How to setup the JFrog Artifactory Integration

February 5, 2017

Video Transcript


Today I’d like to show you how you can leverage WhiteSource integration with JFrog Artifactory to block open source components not meeting your company’s policies from entering your repository.

This additional capability of automatically enforcing security, license and quality policies on your repository can help your engineering, DevOps and security teams to better control their open source usage.

Once you’ll integrate the two environments, every time you deploy a new artifact or run a cron based job, JFrog will pull information on all your open source components from the WhiteSource database automatically.

Just click on each artifact’s property tab to see the open source license, security vulnerabilities, including CVE number and severity and a brief description with relevant links provided by WhiteSource. You can also see whether the artifact is rejected by one of your WhiteSource policies

To automate policies enforcement on your repository, we recommend your team to set up a Quarantine Repository in your Artifactory. Once defined, all artifacts rejected by your policies will be moved to that repository, making sure your team does not use artifacts that don’t fit with your organizational policies.

Your DevOps or Engineering team can then go over all quarantine artifacts and selectively decide which components can be ‘unquarantined’ and which should be remained blocked.

Thanks for watchin g!

Previous Article
Back to Heartbleed. Three Years Later.
Back to Heartbleed. Three Years Later.

New Year’s Eve. The tangible electricity in the air. The unbridled optimism of a full year of new possibili...

Next Article
Getting Jiggy With the Open Source Community
Getting Jiggy With the Open Source Community

Open source has long become an integral part of how software teams build software, but still, the majority ...

Our Open Source Security Annual Report

Read More