned in this page.
Upvotes: 0
Related Questions
- JFrog Artifactory publish vs deploy
- What Jfrog Artifactories types (Docker, Helm, General) needed for Kuberentes cluster using Rancher?
- suggested workflow for artifactory and jenkins
- Deploy Jar Artifact from Bamboo to Artifactory
- Maintain folder structure jFrog Artifactory Deployer TFS plugin
- Retrieving latest version of artifact with custom repository layout
- Composing custom builds - JSON payload examples