How the Artifactory Integration Plugin Works

Owned by Ray O'Meara (Unlicensed)
Last updated: Nov 09, 2023 by Jason Fisher
1 min read

The plugin incorporates Black Duck scan intelligence in JFrog Artifactory to scan local repositories and apply policies defined in Black Duck.

Architecture

The architectural approach for Artifactory Integration has a focus on fully-hosted deployments as seen in the following diargram.

Artifactory Integration Architecture

Operation

The Artifactory Integration periodically checks the repositories configured for artifacts that have not yet been scanned, have been updated since the last successful scan, or previously had scan errors and compiles a list.

Files are sent to your hosted Black Duck instance to be scanned and evaluated against policies defined in Black Duck. The Artifactory Integration polls your Black Duck instance for results and, when available, annotates the artifact with results including, but not limited to:

  • Scan result (success/failure).

  • URL to the scan results on the Black Duck instance.

  • Names of any policies that were found to be violated.

Additionally, the ability to block downloads of artifacts found in violation of Black Duck policies can be configured per repository.

Before you can use the Artifactory Integration plugin in Artifactory, you must install and configure the plugin, and have an API key for the plugin to use Black Duck.

 

 

©2023 Synopsys, Inc. All Rights Reserved