Scan Published Builds

Scanning Published Builds

JFrog CLI is integrated with JFrog Xray and JFrog Artifactory, allowing you to have your build artifacts and dependencies scanned for vulnerabilities and license violations. Please notice that the build in the below example had already been published to Artifactory using the build-publish command.

Commands Params

Command name




Command options:


[Optional] Server ID configured by the jf c add command. If not specified, the default configured server is used.


[Optional] Set if you'd like to receive all vulnerabilities, regardless of the policy configured in Xray.


[Default: true] When using one of the flags --watches, --project or --repo-path and a Fail build rule is matched the command will return exit code 3. Set to false if you'd like to see violations with exit code 0.


[Default: table] Defines the output format of the command. The accepted values are: table and json.


[Optional] JFrog project key


[Default: false] Set to true when scanning an already successfully scanned build, for example after adding an ignore rule.

Command arguments:

The command accepts two arguments.

Build name

Build name to be scanned.

Build number

Build number to be scanned.


Scan build number 18, corresponding to the following build name: 'my-build-name'.

jf bs my-build-name 18

Last updated

© 2024 JFrog Ltd All Rights Reserved