I have recently started using the JFrog Xray for exe, msi & zip scans.
I'm using GitHub repository and for pipeline GitHub Actions
My project are on C# and hence first I tried having JFrog extension for VS2019 where it scanned all the used DLLs properly and provided the vulnerabilities.
But when I tried to execute it through WebApp - using watches and reports, it is unable to find the vulnerabilities in EXE/ZIP - stored in "JFrog Artifactory". What can be the reason for this?
Also, is there any possible way that I can make GitHub Action pipeline fail if the JFrog Xray scan find issues ?
P.S.: I have made sure that watches and policies in WebApp are applied properly and getting executed on the correct target artifactory.
UPDATE
Based on suggested answer I tried below approach to execute build-scan on artifactory.
PreRequisite details:
JFrog distribution URL: https://orgname.jfrog.io/orgartifactoryname
Jfrog path to artifactory: JFrogDistributionURL/ProjectName/Folder
Commands executed
jfrog rt c rt-server-1 --user=$username --url=$JFrogDistributionURL --apikey=$apikey
jfrog rt bs "my build name" 18
Output:
[Info] Triggered Xray build scan... The scan may take a few minutes.
[Info] Connection error: Server Response: 401 Unauthorized, reconnecting...
I also tried setting up server with --password instead on --apikey but having the same issue.
