OverviewThe JFrog Platform is a leading universal end-to-end DevOps platform for automating, managing, securing, distributing, orchestrating, monitoring, and optimizing your Cl/ CD pipeline. JFrog Platform provides tight integration with Azure DevOps through the JFrog Extension. In addition to managing efficient deployment of your artifacts to Artifactory, the extension lets you capture information about your build's resolved dependencies and deployed artifacts. Gain full traceability for your builds as the environment data associated with your build is automatically collected. The extension currently supports the following package managers: Maven, Gradle, Go, npm, NuGet, .NET Core, Pip and Conan. It also allows downloading and uploading generic files from and to Artifactory, and perform generic tasks on artifacts on Artifactory. JFrog Xray is an application security tool that integrates security directly into your DevOps workflows, enabling you to deliver trusted software releases faster. The extension supports triggering a scan on a published build in Artifactory, or auditing a local project from sources. JFrog Distribution is a centralized platform that lets you provision software release distribution. The JFrog Extension also allows managing Release Bundles and their distribution processes, including release content, and target destinations. Documentation and source codeThe full extension documentation is available here.
Generic artifacts handlingThe JFrog Generic Artifacts task allows performing generic actions on artifacts, such as:
Downloading generic build dependencies from ArtifactoryThe task supports downloading your build dependencies from Artifactory to the build agent. The downloaded dependencies are defined using File Specs and can be also configured to capture the build-info. It will store the downloaded files as dependencies in the build-info which can later be published to Artifactory using the JFrog Publish Build-Info task. Uploading generic build artifacts to ArtifactoryThe task also supports uploading your generated build artifacts from the build agent's local file system to Artifactory. The artifacts are defined using File Specs. The task can be also configured to capture build-info and stores the uploaded files as artifacts in the build-info. The captured build-info can be later published to Artifactory using the JFrog Publish Build-Info task. Setting / Deleting properties on files in ArtifactoryThe JFrog Generic Artifacts task also allows both setting and deleting properties on artifacts in Artifactory. Moving / Copying / Deleting artifacts in ArtifactorySame task also allows performing generic actions on artifacts in Artifactory. Triggering NuGet, .NET Core CLI, Maven, Gradle, npm, Go, Pip and Conan buildsThe extension adds the following tasks - JFrog NuGet, JFrog .NET Core, JFrog Maven, JFrog Gradle, JFrog npm, JFrog Go, JFrog Pip and JFrog Conan to support full build integration with Artifactory. All tasks allow resolving dependencies and deploying artifacts from and to Artifactory. These tasks can also be configured to capture build-info for the build. The captured build-info can be later published to Artifactory using the JFrog Publish Build-Info task.
Scanning builds with JFrog XrayThe JFrog Extension integrates with JFrog Xray, allowing you to have build artifacts scanned for vulnerabilities and other issues using the JFrog Build Scan task. If issues or vulnerabilities are found, you may choose to fail the build.
Auditing projects for security vulnerabilitiesUsing the JFrog Audit task, you can trigger a scan on your local project. The task will automatically detect the used package-manager to perform audit with integration with JFrog Xray. By default, the results will include all vulnerabilities found. You may however configure the task to show only violations configured in Xray. Pushing and Pulling Docker Images to and from ArtifactoryThe JFrog Docker task allows pushing and pulling docker images to and from a docker repository in Artifactory. The task can be also configured to capture build-info for the pushed or pulled image. In addition to details about the build and the build environment, the build info includes the image layers as build dependencies and build artifacts. Scanning Local Docker Images with JFrog XrayThe JFrog Docker task allows scanning local docker images using JFrog Xray. The scan results are displayed in the build log. By default, the results will include all vulnerabilities found. You may however configure the task to show only violations configured in Xray. Recording tracked issuesBeing able to look at the build which was published to Artifactory, and see all the tracked issues (from JIRA for example) associated with it, is one of the most powerful capabilities of Artifactory when it comes to managing metadata about builds. The JFrog Collect Issues task can automatically identify the issues handled in the current build, and record them as part of the build-info. Read more about this unique capability here. Publishing build-infoBuild-info captured in preceding tasks can be published to Artifactory using the JFrog Publish Build-Info task. The configured build name & number, and the optional project key, should match the ones specified when the build-info was captured. Promoting published buildsArtifactory supports promoting published builds from one repository to another, to support the artifacts life-cycle. The JFrog Promotion task promotes a build, by either copying or moving the build artifacts and/or dependencies to a target repository. This task can be added as part of a Release pipeline, to support the release process. Discarding published buildsThe JFrog Discard Builds task is used to discard previously published builds from Artifactory. Builds are discarded according to the retention parameters configured in the task. Executing JFrog CLI commandsThe JFrog CLI V2 task allows executing JFrog CLI commands, while using the pre-configured connection details of JFrog Platform, stored in Azure DevOps. Accessing the Build-InfoYou can access the build-info from the Build Results in Azure DevOps, if your build pipeline has published the build-info to Artifactory.
Releasing published buildsThe JFrog Publish Build-Info task allows publishing builds to Artifactory. By choosing Artifactory as an artifacts source in a Release, you can select a published build, to make its artifacts available for the release. Managing binaries distributionThe JFrog Distribution task allows managing release bundles. The task provides the capability to create, update, sign, distribute or delete release bundles from JFrog Distribution. Behind the scenesMost tasks trigger the JFrog CLI to perform the requested actions. The extension handles downloading and caching the JFrog CLI, which is done once per pipeline. You can configure the used JFrog CLI version, and configure to download it from your Artifactory instance using the JFrog Tools Installer task. |