Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat: add JFrog Xray vulnerability scanning module #410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

feat: add JFrog Xray vulnerability scanning module #410

wants to merge 7 commits into from

Conversation

blink-so[bot]
Copy link
Contributor

@blink-so blink-so bot commented Sep 4, 2025

This PR adds a new Terraform module that integrates JFrog Xray vulnerability scanning results into Coder workspace metadata.

Features

  • Fetches vulnerability scan results from JFrog Xray
  • Displays vulnerability counts (Critical, High, Medium, Low) on workspace page
  • Supports flexible image path formats
  • Works with any workspace type using container images
  • Provides secure token handling

Usage

module "jfrog_xray" {
  source      = "registry.coder.com/modules/jfrog-xray/coder"
  version     = "1.0.0"
  
  resource_id = docker_container.workspace.id
  xray_url    = "https://example.jfrog.io/xray"
  xray_token  = var.jfrog_access_token
  image       = "docker-local/codercom/enterprise-base:latest"
}

Related Issues

Tested with basic Terraform validation. Full integration testing requires live JFrog instance.

blink-so bot and others added 3 commits September 4, 2025 07:08
@blink-so @matifali
feat: add JFrog Xray vulnerability scanning module
132b900 
Adds a Terraform module that integrates JFrog Xray vulnerability scanning
results into Coder workspace metadata. The module:

- Fetches vulnerability scan results from JFrog Xray
- Displays vulnerability counts (Critical, High, Medium, Low) on workspace page
- Supports flexible image path formats
- Works with any workspace type using container images
- Provides secure token handling

Resolves coder/coder#12838 and addresses #65

Co-authored-by: matifali <[email protected]>
@blink-so
fix: format code with prettier and terraform fmt
c715cf1 
Fixes CI formatting checks for the JFrog Xray module.
@blink-so
fix: add required Terraform code block to README
1beb3bb 
Adds the required Terraform usage example immediately after the h1 heading
to satisfy the README validation requirements.
@blink-so blink-so bot mentioned this pull request Sep 4, 2025
Draft
blink-so bot added 4 commits September 4, 2025 07:15
@blink-so
fix: format README with prettier
caef723 
Fixes remaining formatting issues in the README file.
@blink-so
fix: remove unsupported check_license argument from xray provider
a72c36e 
The check_license argument is not supported by the JFrog Xray Terraform
provider, causing test failures. Removing this argument fixes the
Terraform validation.
@blink-so
fix: handle null xray scan results with try() function
fdc83a3 
Adds proper null handling for cases where xray scan results are null,
which was causing Terraform validation failures. Uses try() function
to gracefully handle null values and provide default vulnerability counts.
@blink-so
fix: remove trailing whitespace in terraform file
43a49cb 
Fixes terraform formatting issue identified by CI checks.
@matifali matifali requested a review from jatcod3r September 4, 2025 14:51
@matifali
Copy link
Member

matifali commented Sep 4, 2025

@jatcod3r can you help me test this if you have s setup ready?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jatcod3r jatcod3r Awaiting requested review from jatcod3r

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

JFrog Xray integration
1 participant
@matifali