JFrog

    Cloud customer?
    Start for Free>
    Upgrade in MyJFrog >
    What's New in Cloud >






    Skip to end of metadata
    Go to start of metadata

    You are viewing an old version of this page. View thecurrent version.

    Compare with CurrentView Page History

    « PreviousVersion 34Next »

    Overview

    Xray scanning requires Artifactory Pro X, Enterprise with Xray, or an Enterprise+ license.

    You can review and manage all the violations generated by a Watch under a central location within the Violations tab on an ongoing basis. In addition to the Xray Data that is displayed on each of the resource levels.

    You can perform the following:

    Page Contents

    Viewing Violations

    The Violations tab in a Watch is the central location for viewing the detected violations based on the policies and rules you have predefined on the Watch. You can view the list of the violations, search for violations according to filters, set ignore rules and edit the Watch in the Settings tab.

    1. In theApplicationmodule, underSecurity & Compliance,clickWatches.
    2. Select the requiredWatchand click theViolationstab to view the violations.

    Viewing Violation Details

    Click on a specific watch from the main Watch module page to examine all of its defined violations. You can filter the watch violations using the search mechanism, according to text, created date, type, severity and CVE ID.

    检查违反的细节,按k the violation from the list to display the Violation Details popup.


    Searching for Violations

    You can search for specific violations according the text, minimum severity level, CVE number and Policy Type - Security or License, or both.

    Ignoring Violations on a Watch

    Users can choose to ignore violations detected on a watch in cases whereby a violation is low priority, or needs to be whitelisted or dealt with in future versions.

    The following procedures are supported when Ignoring violations:

    Ignore a Violation

    1. Select the required Watch and click theViolationstab.
    2. From the Violations list on the Watch, hover over the required violation in the list and clickIgnore Violationlocated on the rightmost side of the line.
      TheIgnore Violationdialog opens.
    3. Choose one of the following methods to ignore the violation:
      • Once:The violation will be tagged as an 'Ignored Violation', however it will reappear in the list the next time the violating artifact is scanned.

      • Permanently:The violation will be tagged as an "Ignored Violation' and an Ignore Rule will be created and will apply to future scans.

        Ignore Rules from Component Details

        You can also specify violations to ignore in the Violations tab of theComponent Detailspage.

        Under the Watch, you can view ignored rules in theIgnore Rulestab.


        To view security or licence details of an ignored rule, select the Ignore rule in the Summary column.

    Search for Ignored Violations

    To view a list of ignored violations, from theViolationstab on the Watch select theIgnored Violationsstatus from the Status filter and clickSearch.

    Restore an Ignored Violation

    1. In the Violations page, select the violation and clickRestore Ignored Violation.
    2. ClickRestore Ignored Violation.

    3. ClickRestore.The violation will be added to the Active Violations list.

    删除an Ignore Rule

    You can delete an Ignore rule and select theRestore previous violationscheckbox to restore previous violations tagged with this Ignore Rule.

    1. From the Ignore Rules tab, select the Ignore Rule and select the删除icon.
    2. Click删除.

    REST API

    To retrieve a list of ignored violations on a watch, run the followingGet Ignored Violationscommand.

    • No labels
    Copyright © 2023 JFrog Ltd.