JFrog · Arazzo Workflow

JFrog Xray Vulnerability Report

Version 1.0.0

Generate a vulnerability report and poll until it completes.

1 workflow 1 source API 1 provider
View Spec View on GitHub ArtifactoryCI/CDContainer RegistryDevOpsMLOpsPackage ManagementSecuritySoftware Supply ChainArazzoWorkflows

Provider

jfrog

Workflows

vulnerability-report
Kick off a vulnerability report and wait for it to finish.
Generates a vulnerability report scoped to a repository, captures the report id, then polls the report status until it is completed.
2 steps inputs: repoKey, reportName outputs: reportId, status
1
generateReport
generateVulnerabilityReport
Generate a vulnerability report scoped to the supplied repository, filtering for findings that have remediation.
2
pollStatus
getReportStatus
Poll the report status. While it is pending or running, loop back and check again; once it is completed, finish.

Source API Descriptions

openapi
xrayApi https://raw.githubusercontent.com/api-evangelist/jfrog/refs/heads/main/openapi/jfrog-xray-openapi.yml

Arazzo Workflow Specification

jfrog-xray-vulnerability-report-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: JFrog Xray Vulnerability Report
  summary: Generate a vulnerability report and poll until it completes.
  description: >-
    An asynchronous reporting flow. The workflow generates a vulnerability
    report for a repository, then polls the report status in a loop, branching
    back to itself while the status is pending or running and ending once it
    reaches completed. Every step spells out its request inline so the flow can
    be read and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: xrayApi
  url: ../openapi/jfrog-xray-openapi.yml
  type: openapi
workflows:
- workflowId: vulnerability-report
  summary: Kick off a vulnerability report and wait for it to finish.
  description: >-
    Generates a vulnerability report scoped to a repository, captures the report
    id, then polls the report status until it is completed.
  inputs:
    type: object
    required:
    - reportName
    - repoKey
    properties:
      reportName:
        type: string
        description: The name to assign to the generated report.
      repoKey:
        type: string
        description: The repository to scope the report to.
  steps:
  - stepId: generateReport
    description: >-
      Generate a vulnerability report scoped to the supplied repository,
      filtering for findings that have remediation.
    operationId: generateVulnerabilityReport
    requestBody:
      contentType: application/json
      payload:
        name: $inputs.reportName
        resources:
          repositories:
          - name: $inputs.repoKey
        filters:
          has_remediation: true
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      reportId: $response.body#/report_id
  - stepId: pollStatus
    description: >-
      Poll the report status. While it is pending or running, loop back and
      check again; once it is completed, finish.
    operationId: getReportStatus
    parameters:
    - name: reportId
      in: path
      value: $steps.generateReport.outputs.reportId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      status: $response.body#/status
      reportId: $response.body#/id
    onSuccess:
    - name: stillRunning
      type: goto
      stepId: pollStatus
      criteria:
      - context: $response.body
        condition: $.status == 'pending' || $.status == 'running'
        type: jsonpath
    - name: finished
      type: end
      criteria:
      - context: $response.body
        condition: $.status == 'completed'
        type: jsonpath
  outputs:
    reportId: $steps.generateReport.outputs.reportId
    status: $steps.pollStatus.outputs.status