The trend of#DevSecOps is growing fast and it is no longer just part of your security team. More and more organizations wish to integrate their security team in all the phases of development and operations. To achieve it, there are cases where you need to export data from JFrog Xray (in our case to a CSV format) so you can ingest it to your current logging/monitoring system.
In a nutshell, JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to more trust in your software.
By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.
One of the best parts is that JFrog Xray is also fully automated through a rich REST API. We will use it to create this Exporter. Please feel free to clone/fork the code below and use it, but remember you might need to add pagination and a watchdog for a real system.
🐸 You can run it with this Docker Image as well. It’s just one line:
docker run -v /tmp/xray-csv/:/home/node/app/xray-csv --env-file .env -p 80:8080 -d greenido/jfrog-xray-exporter-csv
All you need is to make sure that /tmp/xray-csv/ is a valid direction on your machine as this is the place the CSV files will be stored.
You need to fill the .env file with the following fields:
BASE_URL=ip-address:port/xray XRAY_USER=Your-user XRAY_PASS=the-password EXPORTER_PORT=8080 # Query params MIN_SEVERITY=Low VIO_LIMIT=2500