stackoom
  简体   繁体   中英

JFROG XRay re-scan of existing artifacts

 原文  2018-02-05 16:09:51       artifactory/ jfrog-xray

Question

I use JFrog XRay v1.10.1 with Artifactory v5.2.1 (both PRO versions).

I cannot found in the XRay documentation (and Google) how XRay automatically re-scan artifacts that have not changed in Artifactory when the vulnerabilities database is updated.

What is the re-scan policy followed by XRay ?

Thanks in advance :)

1 answers

solution1
 1 ACCPTED  2018-02-11 09:14:17

Xray keeps a graph of all the scanned component and the relationships between them, for example if a certain Java library is part of a war file.
When a new vulnerability is added to the database, Xray will check if the effected component appears in the dependency graph and if so will check how it impact the rest of the graph. For example if a debian package inside a Docker image is found to be effected Xray will also mark the Docker image as impacted. This is called impact analysis in the Xray terminology.
This is explained in the documentation in the watches section.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can JFrog Xray scan only Maven artifact? JFrog Xray integration with existing instance of Artifactory Can we fail build in jenkins after jfrog xray-scan? How to scan docker image using JFrog XRay from Openshift pipeline Does JFrog Xray scan package.json dependencies for vulnerable packages? Custom Reports in JFrog Xray? Integrating with JFrog XRay JFrog xray ancestor for docker Uploading artifacts to JFrog Artifactory JFrog artifactory + xray docker compose installation is failing
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM