Scan Published Builds
Scanning Published Builds
JFrog CLI is integrated with JFrog Xray and JFrog Artifactory, allowing you to have your build artifacts and dependencies scanned for vulnerabilities and license violations. Please notice that the build in the below example had already been published to Artifactory using the build-publish command.
Commands Params
Command name | build-scan |
Abbreviation | bs |
Command options | |
--server-id | [Optional] Server ID configured by the jf c add command. If not specified, the default configured server is used. |
--vuln | [Optional] Set if you'd like to receive all vulnerabilities, regardless of the policy configured in Xray. |
--fail | [Default: true] When using one of the flags --watches, --project or --repo-path and a Fail build rule is matched the command will return exit code 3. Set to false if you'd like to see violations with exit code 0. |
--format | [Default: table] Defines the output format of the command. The accepted values are: table and json. |
--project | [Optional] JFrog project key |
--rescan | [Default: false] Set to true when scanning an already successfully scanned build, for example after adding an ignore rule. |
Command arguments | The command accepts two arguments. |
Build name | Build name to be scanned. |
Build number | Build number to be scanned. |
Example
Scan build number 18, corresponding to the following build name: 'my-build-name'.
Last updated