JFrog Artifactory Private Registry
Follow the steps below to add a JFrog Artifactory Private registry to scan JFrog Artifactory repositories. The sensor uses the Artifactory Native API with AQL (Artifactory Query Language) for the listing phase of the registry scan to collect image metadata information for the repository provided in the registry scan schedule.
AQL Query
The AQL query used by the sensor has the following values:
- Primary Domain: "items"
- Search Criteria: "repo", "path" and "name"
- Include fields: "repo", "path" and "modified"
If you are using JFrog Artifactory Private Registry and you want to scan an image from a remote repository, you need to add the full repository path with "-cache". When images are pulled from the remote repository REMOTE_REPO, it creates a new repository under the artifactory REMOTE_REPO-cache, and images are cached under this cache repo.
In AQL statements, to search for images, you need to use the cache repository name REMOTE_REPO-cache. Whereas to pull an image or login, you need to use the actual repository name REMOTE_REPO.
For example, if the actual repository name is csqualys, you need to use the repository name as csqualys-cache.
Add JFrog Artifactory Private Registry
Follow these steps to add your registry:
- Download the Registry sensor (Sensor version 1.11 or later).
- Go to Configurations > Sensors > Download Sensor and select Registry.
- Select the environment where you want to deploy the sensor and follow the installation instructions on the screen.
- Ensure the registry sensor is in Running state and continue to the next step.
- Go to Assets > Registries and click New Registry to add your registry and set up a scanning schedule.
- Under Registry Information, provide the following details:
- Registry Type: Choose registry type JFrog Artifactory Private.
- URL: Enter the registry URL.
- Access Method: Choose Path for direct access to Docker registries or Sub Domain for access to Docker registries through a reverse proxy.
- Service Context: Enter the service context value configured as part of the Base URL for reverse proxy configuration.
- Authentication: You can authenticate using account credentials or an access token.
You can generate the access token on the JFrog platform and use it here for the authentication. For more information about access tokens, see JFrog Official Documentation: Access Tokens.
- It is recommended to generate a never-expiring token.
- If your token has expired, the authentication fails an error message.
-
After adding the registry information, click Next to specify scan settings. Similar to other registry types, you can choose to scan immediately (On Demand) or on a recurring basis (Automatic).
For information about scan settings, see Configure Scan Settings.