JFrog · Arazzo Workflow

JFrog Xray Scan Artifact

Version 1.0.0

Trigger an Xray scan for an artifact then pull its security summary.

1 workflow 1 source API 1 provider
View Spec View on GitHub ArtifactoryCI/CDContainer RegistryDevOpsMLOpsPackage ManagementSecuritySoftware Supply ChainArazzoWorkflows

Provider

jfrog

Workflows

scan-artifact
Scan an artifact and retrieve its security summary.
Initiates an Xray scan for the supplied component, then requests the artifact summary for the corresponding path to read back issues.
2 steps inputs: componentID, path outputs: artifacts, scanInfo
1
triggerScan
scanArtifact
Trigger an on-demand Xray scan for the supplied component identifier.
2
artifactSummary
getArtifactSummary
Read the artifact summary to capture the security issues and license details for the scanned path.

Source API Descriptions

openapi
xrayApi https://raw.githubusercontent.com/api-evangelist/jfrog/refs/heads/main/openapi/jfrog-xray-openapi.yml

Arazzo Workflow Specification

jfrog-xray-scan-artifact-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: JFrog Xray Scan Artifact
  summary: Trigger an Xray scan for an artifact then pull its security summary.
  description: >-
    On-demand security scanning with JFrog Xray. The workflow triggers a scan
    for a specific component, then reads the artifact summary to capture the
    resulting security issues and license information. Every step spells out its
    request inline so the flow can be read and executed without opening the
    underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: xrayApi
  url: ../openapi/jfrog-xray-openapi.yml
  type: openapi
workflows:
- workflowId: scan-artifact
  summary: Scan an artifact and retrieve its security summary.
  description: >-
    Initiates an Xray scan for the supplied component, then requests the
    artifact summary for the corresponding path to read back issues.
  inputs:
    type: object
    required:
    - componentID
    - path
    properties:
      componentID:
        type: string
        description: 'The component identifier in package type format (e.g. docker://image:tag).'
      path:
        type: string
        description: The artifact path in Artifactory to summarize.
  steps:
  - stepId: triggerScan
    description: >-
      Trigger an on-demand Xray scan for the supplied component identifier.
    operationId: scanArtifact
    requestBody:
      contentType: application/json
      payload:
        componentID: $inputs.componentID
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      info: $response.body#/info
  - stepId: artifactSummary
    description: >-
      Read the artifact summary to capture the security issues and license
      details for the scanned path.
    operationId: getArtifactSummary
    requestBody:
      contentType: application/json
      payload:
        paths:
        - $inputs.path
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      artifacts: $response.body#/artifacts
  outputs:
    scanInfo: $steps.triggerScan.outputs.info
    artifacts: $steps.artifactSummary.outputs.artifacts