JFROG XRay 重新扫描现有工件
[英]JFROG XRay re-scan of existing artifacts
问题描述
I use JFrog XRay v1.10.1 with Artifactory v5.2.1 (both PRO versions).
我使用 JFrog XRay v1.10.1和Artifactory v5.2.1 (两个 PRO 版本)。
I cannot found in the XRay documentation (and Google) how XRay automatically re-scan artifacts that have not changed in Artifactory when the vulnerabilities database is updated.我在 XRay 文档(和 Google)中找不到 XRay 如何在更新漏洞数据库时自动重新扫描 Artifactory 中未更改的工件。
What is the re-scan policy followed by XRay ? XRay 遵循的重新扫描策略是什么?
Thanks in advance :)提前致谢 :)
1 个解决方案
解决方案1
1 已采纳 2018-02-11 09:14:17
Xray keeps a graph of all the scanned component and the relationships between them, for example if a certain Java library is part of a war file. Xray 保留所有扫描组件的图表以及它们之间的关系,例如某个 Java 库是否是 war 文件的一部分。
When a new vulnerability is added to the database, Xray will check if the effected component appears in the dependency graph and if so will check how it impact the rest of the graph.当一个新的漏洞被添加到数据库中时,Xray 将检查受影响的组件是否出现在依赖图中,如果出现,将检查它如何影响图的其余部分。 For example if a debian package inside a Docker image is found to be effected Xray will also mark the Docker image as impacted.例如,如果发现 Docker 镜像中的 debian 包受到影响,Xray 也会将 Docker 镜像标记为受到影响。 This is called impact analysis in the Xray terminology.这在 X 射线术语中称为影响分析。
This is explained in the documentation in the watches section.这在手表部分的文档中进行了解释。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.