From 3a9ab7dbe4ce2dc99244b6e932ecbbcac6b493d7 Mon Sep 17 00:00:00 2001 From: Chris Chinchilla Date: Fri, 31 Mar 2023 15:44:16 +0200 Subject: [PATCH 1/6] Reorganise content around new local scanning features --- scout/artifactory.md | 31 +++++++++++++++++++++---------- scout/index.md | 2 +- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/scout/artifactory.md b/scout/artifactory.md index c8181e192b..f66ece6cf2 100644 --- a/scout/artifactory.md +++ b/scout/artifactory.md @@ -20,13 +20,25 @@ title: Artifactory integration Integrating Docker Scout with JFrog Artifactory lets you run image analysis automatically on images in your Artifactory registries. -This integration is made possible by a monitoring agent. The agent is a +## Local scanning + +You can Artifactory images for vulnerabilities locally with Docker Desktop or the Docker CLI. You first need to authenticate with JFrog Artifactory using the `[Docker login](/engine/reference/commandline/login/)` command. For example: + +```bash +docker login {REPOSITORY_URL}.jfrog.io +``` + +You can find the credentials for your Artifactory repository by selecting it in the Artifactory UI and selecting the **Set Me Up** button. + +## Production scanning + +To automatically scan images and containers running in production environments you need to deploy the Docker Scout Artifactory agent. The agent is a standalone service that analyzes images and uploads the result to Docker Scout. You can view the results using the [Docker Scout web UI](https://dso.docker.com/){: target="\_blank" rel="noopener" }. -## How it works +### How the agent works The Docker Scout Artifactory agent is available as an [image on Docker Hub](https://hub.docker.com/r/docker/artifactory-agent){: @@ -43,10 +55,9 @@ SBOMs for all of its base images. The recorded SBOMs include both Operating System (OS)-level and application-level programs or dependencies that the image contains. -Additionally, the agent sends the following metadata about the image to Docker Scout to -record: +Additionally, the agent sends the following metadata about the image to Docker Scout: -- The source repository for the image +- The source repository URL and commit SHA for the image - Build instructions - Build date - Tags and digest @@ -59,11 +70,11 @@ itself, nor any data inside the image, such as code, binaries, and layer blobs. The agent doesn't detect and analyze pre-existing images. It only analyzes images that appear in the registry while the agent is running. -## Deploy the agent +### Deploy the agent This section describes the steps for deploying the Artifactory agent. -### Prerequisites +#### Prerequisites Before you deploy the agent, ensure that you meet the prerequisites: @@ -78,7 +89,7 @@ Before you deploy the agent, ensure that you meet the prerequisites: The agent supports all versions of JFrog Artifactory and JFrog Container Registry. -### Create the configuration file +#### Create the configuration file You configure the agent using a JSON file. The agent expects the configuration file to be in `/opt/artifactory-agent/data/config.json` on startup. @@ -132,7 +143,7 @@ The following snippet shows a sample configuration: Create a configuration file and save it somewhere on the server where you plan to run the agent. For example, `/var/opt/artifactory-agent/config.json`. -### Run the agent +#### Run the agent The following example shows how to run the Docker Scout Artifactory agent using `docker run`. This command creates a bind mount for the directory containing the @@ -153,7 +164,7 @@ $ docker run \ docker/artifactory-agent:v1 ``` -## View analysis results +### View analysis results You can view the image analysis results in the Docker Scout web UI. diff --git a/scout/index.md b/scout/index.md index 5e09fac984..9319fa39db 100644 --- a/scout/index.md +++ b/scout/index.md @@ -66,7 +66,7 @@ For more information, see ### Artifactory integration Users of JFrog Artifactory, or JFrog Container Registry, can integrate Docker -Scout to enable automatic analysis of images. For more information, see +Scout to enable automatic analysis of images locally and in production. For more information, see [Artifactory integration](./artifactory.md). ## Docker Scout CLI From 355c4a20a35b2d766ff898bbafe18c8785c1b165 Mon Sep 17 00:00:00 2001 From: Chris Chinchilla Date: Fri, 31 Mar 2023 16:05:20 +0200 Subject: [PATCH 2/6] Clarify terminology --- scout/artifactory.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scout/artifactory.md b/scout/artifactory.md index f66ece6cf2..86563e1395 100644 --- a/scout/artifactory.md +++ b/scout/artifactory.md @@ -20,19 +20,19 @@ title: Artifactory integration Integrating Docker Scout with JFrog Artifactory lets you run image analysis automatically on images in your Artifactory registries. -## Local scanning +## Local image analysis -You can Artifactory images for vulnerabilities locally with Docker Desktop or the Docker CLI. You first need to authenticate with JFrog Artifactory using the `[Docker login](/engine/reference/commandline/login/)` command. For example: +You can analyze Artifactory images for vulnerabilities locally using Docker Desktop or the Docker CLI. You first need to authenticate with JFrog Artifactory using the `[Docker login](/engine/reference/commandline/login/)` command. For example: ```bash docker login {REPOSITORY_URL}.jfrog.io ``` -You can find the credentials for your Artifactory repository by selecting it in the Artifactory UI and selecting the **Set Me Up** button. +You can find the credentials for your Artifactory repository by selecting it in the Artifactory UI and then the **Set Me Up** button. -## Production scanning +## Remote image analysis -To automatically scan images and containers running in production environments you need to deploy the Docker Scout Artifactory agent. The agent is a +To automatically analyze images and containers running in remote environments you need to deploy the Docker Scout Artifactory agent. The agent is a standalone service that analyzes images and uploads the result to Docker Scout. You can view the results using the [Docker Scout web UI](https://dso.docker.com/){: target="\_blank" rel="noopener" From 18ee2d71a3a288786cba736162e5bed671efa292 Mon Sep 17 00:00:00 2001 From: Chris Chinchilla Date: Fri, 31 Mar 2023 16:24:02 +0200 Subject: [PATCH 3/6] Update scout/artifactory.md --- scout/artifactory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scout/artifactory.md b/scout/artifactory.md index 86563e1395..363f6bc7e0 100644 --- a/scout/artifactory.md +++ b/scout/artifactory.md @@ -32,7 +32,7 @@ You can find the credentials for your Artifactory repository by selecting it in ## Remote image analysis -To automatically analyze images and containers running in remote environments you need to deploy the Docker Scout Artifactory agent. The agent is a +To automatically analyze images running in remote environments you need to deploy the Docker Scout Artifactory agent. The agent is a standalone service that analyzes images and uploads the result to Docker Scout. You can view the results using the [Docker Scout web UI](https://dso.docker.com/){: target="\_blank" rel="noopener" From edd0c1e4ba1a4e927417a67ad1c984183f7ef8a9 Mon Sep 17 00:00:00 2001 From: Chris Chinchilla Date: Fri, 31 Mar 2023 16:27:18 +0200 Subject: [PATCH 4/6] Update scout/index.md --- scout/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scout/index.md b/scout/index.md index 9319fa39db..54138f3162 100644 --- a/scout/index.md +++ b/scout/index.md @@ -66,7 +66,7 @@ For more information, see ### Artifactory integration Users of JFrog Artifactory, or JFrog Container Registry, can integrate Docker -Scout to enable automatic analysis of images locally and in production. For more information, see +Scout to enable automatic analysis of images locally and remotely. For more information, see [Artifactory integration](./artifactory.md). ## Docker Scout CLI From 0ae9f00960b89cab9ea41cccb0470091ab46bead Mon Sep 17 00:00:00 2001 From: Chris Chinchilla Date: Fri, 31 Mar 2023 16:36:20 +0200 Subject: [PATCH 5/6] Update scout/artifactory.md --- scout/artifactory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scout/artifactory.md b/scout/artifactory.md index 363f6bc7e0..88ac295495 100644 --- a/scout/artifactory.md +++ b/scout/artifactory.md @@ -25,7 +25,7 @@ automatically on images in your Artifactory registries. You can analyze Artifactory images for vulnerabilities locally using Docker Desktop or the Docker CLI. You first need to authenticate with JFrog Artifactory using the `[Docker login](/engine/reference/commandline/login/)` command. For example: ```bash -docker login {REPOSITORY_URL}.jfrog.io +docker login {URL} ``` You can find the credentials for your Artifactory repository by selecting it in the Artifactory UI and then the **Set Me Up** button. From bc8bc8d6177baa7ecc64f6b9f7dcb52b1886bb5a Mon Sep 17 00:00:00 2001 From: Chris Chinchilla Date: Fri, 31 Mar 2023 16:46:35 +0200 Subject: [PATCH 6/6] Reformat auth steps as a tip and make more specific --- scout/artifactory.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scout/artifactory.md b/scout/artifactory.md index 88ac295495..77c23e4108 100644 --- a/scout/artifactory.md +++ b/scout/artifactory.md @@ -28,7 +28,11 @@ You can analyze Artifactory images for vulnerabilities locally using Docker Desk docker login {URL} ``` -You can find the credentials for your Artifactory repository by selecting it in the Artifactory UI and then the **Set Me Up** button. +> **Tip** +> +> For cloud-hosted Artifactory you can find the credentials for your Artifactory repository by +> selecting it in the Artifactory UI and then the **Set Me Up** button. +{: .tip } ## Remote image analysis