This integration is between JFrog Artifactory and Xray and Slack.
We know that software development happens in a myriad of collaboration environments. Today, there are key events throughout the JFrog Platform that can be difficult for a user to interact with if they aren't logged into the platform. When it comes to people across the organization knowing what’s going on, this Slack integration provides users real-time information about Artifactory and Xray events. This will give each user situational awareness about occurrences in the JFrog Platform. Additionally, where appropriate - they will have links and action buttons to follow-up on the event.
- This integration allows you the ability to see Artifact, Artifact Properties, Docker Tag, and Build events through notifications and actionable UI cards inside Slack.
- You can send these notifications to multiple channels.
- Additionally, you can get vulnerability and license compliance notification based on policies setup in JFrog Xray and take actions. Here is an example of a security violation and adding an ignore rule to snooze the notification (happens in Slack and in the JFrog Platform):
If you need help with this integration, please contact [email protected]
If you do not already have Slack, download it now (for Windows or for Mac).
Next, Install the JFrog Slack Application using this link.
Make sure your organization has the latest cloud instance of Artifactory. If not, please upgrade or you can signup for a free cloud instance at: https://jfrog.com/start-free/.
You can scroll down to see the Requirements for using this integration.
Once you’ve installed the JFrog Slack Application from the Slack Store, you must connect the application to your JFrog Platform Deployment (or JPD) instance.
First, login to the JFrog platform. You must be an admin to access your credentials.
A) If you are an JFrog Platform paid user, go to General tab and look for Applications. From there, you can add a new application.
Then click on Next, Generate your ID and Secret..
B) If you are using the free version of the JFrog Platform, go to the Administration section and then click on Security. Next, scroll down and click on Integrations.
Then click on + New Client Integration. Provide it a name and then from the dropdown under Application, select JFrog Collaboration Integration.
Then click on Next, Generate your ID and Secret..
When you have your Integration ID and Secret, copy and paste these items into the Slack modal window.
Last, copy and paste your JFrog Platform URL (found at the top of your browser window) into the Slack modal window where it says JFrog URL.
Hit Save and look for the success message! Great, you have now connected your organization’s JFrog account to the Slack app.
Next, login to your JFrog account on the Slack app.
Once you see the confirmation message, you can create new notifications and add them to Slack channels.
We expect you to have Slack channels already setup - how you want to organize notifications to different Slack channels is up to your organization.
Once logged in with Admin privileges, you can start creating notifications.
Hit Create Notification to bring up the list of options.
Select which type notification you would like to create from the drop-down menu.
On the next screen, name the notification and select which events you would like to include in the notification, and which repos should be included.
You select a channel to send the notifications to. Hit Next.
On the next screen, you may see options for your notification. For example, for build notifications, you can select any build or find an existing build (in your JFrog Platform Deployment) by name or pattern.
Once you hit Next, you should see a success message.
Once you have setup notifications, you should start seeing the notification cards in the channel within about 20 minutes. If you do not see notifications working, first type /jfrog rt list to bring up the list of active notifications.
If you see nothing on the notification list, please try again or contact support.
The Slack app supports sending notifications to private channel. Select the private channel during the create new notification process and notifications will be routed to that channel.
Important: In order to send notifications to private channel, the Slack app must be added to the private channel separately. You can do this by going into the channel's info modal, then select "Integrations" tab. Click on "Add an App" button and add "JFrog Artifactory and Xray" app. This needs to be done on each and every private channels you wish the Slack app sends notifications to.
The Slack app supports sending notifications to individuals. Select the direct message channel or multi-person direct message channel during the create new notification process and notifications will be routed to that chat.
Important: In order to send notifications to multiple individuals, the Slack app must be added to the chat separately. You can do this by creating a group conversation between the Slack app and the individuals. This needs to be done on each and every multi-person direct message channel you wish the Slack app sends notifications to.
If you want the Slack app's bot user to start a 1:1 conversation with you in the workspace, start by creating a conversation between the Slack app and yourself. Resultant messages will start appearing in the "Messages" tab of the Slack App.
All notifications are based on webhook events in the JFrog Platform. The currently supported notifications include:
| Type | Events |
|---|---|
| Artifact | deployed, deleted, moved, copied |
| Artifact Properties | added, deleted |
| Docker Tag | pushed, deleted, promoted |
| Builds | uploaded, deleted, promoted |
| Release Bundles (Enterprise+) | created, signed, deleted |
| Distribution (Enterprise+) | stared, completed, aborted, failed, deletion started, deletion failed, deletion completed |
| Type | Description |
|---|---|
| Security Violations by CVE | This sends individual notification cards for each CVE or issue |
| Security Violations by Component (Summary view) | This provides a summary of all CVEs and severities by component |
| License Compliance | This sends individual notification cards for each license compliance issue |
JFrog Xray notifications are special in that only repositories that are being actively watched in Xray and have a policy setup will generate notification events. To learn more about how Xray policies and watch work, click here.
If you already have policies and watches setup in Xray, you can create notifications in the Slack app.
Hit Create Notification.
Give the Notification a name, which policy it is coming from, which channel to send the notification to, and whether you would like the security violation to send you information by individual CVE or send a grouped notification by Component (Summary).
Example - by CVE:
Example - by Component:
All notifications can be paused, which removes them from being active in Slack channels, but not does not delete the underlying webhook so they can be added again.
The delete notification button deletes the entire notification from Slack as well as the underlying webhook in the JFrog Platform.
Right under the text input area in Slack, you will see a lightning bolt symbol. Clicking on it brings up a list of 5 shortcuts that you can also use to create notifications and view lists. These shortcuts are:
Create Notifications
List XR Notifications
List RT Notifications
List Policies
List Watches
Outside the UI elements, you can also interact with our application using commands in the Slack chat area. The commands we currently support are:
/jfrog help - Show help content
/jfrog configure - Connects to your JFrog Instance and asks for JFrog URL, Integration ID, and Integration secret
/jfrog logout - Log out from the JFrog Platform with this Slack app
/jfrog rt notify list - Provides a list of current notifications subscribed to by the personal or channel
/jfrog rt notify stop {notification name} - Pauses subscription to the specified notification
/jfrog rt notify resume {notification name} - Resumes subscription to the specified notification
/jfrog xr notify list - Provides a list of current xray notifications subscribed to by the personal or channel bot context
/jfrog xr watch list - Provides a list of current watches (that user can has read access to) with a micro action to subscribe the bot to the notification
/jfrog xr policy list - Provides a list of current policies with a micro action to open JFrog Platform.
To use the Slack integration with an on-premise JFrog installation, you need to enable the "Manage Integrations" section under "Settings -> General" by following these steps:
- Update the Artifactory system configuration and edit
system.yamlin/opt/jfrog/artifactory/var/etc/. See Artifactory System YAML for more details.
shared:
featureToggler:
accessIntegration: true- Update the Access yaml configuration and create a new file (if not already exists) called
access.config.patch.ymlin/opt/jfrog/artifactory/var/etc/access/. See Access YAML Configuration for more details.
integrations-enabled: true
integration-templates:
- id: "1"
name: "JFrog Collaboration Integration"
redirect-uri: "https://saas-connector.jfrog.io/v1/oauth2/login/redirect"
scope: "applied-permissions/user" 3. Restart the platform after saving the files
The network port 8082 will need to be exposed to the external network. See JFrog System Requirements for more information. Then when configuring the JPD in the Slack app, include the network port with the JPD url, e.g. https://example.com:8082
- Your organization has an instance of Artifactory. You can signup for a free instance at: https://jfrog.com/start-free/
- You must be a user with Admin permissions to authenticate your organization’s Slack app with your JFrog Platform Deployment (JPD).
- You must be a user with Admin permissions to create the initial notifications for Artifactory and Xray. Once created, any team member can add existing notifications to new Slack channels.
- Your organization must already have setup policies and watches prior to getting Xray notifications in Slack. Learn how to setup watches and policies in Xray.
You can also click here for a list of FAQ's.