├── CODEOWNERS
├── examples
├── resources
│ ├── xray_webhook
│ │ ├── import.sh
│ │ └── resource.tf
│ ├── xray_ignore_rule
│ │ ├── import.sh
│ │ └── resource.tf
│ ├── xray_custom_issue
│ │ ├── import.sh
│ │ └── resource.tf
│ ├── xray_curation_policy
│ │ ├── import.sh
│ │ └── resource.tf
│ ├── xray_repository_config
│ │ ├── import.sh
│ │ └── resource.tf
│ ├── xray_custom_curation_condition
│ │ └── import.sh
│ ├── xray_operational_risk_policy
│ │ ├── import.sh
│ │ └── resource.tf
│ ├── xray_binary_manager_builds
│ │ ├── resource.tf
│ │ └── import.sh
│ ├── xray_binary_manager_repos
│ │ ├── import.sh
│ │ └── resource.tf
│ ├── xray_binary_manager_release_bundles_v2
│ │ ├── resource.tf
│ │ └── import.sh
│ ├── xray_settings
│ │ └── resource.tf
│ ├── xray_catalog_labels
│ │ ├── import.sh
│ │ └── resource.tf
│ ├── xray_workers_count
│ │ └── resource.tf
│ ├── xray_licenses_report
│ │ └── resource.tf
│ ├── xray_exposures_report
│ │ └── resource.tf
│ ├── xray_license_policy
│ │ └── resource.tf
│ ├── xray_operational_risks_report
│ │ └── resource.tf
│ ├── xray_security_policy
│ │ └── resource.tf
│ ├── xray_vulnerabilities_report
│ │ └── resource.tf
│ └── xray_violations_report
│ │ └── resource.tf
├── provider
│ └── provider.tf
└── data-sources
│ └── xray_artifacts_scan
│ └── data-source.tf
├── samples
├── crash.zip
├── multi1-3.7-20220310.233748-1.jar
├── cert.pem
└── generic-repo.json
├── terraform-registry-manifest.json
├── tools
└── tools.go
├── .gitignore
├── sonar-project.properties
├── http
├── http-client.env.json
├── watches.http
└── policies.http
├── .github
├── release.yml
├── dependabot.yml
├── ISSUE_TEMPLATE
│ ├── feature_request.md
│ └── bug_report.md
├── workflows
│ ├── slack-notify-issues.yml
│ ├── slack-notify-pr.yml
│ ├── cla.yml
│ └── release.yml
└── CODE_OF_CONDUCT.md
├── Dockerfile
├── templates
├── resources
│ ├── violations_report.md.tmpl
│ ├── exposures_report.md.tmpl
│ ├── operational_risks_report.md.tmpl
│ ├── operational_risk_policy.md.tmpl
│ ├── vulnerabilities_report.md.tmpl
│ ├── licenses_report.md.tmpl
│ ├── webhook.md.tmpl
│ ├── license_policy.md.tmpl
│ ├── settings.md.tmpl
│ ├── security_policy.md.tmpl
│ ├── workers_count.md.tmpl
│ ├── binary_manager_repos.md.tmpl
│ ├── curation_policy.md.tmpl
│ ├── ignore_rule.md.tmpl
│ ├── catalog_labels.md.tmpl
│ ├── binary_manager_builds.md.tmpl
│ ├── custom_curation_condition.md.tmpl
│ ├── custom_issue.md.tmpl
│ ├── binary_manager_release_bundles_v2.md.tmpl
│ ├── watch.md.tmpl
│ └── repository_config.md.tmpl
├── debug.md
└── index.md.tmpl
├── main.go
├── docs
├── resources
│ ├── binary_manager_builds.md
│ ├── binary_manager_release_bundles_v2.md
│ ├── webhook.md
│ ├── settings.md
│ ├── binary_manager_repos.md
│ ├── custom_issue.md
│ ├── catalog_labels.md
│ ├── ignore_rule.md
│ ├── repository_config.md
│ ├── workers_count.md
│ ├── exposures_report.md
│ └── operational_risks_report.md
├── debug.md
└── data-sources
│ └── artifacts_scan.md
├── .goreleaser.yml
├── GNUmakefile
├── pkg
└── xray
│ └── resource
│ ├── util.go
│ ├── resource_xray_exposures_report.go
│ ├── resource_xray_settings_test.go
│ └── resource_xray_operational_risks_report.go
├── CONTRIBUTIONS.md
├── go.mod
└── releaseXrayProvider.sh
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | * @srinivasgowda097
2 |
--------------------------------------------------------------------------------
/examples/resources/xray_webhook/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_webhook.my-webhook WebhookName
--------------------------------------------------------------------------------
/examples/resources/xray_ignore_rule/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_ignore_rule.my-rule rule-name
--------------------------------------------------------------------------------
/examples/resources/xray_custom_issue/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_custom_issue.my-issue-1 my-issue-1
--------------------------------------------------------------------------------
/samples/crash.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/terraform-provider-xray/HEAD/samples/crash.zip
--------------------------------------------------------------------------------
/examples/resources/xray_curation_policy/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_curation_policy.critical_vulns_policy 4
--------------------------------------------------------------------------------
/examples/resources/xray_repository_config/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_repository_config.my-config config-repo-name:false
--------------------------------------------------------------------------------
/examples/resources/xray_custom_curation_condition/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_custom_curation_condition.cvss_condition 29
--------------------------------------------------------------------------------
/examples/resources/xray_operational_risk_policy/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_operational_risk_policy.my-policy policy-name
--------------------------------------------------------------------------------
/samples/multi1-3.7-20220310.233748-1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/terraform-provider-xray/HEAD/samples/multi1-3.7-20220310.233748-1.jar
--------------------------------------------------------------------------------
/examples/provider/provider.tf:
--------------------------------------------------------------------------------
1 | provider "xray" {
2 | url = "${var.artifactory_url}/xray"
3 | access_token = var.xray_access_token
4 | }
5 |
--------------------------------------------------------------------------------
/terraform-registry-manifest.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": 1,
3 | "metadata": {
4 | "protocol_versions": [
5 | "6.0"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/tools/tools.go:
--------------------------------------------------------------------------------
1 | // +build tools
2 |
3 | package tools
4 |
5 | import (
6 | // document generation
7 | _ "github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs"
8 | )
9 |
--------------------------------------------------------------------------------
/examples/resources/xray_binary_manager_builds/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_binary_manager_builds" "my-indexed-builds" {
2 | id = "default"
3 | indexed_builds = ["my-build-1", "my-build-2"]
4 | }
--------------------------------------------------------------------------------
/examples/resources/xray_binary_manager_repos/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_binary_manager_repos.my-indexed-repos default
2 |
3 | terraform import xray_binary_manager_repos.my-indexed-repos default:my-project-key
--------------------------------------------------------------------------------
/examples/resources/xray_binary_manager_builds/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_binary_manager_builds.my-indexed-builds default
2 |
3 | terraform import xray_binary_manager_builds.my-indexed-builds default:my-project-key
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | terraform-provider-xray
2 | dist/
3 | .idea/
4 | .modules/
5 | .terraform*
6 | terraform.d/
7 | terraform.tfstate
8 | terraform.tfstate.backup
9 | lib/
10 | *.lic
11 | /resources/
12 | coverage.txt
13 | .scannerwork
--------------------------------------------------------------------------------
/sonar-project.properties:
--------------------------------------------------------------------------------
1 | sonar.projectKey=terraform-provider-xray
2 | sonar.host.url=https://sonar.jfrog.info
3 | sonar.sources=./pkg
4 | sonar.exclusions=**/*_test.go,**/acctest/**/*
5 | sonar.tests=./pkg
6 | sonar.test.inclusions=**/*_test.go
--------------------------------------------------------------------------------
/examples/resources/xray_binary_manager_release_bundles_v2/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_binary_manager_release_bundles_v2" "my-indexed-release-bundles" {
2 | id = "default"
3 | indexed_release_bundle_v2 = ["my-release-bundle-1", "my-release-bundle-2"]
4 | }
--------------------------------------------------------------------------------
/examples/resources/xray_binary_manager_release_bundles_v2/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_binary_manager_release_bundles_v2.my-indexed-release-bundles default
2 |
3 | terraform import xray_binary_manager_release_bundles_v2.my-indexed-release-bundles default:my-project-key
--------------------------------------------------------------------------------
/examples/data-sources/xray_artifacts_scan/data-source.tf:
--------------------------------------------------------------------------------
1 | data "xray_artifacts_scan" "my_artifacts_scan" {
2 | repo = "my-docker-local"
3 | order_by = "repo_path"
4 | offset = 15
5 | }
6 |
7 | output "my_artifacts_scan" {
8 | value = data.xray_artifacts_scan.my_artifacts_scan.results
9 | }
--------------------------------------------------------------------------------
/examples/resources/xray_settings/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_settings" "db_sync" {
2 | enabled = true
3 | allow_blocked = true
4 | allow_when_unavailable = true
5 | block_unscanned_timeout = 120
6 | block_unfinished_scans_timeout = 3600
7 | db_sync_updates_time = "18:40"
8 | }
--------------------------------------------------------------------------------
/examples/resources/xray_webhook/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_webhook" "my-webhook" {
2 | name = "MyWebhook"
3 | description = "My webhook description"
4 | url = "https://tempurl.org"
5 | use_proxy = false
6 | user_name = "my_user_1"
7 | password = "my_user_password"
8 |
9 | headers = {
10 | header1_name = "header1_value"
11 | header2_name = "header2_value"
12 | }
13 | }
--------------------------------------------------------------------------------
/examples/resources/xray_binary_manager_repos/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_binary_manager_repos" "my-indexed-repos" {
2 | id = "default"
3 | indexed_repos = [
4 | {
5 | name = "my-generic-local"
6 | type = "local"
7 | package_type = "Generic"
8 | },
9 | {
10 | name = "my-npm-remote"
11 | type = "remote"
12 | package_type = "Npm"
13 | }
14 | ]
15 | }
--------------------------------------------------------------------------------
/examples/resources/xray_catalog_labels/import.sh:
--------------------------------------------------------------------------------
1 | terraform import xray_catalog_labels.basic lbl_basic_1,lbl_basic_2
2 | terraform import xray_catalog_labels.with_package_assignments pkg_label
3 | terraform import xray_catalog_labels.with_version_assignments_single ver_label_one
4 | terraform import xray_catalog_labels.with_version_assignments_bulk ver_label_bulk
5 | terraform import xray_catalog_labels.combined combined_lbl,doc_label
--------------------------------------------------------------------------------
/http/http-client.env.json:
--------------------------------------------------------------------------------
1 | {
2 | "dev": {
3 | "host": "http://localhost:8081",
4 | "token": "your_token",
5 | "watch_name_all_repos": "terraform-test-watch-all-repos",
6 | "watch_name_single_repo": "terraform-test-watch-single_repo",
7 | "watch_name_builds": "terraform-test-watch-builds",
8 | "security_policy_name": "terraform-test-security-policy",
9 | "license_policy_name": "terraform-test-license-policy"
10 | }
11 | }
--------------------------------------------------------------------------------
/.github/release.yml:
--------------------------------------------------------------------------------
1 | changelog:
2 | exclude:
3 | labels:
4 | - ignore-for-release
5 | categories:
6 | - title: Breaking Changes 🛠
7 | labels:
8 | - breaking-change
9 | - title: Improvements/Enhancements 🎉
10 | labels:
11 | - enhancement
12 | - title: Bug Fixes 🛠
13 | labels:
14 | - bug
15 | - title: 👒 Dependencies
16 | labels:
17 | - dependencies
18 | - title: Other Changes 📚
19 | labels:
20 | - "*"
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | # Fetch the dependencies
2 | FROM golang:1.15-alpine AS builder
3 |
4 | RUN apk add --update ca-certificates git gcc g++ libc-dev
5 | WORKDIR /src/
6 |
7 | ENV GO111MODULE=on
8 |
9 | COPY go.mod .
10 | COPY go.sum .
11 |
12 | RUN go mod download
13 |
14 | COPY pkg/ /src/pkg/
15 | COPY main.go /src/
16 |
17 | RUN CGO_ENABLED=0 GOOS=linux go build
18 |
19 |
20 | # Build the final image
21 | FROM hashicorp/terraform:0.13
22 |
23 | COPY --from=builder /src/terraform-provider-xray /root/.terraform.d/plugins/
24 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | # To get started with Dependabot version updates, you'll need to specify which
2 | # package ecosystems to update and where the package manifests are located.
3 | # Please see the documentation for all configuration options:
4 | # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
5 |
6 | version: 2
7 | updates:
8 | - package-ecosystem: "gomod" # See documentation for possible values
9 | directory: "/" # Location of package manifests
10 | schedule:
11 | interval: "daily"
12 |
--------------------------------------------------------------------------------
/templates/resources/violations_report.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_violations_report Resource - terraform-provider-xray"
4 | subcategory: "Reports"
5 | ---
6 |
7 | # xray_violations_report (Resource)
8 |
9 | Creates Xray Violations report. The Violations report provides you with information on security and license violations for each component in the selected scope. Violations information includes information such as type of violation, impacted artifacts, and severity.
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_violations_report/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 | title: ''
5 | labels: ''
6 | assignees: chukka
7 |
8 | ---
9 |
10 | **Is your feature request related to a problem? Please describe.**
11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12 |
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 |
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 |
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 |
--------------------------------------------------------------------------------
/examples/resources/xray_custom_issue/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_custom_issue" "my-issue-1" {
2 | name = "my-issue-1"
3 | description = "My custom issue"
4 | summary = "My issue"
5 | type = "security"
6 | provider_name = "custom"
7 | package_type = "generic"
8 | severity = "High"
9 |
10 | component {
11 | id = "aero:aero"
12 | vulnerable_versions = ["[0.2.3]"]
13 | vulnerable_ranges {
14 | vulnerable_versions = ["[0.2.3]"]
15 | }
16 | }
17 |
18 | cve {
19 | cve = "CVE-2017-1000386"
20 | cvss_v2 = "2.4"
21 | }
22 |
23 | source {
24 | id = "CVE-2017-1000386"
25 | }
26 | }
--------------------------------------------------------------------------------
/templates/resources/exposures_report.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_exposures_report Resource - terraform-provider-xray"
4 | subcategory: "Reports"
5 | ---
6 |
7 | # xray_exposures_report (Resource)
8 |
9 | Creates Xray Exposures report. The Exposures report provides you with information about potential security exposures in your artifacts, such as secrets, services, applications, and IaC configurations.
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_exposures_report/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
17 | ## Import
18 |
19 | Import is supported using the following syntax:
20 |
21 | ```shell
22 | terraform import xray_exposures_report.my-report my-report
23 | ```
24 |
--------------------------------------------------------------------------------
/templates/resources/operational_risks_report.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_operational_risks_report Resource - terraform-provider-xray"
4 | subcategory: "Reports"
5 | ---
6 |
7 | # xray_operational_risks_report (Resource)
8 |
9 | Creates Xray Operational Risks report. The Operational Risk report provides you with additional data on OSS components that will help you gain insights into the risk level of the components in use, such as; EOL, Version Age, Number of New Versions, and so on. For more information, see [Components Operational Risk](https://www.jfrog.com/confluence/display/JFROG/Components+Operational+Risk)
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_operational_risks_report/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
--------------------------------------------------------------------------------
/.github/workflows/slack-notify-issues.yml:
--------------------------------------------------------------------------------
1 | on:
2 | issues:
3 | types: [opened, reopened, deleted, closed]
4 | name: Slack Issue Notification
5 | jobs:
6 | slackNotification:
7 | name: Slack Notification Issue
8 | runs-on: ubuntu-latest
9 | steps:
10 | - uses: actions/checkout@v2
11 | - name: Slack Notification Issue
12 | uses: rtCamp/action-slack-notify@master
13 | env:
14 | SLACK_CHANNEL: partnereng-issues
15 | SLACK_COLOR: '#00A86B'
16 | SLACK_ICON: https://pbs.twimg.com/profile_images/978188446178082817/86ulJdF0.jpg
17 | SLACK_TITLE: "[${{ github.event.issue.state}}] ${{ github.event.issue.title }} on ${{ github.repository }} :rocket:"
18 | SLACK_MESSAGE: 'Link: ${{ github.event.issue.html_url }}'
19 | SLACK_USERNAME: PartnerEngineers
20 | SLACK_WEBHOOK: ${{ secrets.SLACK_ISSUE_WEBHOOK }}
21 |
--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "context"
5 | "flag"
6 | "log"
7 |
8 | "github.com/hashicorp/terraform-plugin-framework/providerserver"
9 | "github.com/jfrog/terraform-provider-xray/v3/pkg/xray"
10 | )
11 |
12 | // Run the docs generation tool, check its repository for more information on how it works and how docs
13 | // can be customized.
14 | //go:generate go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs
15 |
16 | func main() {
17 | var debug bool
18 |
19 | flag.BoolVar(&debug, "debug", false, "set to true to run the provider with support for debuggers like delve")
20 | flag.Parse()
21 |
22 | opts := providerserver.ServeOpts{
23 | Address: "registry.terraform.io/jfrog/xray",
24 | Debug: debug,
25 | }
26 |
27 | err := providerserver.Serve(context.Background(), xray.NewProvider(), opts)
28 | if err != nil {
29 | log.Fatal(err.Error())
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/templates/resources/operational_risk_policy.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_operational_risk_policy Resource - terraform-provider-xray"
4 | subcategory: "Policies"
5 | ---
6 |
7 | # xray_operational_risk_policy (Resource)
8 |
9 | Creates an Xray policy using V2 of the underlying APIs. Please note: It's only compatible with Bearer token auth method (Identity and Access => Access Tokens)
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_operational_risk_policy/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
17 | ## Import
18 |
19 | Import is supported using the following syntax:
20 |
21 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
22 |
23 | ```shell
24 | terraform import xray_operational_risk_policy.my-policy policy-name
25 | ```
--------------------------------------------------------------------------------
/templates/resources/vulnerabilities_report.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_vulnerabilities_report Resource - terraform-provider-xray"
4 | subcategory: "Reports"
5 | ---
6 |
7 | # xray_vulnerabilities_report (Resource)
8 |
9 | Creates Xray Vulnerabilities report. The Vulnerabilities report provides information about vulnerabilities in your artifacts, builds, and release bundles. In addition to the information provided in the JFrog Platform on each of these entities, the report gives you a wider range of information such as vulnerabilities in multiple repositories, builds and release bundles. Criteria such as vulnerable component, CVE, cvss score, and severity are available in the report.
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_vulnerabilities_report/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
--------------------------------------------------------------------------------
/templates/resources/licenses_report.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_licenses_report Resource - terraform-provider-xray"
4 | subcategory: "Reports"
5 | ---
6 |
7 | # xray_licenses_report (Resource)
8 |
9 | Creates Xray License Due Diligence report. The License Due Diligence report provides you with a list of components and artifacts and their relevant licenses. This enables you to review and verify that the components and artifacts comply with the license requirements. This report provides due diligence license related information on each component for a selected scope. Due diligence license information includes information such as unknown licenses and unrecognized licenses found in your components.
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_licenses_report/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
--------------------------------------------------------------------------------
/templates/resources/webhook.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_webhook Resource - terraform-provider-xray"
4 | subcategory: "Webhooks"
5 | ---
6 |
7 | # xray_webhook (Resource)
8 |
9 | Provides an Xray webhoook resource. See [Xray Webhooks](https://jfrog.com/help/r/jfrog-security-documentation/configure-webhooks-for-working-with-xray) and [REST API](https://jfrog.com/help/r/jfrog-rest-apis/xray-webhooks) for more details.
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_webhook/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
17 | ## Import
18 |
19 | Import is supported using the following syntax:
20 |
21 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
22 |
23 | ```shell
24 | terraform import xray_webhook.my-webhook WebhookName
25 | ```
26 |
--------------------------------------------------------------------------------
/templates/resources/license_policy.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_license_policy Resource - terraform-provider-xray"
4 | subcategory: "Policies"
5 | ---
6 |
7 | # xray_license_policy (Resource)
8 |
9 | Creates an Xray Policy using V2 of the underlying APIs.
10 | Please note: It's only compatible with Bearer token auth method (Identity and Access => Access Tokens).
11 |
12 | [Official documentation](https://www.jfrog.com/confluence/display/JFROG/Creating+Xray+Policies+and+Rules).
13 |
14 | [API documentation](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-CreatePolicy).
15 |
16 |
17 | ## Example Usage
18 |
19 | {{tffile "examples/resources/xray_license_policy/resource.tf"}}
20 |
21 | {{ .SchemaMarkdown | trimspace }}
22 |
23 | ## Import
24 |
25 | Import is supported using the following syntax:
26 |
27 | ```sh
28 | terraform import xray_license_policy.my-policy policy-name
29 | ```
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: bug
6 | assignees: chukka
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **Requirements for and issue**
14 | - [ ] A fully functioning terraform snippet that can be copy&pasted (no outside files or ENV vars unless that's part of the issue)
15 | - [ ] Your version of Artifactory and Xray (you can `curl` Artifactory version at `$host/artifactory/api/system/version` and Xray version at
16 | `$host/xray/api/v1/system/version`
17 | - [ ] Your version of terraform
18 | - [ ] Your version of terraform provider
19 | - [ ] Your product license (E+/E/Pro)
20 | - [ ] Is your Xray Cloud or Self-Hosted
21 | - [ ] JFrog support reference (if already raised with support team)
22 |
23 | **Expected behavior**
24 | A clear and concise description of what you expected to happen.
25 |
26 | **Additional context**
27 | Add any other context about the problem here.
28 |
--------------------------------------------------------------------------------
/templates/resources/settings.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_settings Resource - terraform-provider-xray"
4 | subcategory: "Settings"
5 | ---
6 |
7 | # xray_settings (Resource)
8 |
9 | Provides an Xray resource for managing basic settings and DB Sync Time.
10 |
11 | [Basic settings documentation](https://jfrog.com/help/r/jfrog-security-documentation/advanced-xray-settings).
12 |
13 | [DB Sync Time API documentation](https://jfrog.com/help/r/xray-rest-apis/update-db-sync-daily-update-time).
14 |
15 | ## Example Usage
16 |
17 | {{tffile "examples/resources/xray_settings/resource.tf"}}
18 |
19 | {{ .SchemaMarkdown | trimspace }}
20 |
21 | ## Import
22 |
23 | Import is supported using the following syntax:
24 |
25 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
26 |
27 | Settings can be imported using the DB sync time as the ID, e.g.
28 | ```
29 | $ terraform import xray_settings.my-settings 00:00
30 | ```
--------------------------------------------------------------------------------
/.github/workflows/slack-notify-pr.yml:
--------------------------------------------------------------------------------
1 | on:
2 | pull_request_target:
3 | branches:
4 | - master
5 | types: [opened, reopened, closed]
6 | name: Slack Pull Request Notification
7 | jobs:
8 | slackNotification:
9 | name: Slack Notification PR
10 | runs-on: ubuntu-latest
11 | steps:
12 | - uses: actions/checkout@v2
13 | - name: Slack Notification PR
14 | uses: rtCamp/action-slack-notify@master
15 | env:
16 | SLACK_CHANNEL: partnereng-pullrequest
17 | SLACK_COLOR: '#00A86B'
18 | SLACK_ICON: https://pbs.twimg.com/profile_images/978188446178082817/86ulJdF0.jpg
19 | SLACK_TITLE: "[${{ github.event.pull_request.state}}] ${{ github.event.pull_request.title }} on ${{ github.repository }} :rocket:"
20 | SLACK_MESSAGE: 'Merging from ${{ github.head_ref }} to ${{ github.base_ref }} by ${{ github.actor }}. Link: ${{ github.event.pull_request._links.html.href }}'
21 | SLACK_USERNAME: PartnerEngineers
22 | SLACK_WEBHOOK: ${{ secrets.SLACK_PR_WEBHOOK }}
23 |
--------------------------------------------------------------------------------
/examples/resources/xray_repository_config/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_repository_config" "xray-repo-config-pattern" {
2 | repo_name = "example-repo-local"
3 |
4 | config {
5 | vuln_contextual_analysis = true
6 | retention_in_days = 90
7 | }
8 |
9 | paths_config {
10 | pattern {
11 | include = "core/**"
12 | exclude = "core/internal/**"
13 | index_new_artifacts = true
14 | retention_in_days = 60
15 | }
16 |
17 | pattern {
18 | include = "core/**"
19 | exclude = "core/external/**"
20 | index_new_artifacts = true
21 | retention_in_days = 45
22 | }
23 |
24 | all_other_artifacts {
25 | index_new_artifacts = true
26 | retention_in_days = 60
27 | }
28 | }
29 | }
30 |
31 | resource "xray_repository_config" "xray-repo-config" {
32 | repo_name = "example-repo-local"
33 | jas_enabled = true
34 |
35 | config {
36 | vuln_contextual_analysis = true
37 | retention_in_days = 90
38 | }
39 | }
--------------------------------------------------------------------------------
/templates/resources/security_policy.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_security_policy Resource - terraform-provider-xray"
4 | subcategory: "Policies"
5 | ---
6 |
7 | # xray_security_policy (Resource)
8 |
9 | Creates an Xray Policy using V2 of the underlying APIs.
10 | Please note: It's only compatible with Bearer token auth method (Identity and Access => Access Tokens).
11 |
12 | [Official documentation](https://www.jfrog.com/confluence/display/JFROG/Creating+Xray+Policies+and+Rules).
13 |
14 | [API documentation](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-CreatePolicy).
15 |
16 |
17 | ## Example Usage
18 |
19 | {{tffile "examples/resources/xray_security_policy/resource.tf"}}
20 |
21 | {{ .SchemaMarkdown | trimspace }}
22 |
23 | ## Import
24 |
25 | Import is supported using the following syntax:
26 |
27 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
28 |
29 | ```sh
30 | terraform import xray_security_policy.my-policy policy-name
31 | ```
--------------------------------------------------------------------------------
/templates/resources/workers_count.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_workers_count Resource - terraform-provider-xray"
4 | subcategory: "Workers Count"
5 | ---
6 |
7 | # xray_workers_count (Resource)
8 |
9 | Provides an Xray Workers Count resource.
10 |
11 | ~> Self-Hosted only.
12 |
13 | [Official documentation](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray#ConfiguringXray-AdvancedSettings).
14 |
15 | [API documentation](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-ConfiguringtheWorkersCount).
16 |
17 | ## Example Usage
18 |
19 | {{tffile "examples/resources/xray_workers_count/resource.tf"}}
20 |
21 | {{ .SchemaMarkdown | trimspace }}
22 |
23 | ## Import
24 |
25 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
26 |
27 | Import is supported using the following syntax:
28 |
29 | Workers count resource can be imported using their names, e.g.
30 | ```
31 | $ terraform import xray_workers_count.workers-count workers-count
32 | ```
--------------------------------------------------------------------------------
/templates/resources/binary_manager_repos.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_binary_manager_repos Resource - terraform-provider-xray"
4 | subcategory: "Binary Manager"
5 | ---
6 |
7 | # xray_binary_manager_repos (Resource)
8 |
9 | Provides an Xray Binary Manager Repository Indexing configuration resource. See [Indexing Xray Resources](https://jfrog.com/help/r/jfrog-security-documentation/add-or-remove-resources-from-indexing) and [REST API](https://jfrog.com/help/r/xray-rest-apis/update-repos-indexing-configuration) for more details.
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_binary_manager_repos/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
17 | ## Import
18 |
19 | Import is supported using the following syntax:
20 |
21 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
22 |
23 | ```shell
24 | terraform import xray_binary_manager_repos.my-indexed-repos default
25 |
26 | terraform import xray_binary_manager_repos.my-indexed-repos default:my-project-key
27 | ```
28 |
--------------------------------------------------------------------------------
/templates/resources/curation_policy.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_curation_policy Resource - terraform-provider-xray"
4 | subcategory: "Curation"
5 | ---
6 |
7 | # xray_curation_policy (Resource)
8 |
9 | Provides an Xray curation policy resource. This resource allows you to create, read, update, and delete curation policies in Xray. See [JFrog Curation REST APIs](https://jfrog.com/help/r/jfrog-rest-apis/create-curation-policy) [Official documentation](https://jfrog.com/help/r/jfrog-security-user-guide/products/curation/configure-curation/create-policies) for more details.
10 | ~> Requires JFrog Catalog service to be available.
11 |
12 | ## Example Usage
13 |
14 | {{tffile "examples/resources/xray_curation_policy/resource.tf"}}
15 |
16 | {{ .SchemaMarkdown | trimspace }}
17 |
18 | ## Import
19 |
20 | Import is supported using the following syntax:
21 |
22 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
23 |
24 | ```shell
25 | terraform import xray_curation_policy.critical_vulns_policy 4
26 | ```
27 |
--------------------------------------------------------------------------------
/templates/resources/ignore_rule.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_ignore_rule Resource - terraform-provider-xray"
4 | subcategory: "Ignore Rule"
5 | ---
6 |
7 | # xray_ignore_rule (Resource)
8 |
9 | Provides an Xray ignore rule resource. See [Xray Ignore Rules](https://www.jfrog.com/confluence/display/JFROG/Ignore+Rules) and [REST API](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-IGNORERULES) for more details.
10 |
11 | ~> At least one of the `vulnerabilities/cves/liceneses`, `component`, and `dockerlayers/artifact/build/releasebundle` should not be empty. When selecting the ignore criteria, take note of the combinations you choose. Some combinations such as omitting everything is not allowed as it will ignore all future violations (in the watch or in the system).
12 |
13 | ## Example Usage
14 |
15 | {{tffile "examples/resources/xray_ignore_rule/resource.tf"}}
16 |
17 | {{ .SchemaMarkdown | trimspace }}
18 |
19 | ## Import
20 |
21 | Import is supported using the following syntax:
22 |
23 | ```shell
24 | terraform import xray_ignore_rule.my-rule 44b273ac-dca3-42dc-6819-f70648c0b48e
25 | ```
--------------------------------------------------------------------------------
/templates/resources/catalog_labels.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_catalog_labels Resource - terraform-provider-xray"
4 | subcategory: "Catalog"
5 | ---
6 |
7 | # xray_catalog_labels (Resource)
8 |
9 | Manages JFrog Catalog labels and their assignments using the correct GraphQL API mutations.
10 | ~> Requires JFrog Catalog service to be available.
11 |
12 | ## Example Usage
13 |
14 | {{tffile "examples/resources/xray_catalog_labels/resource.tf"}}
15 |
16 | {{ .SchemaMarkdown | trimspace }}
17 |
18 | ## Import
19 |
20 | Import is supported using the following syntax:
21 |
22 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
23 |
24 | ```shell
25 | terraform import xray_catalog_labels.basic lbl_basic_1,lbl_basic_2
26 | terraform import xray_catalog_labels.with_package_assignments pkg_label
27 | terraform import xray_catalog_labels.with_version_assignments_single ver_label_one
28 | terraform import xray_catalog_labels.with_version_assignments_bulk ver_label_bulk
29 | terraform import xray_catalog_labels.combined combined_lbl,doc_label
30 | ```
31 |
--------------------------------------------------------------------------------
/templates/resources/binary_manager_builds.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_binary_manager_builds Resource - terraform-provider-xray"
4 | subcategory: "Binary Manager"
5 | ---
6 |
7 | # xray_binary_manager_builds (Resource)
8 |
9 | Provides an Xray Binary Manager Builds Indexing configuration resource. See [Indexing Xray Resources](https://jfrog.com/help/r/jfrog-security-documentation/add-or-remove-resources-from-indexing) and [REST API](https://jfrog.com/help/r/xray-rest-apis/update-builds-indexing-configuration) for more details.
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_binary_manager_builds/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
17 | ## Import
18 |
19 | Import is supported using the following syntax:
20 |
21 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
22 |
23 | ```shell
24 | terraform import xray_binary_manager_builds.my-indexed-builds default
25 |
26 | terraform import xray_binary_manager_builds.my-indexed-builds default:my-project-key
27 | terraform import xray_binary_manager_builds.my-builds my-builds
28 | ```
29 |
--------------------------------------------------------------------------------
/templates/resources/custom_curation_condition.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_custom_curation_condition Resource - terraform-provider-xray"
4 | subcategory: "Curation"
5 | ---
6 |
7 | # xray_custom_curation_condition (Resource)
8 |
9 | Provides an Xray custom curation condition resource. This resource allows you to create, read, update, and delete custom curation conditions in Xray. See [JFrog Curation REST APIs](https://jfrog.com/help/r/jfrog-rest-apis/create-custom-curation-condition) [Official documentation](https://jfrog.com/help/r/jfrog-security-user-guide/products/curation/configure-curation/create-custom-conditions) for more details.
10 | ~> Requires JFrog Catalog service to be available.
11 |
12 | ## Example Usage
13 |
14 | {{tffile "examples/resources/xray_custom_curation_condition/resource.tf"}}
15 |
16 | {{ .SchemaMarkdown | trimspace }}
17 |
18 | ## Import
19 |
20 | Import is supported using the following syntax:
21 |
22 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
23 |
24 | ```shell
25 | terraform import xray_custom_curation_condition.cvss_condition 29
26 | ```
27 |
--------------------------------------------------------------------------------
/examples/resources/xray_workers_count/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_workers_count" "workers-count" {
2 | index {
3 | new_content = 4
4 | existing_content = 2
5 | }
6 | persist {
7 | new_content = 4
8 | existing_content = 2
9 | }
10 | analysis {
11 | new_content = 4
12 | existing_content = 2
13 | }
14 | policy_enforcer {
15 | new_content = 4
16 | existing_content = 2
17 | }
18 | impact_analysis {
19 | new_content = 2
20 | }
21 | notification {
22 | new_content = 2
23 | }
24 | user_catalog {
25 | new_content = 4
26 | existing_content = 2
27 | }
28 | sbom_impact_analysis {
29 | new_content = 4
30 | existing_content = 2
31 | }
32 | migration_sbom {
33 | new_content = 4
34 | existing_content = 2
35 | }
36 | sbom {
37 | new_content = 4
38 | existing_content = 2
39 | }
40 | panoramic {
41 | new_content = 4
42 | }
43 | sbom_enricher {
44 | new_content = 4
45 | existing_content = 2
46 | }
47 | sbom_dependencies {
48 | new_content = 4
49 | existing_content = 2
50 | }
51 | sbom_deleter {
52 | new_content = 4
53 | existing_content = 2
54 | }
55 | }
--------------------------------------------------------------------------------
/templates/resources/custom_issue.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_custom_issue Resource - terraform-provider-xray"
4 | subcategory: "Issues"
5 | ---
6 |
7 | # xray_custom_issue (Resource)
8 |
9 | Provides an Xray custom issue event resource. See [Xray Custom Issue](https://jfrog.com/help/r/xray-how-to-formally-raise-an-issue-regarding-an-indexed-artifact) and [REST API](https://jfrog.com/help/r/jfrog-rest-apis/issues) for more details.
10 |
11 | ~>Due to JFrog Xray REST API behavior, when `component.vulnerable_versions` or `component.fixed_versions` are set, their values are mirrored in the `component.vulnerable_ranges` attribute, and vice versa. We recommend setting all the `component` attribute values to match to avoid state drift.
12 |
13 | ## Example Usage
14 |
15 | {{tffile "examples/resources/xray_custom_issue/resource.tf"}}
16 |
17 | {{ .SchemaMarkdown | trimspace }}
18 |
19 | ## Import
20 |
21 | Import is supported using the following syntax:
22 |
23 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
24 |
25 | ```shell
26 | terraform import xray_custom_issue.my-issue-1 my-issue-1
27 | ```
28 |
--------------------------------------------------------------------------------
/templates/resources/binary_manager_release_bundles_v2.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_binary_manager_release_bundles_v2 Resource - terraform-provider-xray"
4 | subcategory: "Binary Manager"
5 | ---
6 |
7 | # xray_binary_manager_release_bundles_v2 (Resource)
8 |
9 | Provides an Xray Binary Manager Release Bundles V2 Indexing configuration resource. See [Indexing Xray Resources](https://jfrog.com/help/r/jfrog-security-documentation/add-or-remove-resources-from-indexing) and [REST API](https://jfrog.com/help/r/xray-rest-apis/add-release-bundles-v2-indexing-configuration) for more details.
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_binary_manager_release_bundles_v2/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
17 | ## Import
18 |
19 | Import is supported using the following syntax:
20 |
21 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
22 |
23 | ```shell
24 | terraform import xray_binary_manager_release_bundles_v2.my-indexed-release-bundles default
25 |
26 | terraform import xray_binary_manager_release_bundles_v2.my-indexed-release-bundles default:my-project-key
27 | ```
28 |
--------------------------------------------------------------------------------
/.github/workflows/cla.yml:
--------------------------------------------------------------------------------
1 | name: "CLA Assistant"
2 | on:
3 | # issue_comment triggers this action on each comment on issues and pull requests
4 | issue_comment:
5 | types: [created]
6 | pull_request_target:
7 | types: [opened,synchronize]
8 |
9 | jobs:
10 | CLAssistant:
11 | runs-on: ubuntu-latest
12 | steps:
13 | - uses: actions-ecosystem/action-regex-match@v2
14 | id: sign-or-recheck
15 | with:
16 | text: ${{ github.event.comment.body }}
17 | regex: '\s*(I have read the CLA Document and I hereby sign the CLA)|(recheckcla)\s*'
18 |
19 | - name: "CLA Assistant"
20 | if: ${{ steps.sign-or-recheck.outputs.match != '' || github.event_name == 'pull_request_target' }}
21 | # Alpha Release
22 | uses: cla-assistant/github-action@v2.1.1-beta
23 | env:
24 | # Generated and maintained by github
25 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
26 | # JFrog organization secret
27 | PERSONAL_ACCESS_TOKEN : ${{ secrets.CLA_SIGN_TOKEN }}
28 | with:
29 | path-to-signatures: 'signed_clas.json'
30 | path-to-document: 'https://jfrog.com/cla/'
31 | remote-organization-name: 'jfrog'
32 | remote-repository-name: 'jfrog-signed-clas'
33 | # branch should not be protected
34 | branch: 'master'
35 | allowlist: bot*
--------------------------------------------------------------------------------
/templates/resources/watch.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_watch Resource - terraform-provider-xray"
4 | subcategory: "Watch"
5 | ---
6 |
7 | # xray_watch (Resource)
8 |
9 | Provides an Xray Watch resource.
10 |
11 | [Official documentation](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches#ConfiguringXrayWatches-CreatingaWatch).
12 |
13 | [API documentation](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-CreateWatch).
14 |
15 |
16 | ## Example Usage
17 |
18 | {{tffile "examples/resources/xray_watch/resource.tf"}}
19 |
20 | {{ .SchemaMarkdown | trimspace }}
21 |
22 | ## Import
23 |
24 | Import is supported using the following syntax:
25 |
26 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
27 |
28 | ```sh
29 | terraform import xray_watch.my-watch watch-name
30 | ```
31 |
32 | ### Import with `project_key`
33 |
34 | To import watch that is in the scope of a project, you'll need to include the project key as part of the resource ID, separated by a colon (`:`).
35 |
36 | For instance, using the following config during import:
37 | ```terraform
38 | resource "xray_watch" "my-watch" {
39 | name = "watch-name"
40 | project_key = "my-project"
41 | }
42 | ```
43 |
44 | Then use `terraform xray_watch.my-watch watch-name:my-project` to import the watch `watch-name` in the scope of project `my-project`.
45 |
--------------------------------------------------------------------------------
/templates/resources/repository_config.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_repository_config Resource - terraform-provider-xray"
4 | subcategory: "Repository Config"
5 | ---
6 |
7 | # xray_repository_config (Resource)
8 |
9 | Provides an Xray repository config resource. See [Xray Indexing Resources](https://www.jfrog.com/confluence/display/JFROG/Indexing+Xray+Resources#IndexingXrayResources-SetaRetentionPeriod) and [REST API](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-UpdateRepositoriesConfigurations) for more details.
10 |
11 | ## Example Usage
12 |
13 | {{tffile "examples/resources/xray_repository_config/resource.tf"}}
14 |
15 | {{ .SchemaMarkdown | trimspace }}
16 |
17 | ## Import
18 |
19 | Import is supported using the following syntax:
20 |
21 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
22 |
23 | To import repository configuration, you'll need to specific if your JFrog Platform has Advanced Security enabled as part of the resource ID along with repository name, separated by a colon (`:`).
24 |
25 | For instance, using the following config during import:
26 | ```terraform
27 | resource "xray_repository_config" "xray-repo-config" {
28 | repo_name = "example-repo-local"
29 | jas_enabled = false
30 |
31 | config {
32 | retention_in_days = 90
33 | }
34 | }
35 | ```
36 |
37 | Then use `terraform import xray_repository_config.xray-repo-config example-repo-local:false` to import the repository configuration `xray-repo-config` with `jas_enabled` set to `false`.
38 |
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
1 | # This GitHub action can publish assets for release when a tag is created.
2 | # Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
3 | #
4 | # This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your
5 | # private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
6 | # secret. If you would rather own your own GPG handling, please fork this action
7 | # or use an alternative one for key handling.
8 | #
9 | # You will need to pass the `--batch` flag to `gpg` in your signing step
10 | # in `goreleaser` to indicate this is being used in a non-interactive mode.
11 | #
12 | name: release
13 | on:
14 | push:
15 | tags:
16 | - v*
17 | jobs:
18 | goreleaser:
19 | runs-on: ubuntu-latest
20 | if: startsWith(github.ref, 'refs/tags/') && github.event.base_ref == 'refs/heads/main'
21 | steps:
22 | -
23 | name: Checkout
24 | uses: actions/checkout@v3
25 | -
26 | name: Unshallow
27 | run: git fetch --prune --unshallow
28 | -
29 | name: Set up Go
30 | uses: actions/setup-go@v3
31 | with:
32 | go-version: '1.22.7'
33 | -
34 | name: Import GPG key
35 | id: import_gpg
36 | uses: crazy-max/ghaction-import-gpg@v5.0.0
37 | with:
38 | gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
39 | passphrase: ${{ secrets.PASSPHRASE }}
40 | -
41 | name: Run GoReleaser
42 | uses: goreleaser/goreleaser-action@v4
43 | with:
44 | version: latest
45 | args: release --clean
46 | env:
47 | GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
48 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
49 |
--------------------------------------------------------------------------------
/samples/cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICUjCCAbugAwIBAgIJALRDng3rGeQvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
3 | BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
4 | Q29tcGFueSBMdGQwHhcNMTkwNTE3MTAwMzI2WhcNMjkwNTE0MTAwMzI2WjBCMQsw
5 | CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
6 | dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVBRt7
7 | Ua3j7K2htVRu1tw629ZZZQI35RGm/53ffF/QUUFXk35at+IiwYZGGQbOGuN1pdji
8 | gki9/Qit/WO/3uadSkGelKOUYD0DIemlhcZt6iPMQq8mYlUkMPZz5Qlj0ldKI3g+
9 | Q8Tc/6vEeBv/9jrm9Efg/uwc0DjD8B4Ny6xMHQIDAQABo1AwTjAdBgNVHQ4EFgQU
10 | VrBaHnYLayO2lKIUde8etG0H6owwHwYDVR0jBBgwFoAUVrBaHnYLayO2lKIUde8e
11 | tG0H6owwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQA4VBFCrbuOsKtY
12 | uNlSQCBkTXg907iXihZ+Of/2rerS2gfDCUHdz0xbYdlttNjoGVCA+0alt7ugfYpl
13 | fy5aAfCHLXEgYrlhe6oDtCMSskbkKFTEI/bRqwGMDb+9NO/yh2KLbNueKJz9Vs5V
14 | GV9pUrgW6c7kLrC9vpHP+47iyQEbnw==
15 | -----END CERTIFICATE-----
16 | -----BEGIN PRIVATE KEY-----
17 | MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANUFG3tRrePsraG1
18 | VG7W3Drb1lllAjflEab/nd98X9BRQVeTflq34iLBhkYZBs4a43Wl2OKCSL39CK39
19 | Y7/e5p1KQZ6Uo5RgPQMh6aWFxm3qI8xCryZiVSQw9nPlCWPSV0ojeD5DxNz/q8R4
20 | G//2Oub0R+D+7BzQOMPwHg3LrEwdAgMBAAECgYAxWA6GoWQDcRbDZ6qYRkMbi0L6
21 | 0DAUXIabRYj/dOMI8VmOfMb/IqtKW8PLxw5Rfd8EqJc12PIauFtjWlfZ4TtP9erQ
22 | 1imw2SpVMAWt4HLUw7oONKgNMnBtVQBCoXLuXcnJbCxeRiV1oJtvrddUJPOtUc+y
23 | t5gGTyx/zUAXzPzT7QJBAOvu4CH0Xc+1GdXFUFLzF8B3SFwnOFRERJxFq43dw4t3
24 | tXcON/UyegYcQz2JqKcofwRhM4+uXGnWE+9oOOnxL8sCQQDnI1QtMv+tZcqIcmk6
25 | 1ykyNa530eCfoqAvVTRwPIsAD/DZLC4HJNSQauPXC4Unt1tqmOmUoZmgzYQlVsGO
26 | ISa3AkB2xWpPrZUMWz8GPq6RE4+BdIsY2SWiRjvD787NPDaUn07bAG1rIl4LdW7k
27 | K8ibXeeTbNtoGX6sSPkALJd6LdDBAkEA5FAhdgRKSh2iUeWxzE18g/xCuli2aPlb
28 | AWZIxhUHuKgGYH8jeCsJTR5IsMLQZMrZohIpqId4GT7oqXlo99wHQQJBAOvX+5z6
29 | iCooatRyMnwUV6sJ225ZawuJ4sXFt6CA7aOZQ+G5zvG694ONxG9qeF2YnySQp1HH
30 | V87CqqFaUigTzmI=
31 | -----END PRIVATE KEY-----
--------------------------------------------------------------------------------
/examples/resources/xray_catalog_labels/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_catalog_labels" "basic" {
2 | labels = [
3 | { name = "lbl_basic_1", description = "Basic label 1" },
4 | { name = "lbl_basic_2", description = "Basic label 2" }
5 | ]
6 | }
7 |
8 | resource "xray_catalog_labels" "with_package_assignments" {
9 | labels = [
10 | { name = "pkg_label", description = "Label for packages" }
11 | ]
12 |
13 | package_assignments = [
14 | { label_name = "pkg_label", package_name = "express", package_type = "npm" },
15 | { label_name = "pkg_label", package_name = "lodash", package_type = "npm" }
16 | ]
17 | }
18 |
19 | resource "xray_catalog_labels" "with_version_assignments_single" {
20 | labels = [
21 | { name = "ver_label_one", description = "Label for a single package version" }
22 | ]
23 |
24 | version_assignments = [
25 | { label_name = "ver_label_one", package_name = "lodash", package_type = "npm", versions = ["4.17.21"] }
26 | ]
27 | }
28 |
29 | resource "xray_catalog_labels" "with_version_assignments_bulk" {
30 | labels = [
31 | { name = "ver_label_bulk", description = "Label for multiple package versions" }
32 | ]
33 |
34 | version_assignments = [
35 | { label_name = "ver_label_bulk", package_name = "express", package_type = "npm", versions = ["4.17.0", "4.18.2"] }
36 | ]
37 | }
38 |
39 | resource "xray_catalog_labels" "combined" {
40 | labels = [
41 | { name = "combined_lbl", description = "Label used in both package and version assignments" },
42 | { name = "doc_label", description = "Another label to demonstrate multiple labels" }
43 | ]
44 |
45 | package_assignments = [
46 | { label_name = "combined_lbl", package_name = "express", package_type = "npm" }
47 | ]
48 |
49 | version_assignments = [
50 | { label_name = "combined_lbl", package_name = "lodash", package_type = "npm", versions = ["4.17.21"] }
51 | ]
52 | }
--------------------------------------------------------------------------------
/examples/resources/xray_ignore_rule/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_ignore_rule" "ignore-rule-5649816" {
2 | notes = "notes"
3 | cves = ["fake-cves", "cves-1"]
4 | expiration_date = "2026-10-25"
5 | }
6 |
7 | resource "xray_ignore_rule" "ignore-rule-2195938" {
8 | notes = "notes"
9 | expiration_date = "2026-10-19"
10 | vulnerabilities = ["any"]
11 |
12 | build {
13 | name = "name"
14 | version = "version"
15 | }
16 | }
17 |
18 | resource "xray_ignore_rule" "ignore-rule-2590577" {
19 | notes = "notes"
20 | expiration_date = "2026-10-19"
21 | vulnerabilities = ["any"]
22 |
23 | component {
24 | name = "name"
25 | version = "version"
26 | }
27 | }
28 |
29 | resource "xray_ignore_rule" "ignore-111" {
30 | notes = "fake notes"
31 | expiration_date = "2026-01-02"
32 | vulnerabilities = ["any"]
33 |
34 | artifact {
35 | name = "fake-name"
36 | version = "fake-version"
37 | path = "invalid-path/"
38 | }
39 | }
40 |
41 | resource "xray_ignore_rule" "ignore-rule-2590576" {
42 | notes = "notes"
43 | expiration_date = "2026-04-05"
44 | cves = ["any"]
45 | vulnerabilities = ["any"]
46 |
47 | release_bundle {
48 | name = "fake-name"
49 | version = "fake-version"
50 | }
51 | }
52 |
53 | resource "xray_ignore_rule" "ignore-rule-2590577" {
54 | notes = "notes"
55 | expiration_date = "2026-04-06"
56 | cves = ["any"]
57 | vulnerabilities = ["any"]
58 |
59 | release_bundles_v2 {
60 | name = "releaseBundleV2://fake-name"
61 | version = "fake-version"
62 | }
63 | }
64 |
65 | resource "xray_ignore_rule" "ignore-rule-2590578" {
66 | notes = "notes"
67 | expiration_date = "2026-04-06"
68 |
69 | exposures {
70 | scanners = [ "EXP-123" ]
71 | categories = [ "secrets" , "applications" ]
72 | file_path = ["/path/to/file"]
73 | }
74 | }
--------------------------------------------------------------------------------
/docs/resources/binary_manager_builds.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_binary_manager_builds Resource - terraform-provider-xray"
4 | subcategory: "Binary Manager"
5 | ---
6 |
7 | # xray_binary_manager_builds (Resource)
8 |
9 | Provides an Xray Binary Manager Builds Indexing configuration resource. See [Indexing Xray Resources](https://jfrog.com/help/r/jfrog-security-documentation/add-or-remove-resources-from-indexing) and [REST API](https://jfrog.com/help/r/xray-rest-apis/update-builds-indexing-configuration) for more details.
10 |
11 | ## Example Usage
12 |
13 | ```terraform
14 | resource "xray_binary_manager_builds" "my-indexed-builds" {
15 | id = "default"
16 | indexed_builds = ["my-build-1", "my-build-2"]
17 | }
18 | ```
19 |
20 |
21 | ## Schema
22 |
23 | ### Required
24 |
25 | - `id` (String) ID of the binary manager, e.g. 'default'
26 | - `indexed_builds` (Set of String) Builds to be indexed.
27 |
28 | ~>Currently does not support Ant-style path patterns (`*`, `**`, or `?`) due to API limitation.
29 |
30 | ### Optional
31 |
32 | - `project_key` (String) For Xray version 3.21.2 and above with Projects, a Project Admin with Index Resources privilege can maintain the indexed and not indexed repositories in a given binary manger using this resource in the scope of a project.
33 |
34 | ### Read-Only
35 |
36 | - `non_indexed_builds` (Set of String) Non-indexed builds for output.
37 |
38 | ## Import
39 |
40 | Import is supported using the following syntax:
41 |
42 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
43 |
44 | ```shell
45 | terraform import xray_binary_manager_builds.my-indexed-builds default
46 |
47 | terraform import xray_binary_manager_builds.my-indexed-builds default:my-project-key
48 | terraform import xray_binary_manager_builds.my-builds my-builds
49 | ```
50 |
--------------------------------------------------------------------------------
/docs/resources/binary_manager_release_bundles_v2.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_binary_manager_release_bundles_v2 Resource - terraform-provider-xray"
4 | subcategory: "Binary Manager"
5 | ---
6 |
7 | # xray_binary_manager_release_bundles_v2 (Resource)
8 |
9 | Provides an Xray Binary Manager Release Bundles V2 Indexing configuration resource. See [Indexing Xray Resources](https://jfrog.com/help/r/jfrog-security-documentation/add-or-remove-resources-from-indexing) and [REST API](https://jfrog.com/help/r/xray-rest-apis/add-release-bundles-v2-indexing-configuration) for more details.
10 |
11 | ## Example Usage
12 |
13 | ```terraform
14 | resource "xray_binary_manager_release_bundles_v2" "my-indexed-release-bundles" {
15 | id = "default"
16 | indexed_release_bundle_v2 = ["my-release-bundle-1", "my-release-bundle-2"]
17 | }
18 | ```
19 |
20 |
21 | ## Schema
22 |
23 | ### Required
24 |
25 | - `id` (String) ID of the binary manager, e.g. 'default'
26 | - `indexed_release_bundle_v2` (Set of String) Release Bundles V2 to be indexed.
27 |
28 | ~>Currently does not support Ant-style path patterns (`*`, `**`, or `?`) due to API limitation.
29 |
30 | ### Optional
31 |
32 | - `project_key` (String) For Xray version 3.21.2 and above with Projects, a Project Admin with Index Resources privilege can maintain the indexed and not indexed repositories in a given binary manger using this resource in the scope of a project.
33 |
34 | ### Read-Only
35 |
36 | - `non_indexed_release_bundle_v2` (Set of String) Non-indexed Release Bundles V2 for output.
37 |
38 | ## Import
39 |
40 | Import is supported using the following syntax:
41 |
42 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
43 |
44 | ```shell
45 | terraform import xray_binary_manager_release_bundles_v2.my-indexed-release-bundles default
46 |
47 | terraform import xray_binary_manager_release_bundles_v2.my-indexed-release-bundles default:my-project-key
48 | ```
49 |
--------------------------------------------------------------------------------
/.goreleaser.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 |
3 | # Visit https://goreleaser.com for documentation on how to customize this
4 | # behavior.
5 | before:
6 | hooks:
7 | # this is just an example and not a requirement for provider building/publishing
8 | - go mod tidy
9 | builds:
10 | - env:
11 | # goreleaser does not work with CGO, it could also complicate
12 | # usage by users in CI/CD systems like Terraform Cloud where
13 | # they are unable to install libraries.
14 | - CGO_ENABLED=0
15 | mod_timestamp: '{{ .CommitTimestamp }}'
16 | flags:
17 | - -trimpath
18 | ldflags:
19 | - '-s -w -X github.com/jfrog/terraform-provider-xray/v{{.Major}}/pkg/xray/provider.Version={{.Version}}'
20 | goos:
21 | - freebsd
22 | - windows
23 | - linux
24 | - darwin
25 | goarch:
26 | - amd64
27 | - '386'
28 | - arm
29 | - arm64
30 | ignore:
31 | - goos: darwin
32 | goarch: '386'
33 | binary: '{{ .ProjectName }}_v{{ .Version }}'
34 | archives:
35 | - format: zip
36 | name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
37 | checksum:
38 | extra_files:
39 | - glob: 'terraform-registry-manifest.json'
40 | name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
41 | name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
42 | algorithm: sha256
43 | signs:
44 | - artifacts: checksum
45 | args:
46 | # if you are using this is a GitHub action or some other automated pipeline, you
47 | # need to pass the batch flag to indicate its not interactive.
48 | - "--batch"
49 | - "--local-user"
50 | - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
51 | - "--output"
52 | - "${signature}"
53 | - "--detach-sign"
54 | - "${artifact}"
55 | release:
56 | extra_files:
57 | - glob: 'terraform-registry-manifest.json'
58 | name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
59 | # If you want to manually examine the release before its live, uncomment this line:
60 | # draft: true
61 | changelog:
62 | use: github-native
63 |
--------------------------------------------------------------------------------
/docs/resources/webhook.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_webhook Resource - terraform-provider-xray"
4 | subcategory: "Webhooks"
5 | ---
6 |
7 | # xray_webhook (Resource)
8 |
9 | Provides an Xray webhoook resource. See [Xray Webhooks](https://jfrog.com/help/r/jfrog-security-documentation/configure-webhooks-for-working-with-xray) and [REST API](https://jfrog.com/help/r/jfrog-rest-apis/xray-webhooks) for more details.
10 |
11 | ## Example Usage
12 |
13 | ```terraform
14 | resource "xray_webhook" "my-webhook" {
15 | name = "MyWebhook"
16 | description = "My webhook description"
17 | url = "https://tempurl.org"
18 | use_proxy = false
19 | user_name = "my_user_1"
20 | password = "my_user_password"
21 |
22 | headers = {
23 | header1_name = "header1_value"
24 | header2_name = "header2_value"
25 | }
26 | }
27 | ```
28 |
29 |
30 | ## Schema
31 |
32 | ### Required
33 |
34 | - `name` (String) An identifier for the webhook. This is the name that will be used by any Watches that want to invoke the webhook in case of a violation
35 | - `url` (String) The URL that this webhook invokes. For details of the payload provided by Xray to the webhook, please refer to Webhook Payload.
36 |
37 | ### Optional
38 |
39 | - `description` (String) A free text description.
40 | - `headers` (Map of String) Any custom headers that may need to be added to invoke the webhook. Name/value pairs.
41 | - `password` (String, Sensitive) A password as required by the webhook.
42 | - `use_proxy` (Boolean) Set the webhook to go through the predefined proxy. For more information, see [Managing Proxies](https://jfrog.com/help/r/jfrog-platform-administration-documentation/managing-proxies).
43 | - `user_name` (String) An username as required by the webhook.
44 |
45 | ## Import
46 |
47 | Import is supported using the following syntax:
48 |
49 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
50 |
51 | ```shell
52 | terraform import xray_webhook.my-webhook WebhookName
53 | ```
54 |
--------------------------------------------------------------------------------
/examples/resources/xray_licenses_report/resource.tf:
--------------------------------------------------------------------------------
1 | # Example: Create a licenses report for repositories
2 | resource "xray_licenses_report" "repository-report" {
3 | name = "repository-licenses-report"
4 | resources {
5 | repository {
6 | name = "docker-local"
7 | include_path_patterns = ["folder1/path/*", "folder2/path*"]
8 | exclude_path_patterns = ["folder1/path2/*", "folder2/path2*"]
9 | }
10 | repository {
11 | name = "libs-release-local"
12 | include_path_patterns = ["**/*.jar", "**/*.war"]
13 | }
14 | }
15 | filters {
16 | component = "*log4j*"
17 | artifact = "*spring*"
18 | unknown = true
19 | license_names = ["Apache-2.0", "MIT"]
20 | scan_date {
21 | start = "2023-01-01T00:00:00Z"
22 | end = "2023-12-31T23:59:59Z"
23 | }
24 | }
25 | }
26 |
27 | # Example: Create a licenses report for builds with patterns
28 | resource "xray_licenses_report" "build-report" {
29 | name = "build-licenses-report"
30 | resources {
31 | builds {
32 | include_patterns = ["build-*", "release-*"]
33 | exclude_patterns = ["test-*", "dev-*"]
34 | number_of_latest_versions = 5
35 | }
36 | }
37 | filters {
38 | component = "*node*"
39 | artifact = "*web-app*"
40 | unknown = false
41 | unrecognized = false
42 | license_patterns = ["*GPL*", "*MIT*"]
43 | scan_date {
44 | start = "2023-01-01T00:00:00Z"
45 | end = "2023-12-31T23:59:59Z"
46 | }
47 | }
48 | }
49 |
50 | # Example: Create a licenses report for projects
51 | resource "xray_licenses_report" "project-report" {
52 | name = "project-licenses-report"
53 | resources {
54 | projects {
55 | keys = ["project-1", "project-2"]
56 | number_of_latest_versions = 3
57 | }
58 | }
59 | filters {
60 | component = "*commons*"
61 | artifact = "*utils*"
62 | unknown = true
63 | unrecognized = true
64 | license_names = ["BSD-3-Clause", "LGPL-2.1"]
65 | scan_date {
66 | start = "2023-01-01T00:00:00Z"
67 | end = "2023-12-31T23:59:59Z"
68 | }
69 | }
70 | }
--------------------------------------------------------------------------------
/examples/resources/xray_exposures_report/resource.tf:
--------------------------------------------------------------------------------
1 | # Example: Create an exposures report for repositories with secrets category
2 | resource "xray_exposures_report" "secrets-report" {
3 | name = "secrets-exposure-report"
4 | resources {
5 | repository {
6 | name = "docker-local"
7 | include_path_patterns = ["folder1/path/*", "folder2/path*"]
8 | exclude_path_patterns = ["folder1/path2/*", "folder2/path2*"]
9 | }
10 | repository {
11 | name = "libs-release-local"
12 | include_path_patterns = ["**/*.jar", "**/*.war"]
13 | }
14 | }
15 | filters {
16 | category = "secrets"
17 | impacted_artifact = "*spring*"
18 | scan_date {
19 | start = "2023-01-01T00:00:00Z"
20 | end = "2023-12-31T23:59:59Z"
21 | }
22 | }
23 | }
24 |
25 | # Example: Create an exposures report for builds with services category
26 | resource "xray_exposures_report" "services-report" {
27 | name = "services-exposure-report"
28 | resources {
29 | builds {
30 | names = ["build-1", "build-2"]
31 | number_of_latest_versions = 5
32 | }
33 | }
34 | filters {
35 | category = "services"
36 | impacted_artifact = "*nginx*"
37 | scan_date {
38 | start = "2023-01-01T00:00:00Z"
39 | end = "2023-12-31T23:59:59Z"
40 | }
41 | }
42 | }
43 |
44 | # Example: Create an exposures report for projects with applications category
45 | resource "xray_exposures_report" "applications-report" {
46 | name = "applications-exposure-report"
47 | resources {
48 | projects {
49 | keys = ["test-project-1", "test-project-2"]
50 | number_of_latest_versions = 3
51 | }
52 | }
53 | filters {
54 | category = "applications"
55 | impacted_artifact = "*web-app*"
56 | scan_date {
57 | start = "2023-01-01T00:00:00Z"
58 | end = "2023-12-31T23:59:59Z"
59 | }
60 | }
61 | }
62 |
63 | # Example: Create an exposures report for release bundles with IaC category
64 | resource "xray_exposures_report" "iac-report" {
65 | name = "iac-exposure-report"
66 | resources {
67 | release_bundles {
68 | names = ["release-1", "release-2"]
69 | number_of_latest_versions = 2
70 | }
71 | }
72 | filters {
73 | category = "iac"
74 | impacted_artifact = "*terraform*"
75 | scan_date {
76 | start = "2023-01-01T00:00:00Z"
77 | end = "2023-12-31T23:59:59Z"
78 | }
79 | }
80 | }
81 |
--------------------------------------------------------------------------------
/examples/resources/xray_license_policy/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_license_policy" "allowed_licenses" {
2 | name = "test-license-policy-allowed"
3 | description = "License policy, allow certain licenses"
4 | type = "license"
5 | project_key = "testproj"
6 |
7 | rule {
8 | name = "License_rule"
9 | priority = 1
10 |
11 | criteria {
12 | allowed_licenses = ["Apache-1.0", "Apache-2.0"]
13 | allow_unknown = false
14 | multi_license_permissive = true
15 | }
16 |
17 | actions {
18 | webhooks = []
19 | mails = ["test@email.com"]
20 | block_release_bundle_distribution = false
21 | block_release_bundle_promotion = false
22 | fail_build = true
23 | notify_watch_recipients = true
24 | notify_deployer = true
25 | create_ticket_enabled = false // set to true only if Jira integration is enabled
26 | custom_severity = "High"
27 | build_failure_grace_period_in_days = 5 // use only if fail_build is enabled
28 |
29 | block_download {
30 | unscanned = true
31 | active = true
32 | }
33 |
34 | }
35 | }
36 | }
37 |
38 | resource "xray_license_policy" "banned_licenses" {
39 | name = "test-license-policy-banned"
40 | description = "License policy, block certain licenses"
41 | type = "license"
42 | project_key = "testproj"
43 |
44 | rule {
45 | name = "License_rule"
46 | priority = 1
47 |
48 | criteria {
49 | banned_licenses = ["Apache-3.0", "Apache-4.0"]
50 | allow_unknown = false
51 | multi_license_permissive = false
52 | }
53 |
54 | actions {
55 | webhooks = []
56 | mails = ["test@email.com"]
57 | block_release_bundle_distribution = false
58 | fail_build = true
59 | notify_watch_recipients = true
60 | notify_deployer = true
61 | create_ticket_enabled = false // set to true only if Jira integration is enabled
62 | custom_severity = "Medium"
63 | build_failure_grace_period_in_days = 5 // use only if fail_build is enabled
64 |
65 | block_download {
66 | unscanned = true
67 | active = true
68 | }
69 | }
70 | }
71 | }
72 |
--------------------------------------------------------------------------------
/.github/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Contributor Code of Conduct
2 |
3 | As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
4 |
5 | We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
6 |
7 | Examples of unacceptable behavior by participants include:
8 |
9 | * The use of sexualized language or imagery
10 | * Personal attacks
11 | * Trolling or insulting/derogatory comments
12 | * Public or private harassment
13 | * Publishing other's private information, such as physical or electronic addresses, without explicit permission
14 | * Submitting contributions or comments that you know to violate the intellectual property or privacy rights of others
15 | * Other unethical or unprofessional conduct
16 |
17 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
18 | By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team.
19 |
20 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
21 |
22 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting a project maintainer. Complaints will result in a response and be reviewed and investigated in a way that is deemed necessary and appropriate to the circumstances. Maintainers are obligated to maintain confidentiality with regard to the reporter of an incident.
23 |
24 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.3.0, available at [http://contributor-covenant.org/version/1/3/0/][version]
25 |
26 | [homepage]: http://contributor-covenant.org
27 | [version]: http://contributor-covenant.org/version/1/3/0/
--------------------------------------------------------------------------------
/docs/resources/settings.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_settings Resource - terraform-provider-xray"
4 | subcategory: "Settings"
5 | ---
6 |
7 | # xray_settings (Resource)
8 |
9 | Provides an Xray resource for managing basic settings and DB Sync Time.
10 |
11 | [Basic settings documentation](https://jfrog.com/help/r/jfrog-security-documentation/advanced-xray-settings).
12 |
13 | [DB Sync Time API documentation](https://jfrog.com/help/r/xray-rest-apis/update-db-sync-daily-update-time).
14 |
15 | ## Example Usage
16 |
17 | ```terraform
18 | resource "xray_settings" "db_sync" {
19 | enabled = true
20 | allow_blocked = true
21 | allow_when_unavailable = true
22 | block_unscanned_timeout = 120
23 | block_unfinished_scans_timeout = 3600
24 | db_sync_updates_time = "18:40"
25 | }
26 | ```
27 |
28 |
29 | ## Schema
30 |
31 | ### Required
32 |
33 | - `db_sync_updates_time` (String) The time of the Xray DB sync daily update job. Format `HH:mm`
34 |
35 | ### Optional
36 |
37 | - `allow_blocked` (Boolean) Determines whether to allow artifacts blocked by Xray to be downloaded. This setting cannot override the blocking of unscanned artifacts. Should only be set to `true` when `enabled` is set. Default value: `false`.
38 | - `allow_when_unavailable` (Boolean) Determines whether to block certain operations (for example, downloading artifacts) when the connected Xray instance is unavailable. Should only be set to `true` when `enabled` is set. Default value: `false`.
39 | - `block_unfinished_scans_timeout` (Number) Defines the amount of time to wait for Xray to _finish_ scanning an artifact before blocking operations on that artifact automatically if the scan is still unfinished. Default value: 1800 seconds (30 minutes)
40 | - `block_unscanned_timeout` (Number) Defines the amount of time to wait for Xray to _start_ scanning an artifact before blocking operations on that artifact automatically if the scan has still not started. Default value: 60 seconds (1 minute)
41 | - `enabled` (Boolean) Determines whether Xray is currently enabled. Default value: `true`.
42 |
43 | ### Read-Only
44 |
45 | - `id` (String) The ID of this resource.
46 |
47 | ## Import
48 |
49 | Import is supported using the following syntax:
50 |
51 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
52 |
53 | Settings can be imported using the DB sync time as the ID, e.g.
54 | ```
55 | $ terraform import xray_settings.my-settings 00:00
56 | ```
--------------------------------------------------------------------------------
/samples/generic-repo.json:
--------------------------------------------------------------------------------
1 | {
2 | "allowAnyHostAuth": false,
3 | "archiveBrowsingEnabled": false,
4 | "assumedOfflinePeriodSecs": 300,
5 | "blackedOut": false,
6 | "blockMismatchingMimeTypes": false,
7 | "blockPushingSchema1": true,
8 | "bypassHeadRequests": false,
9 | "cargoAnonymousAccess": false,
10 | "cdnRedirect": false,
11 | "contentSynchronisation": {
12 | "enabled": false,
13 | "properties": {
14 | "enabled": false
15 | },
16 | "source": {
17 | "originAbsenceDetection": false
18 | },
19 | "statistics": {
20 | "enabled": false
21 | }
22 | },
23 | "ddebSupported": false,
24 | "debianTrivialLayout": false,
25 | "description": " (local file cache)",
26 | "dockerApiVersion": "V2",
27 | "downloadRedirect": false,
28 | "enableBowerSupport": false,
29 | "enableChefSupport": false,
30 | "enableCocoaPodsSupport": false,
31 | "enableComposerSupport": false,
32 | "enableConanSupport": false,
33 | "enableCookieManagement": false,
34 | "enableDebianSupport": false,
35 | "enableDistRepoSupport": false,
36 | "enableDockerSupport": false,
37 | "enableGemsSupport": false,
38 | "enableGitLfsSupport": false,
39 | "enableNpmSupport": false,
40 | "enableNuGetSupport": false,
41 | "enablePuppetSupport": false,
42 | "enablePypiSupport": false,
43 | "enableTokenAuthentication": false,
44 | "enableVagrantSupport": false,
45 | "excludesPattern": "",
46 | "externalDependenciesEnabled": false,
47 | "fetchJarsEagerly": false,
48 | "fetchSourcesEagerly": false,
49 | "forceNugetAuthentication": false,
50 | "handleReleases": true,
51 | "handleSnapshots": true,
52 | "hardFail": false,
53 | "includesPattern": "**/*",
54 | "key": "helm-remote",
55 | "listRemoteFolderItems": true,
56 | "localAddress": "",
57 | "maxUniqueSnapshots": 0,
58 | "maxUniqueTags": 0,
59 | "metadataRetrievalTimeoutSecs": 60,
60 | "missedRetrievalCachePeriodSecs": 1800,
61 | "notes": "",
62 | "offline": false,
63 | "packageType": "generic",
64 | "password": "",
65 | "priorityResolution": false,
66 | "propagateQueryParams": false,
67 | "propertySets": [],
68 | "rclass": "remote",
69 | "rejectInvalidJars": false,
70 | "remoteRepoChecksumPolicyType": "generate-if-absent",
71 | "repoLayoutRef": "maven-2-default",
72 | "retrievalCachePeriodSecs": 7200,
73 | "shareConfiguration": false,
74 | "socketTimeoutMillis": 15000,
75 | "storeArtifactsLocally": true,
76 | "suppressPomConsistencyChecks": false,
77 | "synchronizeProperties": false,
78 | "unusedArtifactsCleanupPeriodHours": 0,
79 | "url": "https://registry.npmjs.org",
80 | "username": "",
81 | "xrayDataTtl": 90,
82 | "xrayIndex": true
83 | }
84 |
--------------------------------------------------------------------------------
/examples/resources/xray_operational_risks_report/resource.tf:
--------------------------------------------------------------------------------
1 | # Example: Create an operational risks report for repositories
2 | resource "xray_operational_risks_report" "repository-report" {
3 | name = "repository-operational-risks-report"
4 | resources {
5 | repository {
6 | name = "docker-local"
7 | include_path_patterns = ["folder1/path/*", "folder2/path*"]
8 | exclude_path_patterns = ["folder1/path2/*", "folder2/path2*"]
9 | }
10 | repository {
11 | name = "libs-release-local"
12 | include_path_patterns = ["**/*.jar", "**/*.war"]
13 | }
14 | }
15 | filters {
16 | component = "*log4j*"
17 | artifact = "*spring*"
18 | risks = ["High", "Medium", "Low"]
19 | scan_date {
20 | start = "2023-01-01T00:00:00Z"
21 | end = "2023-12-31T23:59:59Z"
22 | }
23 | }
24 | }
25 |
26 | # Example: Create an operational risks report for builds with patterns
27 | resource "xray_operational_risks_report" "build-report" {
28 | name = "build-operational-risks-report"
29 | resources {
30 | builds {
31 | include_patterns = ["build-*", "release-*"]
32 | exclude_patterns = ["test-*", "dev-*"]
33 | number_of_latest_versions = 5
34 | }
35 | }
36 | filters {
37 | component = "*node*"
38 | artifact = "*web-app*"
39 | risks = ["Critical", "High"]
40 | scan_date {
41 | start = "2023-01-01T00:00:00Z"
42 | end = "2023-12-31T23:59:59Z"
43 | }
44 | }
45 | }
46 |
47 | # Example: Create an operational risks report for projects
48 | resource "xray_operational_risks_report" "project-report" {
49 | name = "project-operational-risks-report"
50 | resources {
51 | projects {
52 | keys = ["project-1", "project-2"]
53 | number_of_latest_versions = 3
54 | }
55 | }
56 | filters {
57 | component = "*commons*"
58 | artifact = "*utils*"
59 | risks = ["None", "Low", "Medium", "High"]
60 | scan_date {
61 | start = "2023-01-01T00:00:00Z"
62 | end = "2023-12-31T23:59:59Z"
63 | }
64 | }
65 | }
66 |
67 | # Example: Create an operational risks report for release bundles
68 | resource "xray_operational_risks_report" "release-bundle-report" {
69 | name = "release-bundle-operational-risks-report"
70 | resources {
71 | release_bundles {
72 | names = ["release-1", "release-2"]
73 | number_of_latest_versions = 3
74 | }
75 | }
76 | filters {
77 | component = "*maven*"
78 | artifact = "*core*"
79 | risks = ["Critical", "High", "Medium"]
80 | scan_date {
81 | start = "2023-01-01T00:00:00Z"
82 | end = "2023-12-31T23:59:59Z"
83 | }
84 | }
85 | }
--------------------------------------------------------------------------------
/examples/resources/xray_operational_risk_policy/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_operational_risk_policy" "min_risk" {
2 | name = "test-operational-risk-policy-min-risk"
3 | description = "Operational Risk policy with a custom risk rule"
4 | type = "operational_risk"
5 | project_key = "testproj"
6 |
7 | rule {
8 | name = "op_risk_custom_rule"
9 | priority = 1
10 |
11 | criteria {
12 | op_risk_min_risk = "Medium"
13 | }
14 |
15 | actions {
16 | webhooks = ["sec-webhooks"]
17 | mails = ["test@email.com"]
18 | block_release_bundle_distribution = false
19 | block_release_bundle_promotion = false
20 | fail_build = true
21 | notify_watch_recipients = true
22 | notify_deployer = true
23 | create_ticket_enabled = false // set to true only if Jira integration is enabled
24 | build_failure_grace_period_in_days = 5 // use only if fail_build is enabled
25 |
26 | block_download {
27 | unscanned = true
28 | active = true
29 | }
30 | }
31 | }
32 | }
33 |
34 | resource "xray_operational_risk_policy" "custom_criteria" {
35 | name = "test-operational-risk-policy-custom-criteria"
36 | description = "Operational Risk policy with a custom risk rule"
37 | type = "operational_risk"
38 | project_key = "testproj"
39 |
40 | rule {
41 | name = "op_risk_custom_rule"
42 | priority = 1
43 |
44 | criteria {
45 | op_risk_custom {
46 | use_and_condition = true
47 | is_eol = false
48 | release_date_greater_than_months = 6
49 | newer_versions_greater_than = 1
50 | release_cadence_per_year_less_than = 1
51 | commits_less_than = 10
52 | committers_less_than = 1
53 | risk = "Medium"
54 | }
55 | }
56 |
57 | actions {
58 | webhooks = ["sec-webhooks"]
59 | mails = ["test@email.com"]
60 | block_release_bundle_distribution = false
61 | fail_build = true
62 | notify_watch_recipients = true
63 | notify_deployer = true
64 | create_ticket_enabled = false // set to true only if Jira integration is enabled
65 | build_failure_grace_period_in_days = 5 // use only if fail_build is enabled
66 |
67 | block_download {
68 | unscanned = true
69 | active = true
70 | }
71 | }
72 | }
73 | }
74 |
--------------------------------------------------------------------------------
/docs/resources/binary_manager_repos.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_binary_manager_repos Resource - terraform-provider-xray"
4 | subcategory: "Binary Manager"
5 | ---
6 |
7 | # xray_binary_manager_repos (Resource)
8 |
9 | Provides an Xray Binary Manager Repository Indexing configuration resource. See [Indexing Xray Resources](https://jfrog.com/help/r/jfrog-security-documentation/add-or-remove-resources-from-indexing) and [REST API](https://jfrog.com/help/r/xray-rest-apis/update-repos-indexing-configuration) for more details.
10 |
11 | ## Example Usage
12 |
13 | ```terraform
14 | resource "xray_binary_manager_repos" "my-indexed-repos" {
15 | id = "default"
16 | indexed_repos = [
17 | {
18 | name = "my-generic-local"
19 | type = "local"
20 | package_type = "Generic"
21 | },
22 | {
23 | name = "my-npm-remote"
24 | type = "remote"
25 | package_type = "Npm"
26 | }
27 | ]
28 | }
29 | ```
30 |
31 |
32 | ## Schema
33 |
34 | ### Required
35 |
36 | - `id` (String) ID of the binary manager, e.g. 'default'
37 | - `indexed_repos` (Attributes Set) Repositories to be indexed. (see [below for nested schema](#nestedatt--indexed_repos))
38 |
39 | ### Optional
40 |
41 | - `project_key` (String) For Xray version 3.21.2 and above with Projects, a Project Admin with Index Resources privilege can maintain the indexed and not indexed repositories in a given binary manger using this resource in the scope of a project.
42 |
43 | ### Read-Only
44 |
45 | - `non_indexed_repos` (Attributes Set) Non-indexed repositories for output. (see [below for nested schema](#nestedatt--non_indexed_repos))
46 |
47 |
48 | ### Nested Schema for `indexed_repos`
49 |
50 | Required:
51 |
52 | - `name` (String) Name of the repository
53 | - `package_type` (String) Artifactory package type. Valid value: Alpine Linux, Bower, Cargo, Composer, CocoaPods, Conan, Conda, CRAN, Debian, Docker, Gems, Generic, Go, Gradle, HuggingFaceML, Ivy, Maven, npm, NuGet, OCI, Pypi, RPM, SBT, TerraformBackend
54 | - `type` (String) Repository type. Valid value: local, remote, federated
55 |
56 |
57 |
58 | ### Nested Schema for `non_indexed_repos`
59 |
60 | Required:
61 |
62 | - `name` (String)
63 | - `package_type` (String)
64 | - `type` (String)
65 |
66 | ## Import
67 |
68 | Import is supported using the following syntax:
69 |
70 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
71 |
72 | ```shell
73 | terraform import xray_binary_manager_repos.my-indexed-repos default
74 |
75 | terraform import xray_binary_manager_repos.my-indexed-repos default:my-project-key
76 | ```
77 |
--------------------------------------------------------------------------------
/GNUmakefile:
--------------------------------------------------------------------------------
1 | TEST?=./...
2 | PRODUCT=xray
3 | GO_ARCH=$(shell go env GOARCH)
4 | TARGET_ARCH=$(shell go env GOOS)_${GO_ARCH}
5 | GORELEASER_ARCH=${TARGET_ARCH}
6 |
7 | ifeq ($(GO_ARCH), amd64)
8 | GORELEASER_ARCH=${TARGET_ARCH}_$(shell go env GOAMD64)
9 | endif
10 |
11 | ifeq ($(GO_ARCH), arm64)
12 | GORELEASER_ARCH=${TARGET_ARCH}_$(shell go env GOARM64)
13 | endif
14 |
15 | PKG_NAME=pkg/xray
16 | # if this path ever changes, you need to also update the 'ldflags' value in .goreleaser.yml
17 | PKG_VERSION_PATH=github.com/jfrog/terraform-provider-${PRODUCT}/${PKG_NAME}
18 | VERSION := $(shell git tag --sort=-creatordate | head -1 | sed -n 's/v\([0-9]*\).\([0-9]*\).\([0-9]*\)/\1.\2.\3/p')
19 | NEXT_VERSION := $(shell echo ${VERSION}| awk -F '.' '{print $$1 "." $$2 "." $$3 +1 }' )
20 |
21 | TERRAFORM_CLI?=terraform
22 |
23 | REGISTRY_HOST=registry.terraform.io
24 |
25 | ifeq ($(TERRAFORM_CLI), tofu)
26 | REGISTRY_HOST=registry.opentofu.org
27 | TF_ACC_TERRAFORM_PATH="$(which tofu)"
28 | TF_ACC_PROVIDER_HOST="registry.opentofu.org"
29 | endif
30 |
31 | BUILD_PATH=terraform.d/plugins/${REGISTRY_HOST}/jfrog/${PRODUCT}/${NEXT_VERSION}/${TARGET_ARCH}
32 | SONAR_SCANNER_VERSION?=4.7.0.2747
33 | SONAR_SCANNER_HOME?=${HOME}/.sonar/sonar-scanner-${SONAR_SCANNER_VERSION}-macosx
34 |
35 | default: build
36 |
37 | install: clean build
38 | mkdir -p ${BUILD_PATH} && \
39 | mv -v dist/terraform-provider-${PRODUCT}_${GORELEASER_ARCH}/terraform-provider-${PRODUCT}_v${NEXT_VERSION}* ${BUILD_PATH} && \
40 | rm -f .terraform.lock.hcl && \
41 | sed -i.bak 's/version = ".*"/version = "${NEXT_VERSION}"/' sample.tf && rm sample.tf.bak && \
42 | ${TERRAFORM_CLI} init
43 |
44 | clean:
45 | rm -fR dist terraform.d/ .terraform terraform.tfstate* .terraform.lock.hcl
46 |
47 | update_pkg_cache:
48 | GOPROXY=https://proxy.golang.org GO111MODULE=on go get github.com/jfrog/terraform-provider-${PRODUCT}@v${VERSION}
49 |
50 | build: fmt
51 | GORELEASER_CURRENT_TAG=${NEXT_VERSION} goreleaser build --single-target --clean --snapshot
52 |
53 | test:
54 | @echo "==> Starting unit tests"
55 | go test $(TEST) -timeout=30s -parallel=4
56 |
57 | attach:
58 | dlv --listen=:2345 --headless=true --api-version=2 --accept-multiclient attach $$(pgrep terraform-provider-${PRODUCT})
59 |
60 | acceptance: fmt
61 | export TF_ACC=true && \
62 | go test -cover -coverprofile=coverage.txt -ldflags="-X '${PKG_VERSION_PATH}/provider.Version=${NEXT_VERSION}-test'" -v -p 1 -parallel 20 -timeout 1h ./pkg/...
63 |
64 | # To generate coverage.txt run `make acceptance` first
65 | coverage:
66 | go tool cover -html=coverage.txt
67 |
68 | # SONAR_TOKEN (project token) must be set to run `make scan`. Check file sonar-project.properties for the configuration.
69 | scan:
70 | ${SONAR_SCANNER_HOME}/bin/sonar-scanner -Dsonar.projectVersion=${VERSION} -Dsonar.go.coverage.reportPaths=coverage.txt
71 |
72 | fmt:
73 | @echo "==> Fixing source code with gofmt..."
74 | @go fmt ./pkg/...
75 |
76 | doc:
77 | rm -f docs/debug.md
78 | go generate
79 |
80 | .PHONY: build fmt
81 |
--------------------------------------------------------------------------------
/pkg/xray/resource/util.go:
--------------------------------------------------------------------------------
1 | package xray
2 |
3 | import (
4 | "context"
5 | "fmt"
6 | "time"
7 |
8 | "github.com/go-resty/resty/v2"
9 | "github.com/hashicorp/terraform-plugin-framework/resource/schema"
10 | "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
11 | "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
12 | "github.com/hashicorp/terraform-plugin-framework/schema/validator"
13 | validatorfw_string "github.com/jfrog/terraform-provider-shared/validator/fw/string"
14 | )
15 |
16 | func getRestyRequest(client *resty.Client, projectKey string) (*resty.Request, error) {
17 | if client == nil {
18 | return nil, fmt.Errorf("client is nil")
19 | }
20 |
21 | req := client.R()
22 | if len(projectKey) > 0 {
23 | req = req.SetQueryParam("projectKey", projectKey)
24 | }
25 |
26 | return req, nil
27 | }
28 |
29 | var projectKeySchemaAttrs = func(isForceNew bool, additionalDescription string) map[string]schema.Attribute {
30 | description := fmt.Sprintf("Project key for assigning this resource to. Must be 2 - 10 lowercase alphanumeric and hyphen characters. %s", additionalDescription)
31 | planModifiers := []planmodifier.String{}
32 |
33 | if isForceNew {
34 | planModifiers = append(planModifiers, stringplanmodifier.RequiresReplace())
35 | }
36 |
37 | return map[string]schema.Attribute{
38 | "project_key": schema.StringAttribute{
39 | Optional: true,
40 | Validators: []validator.String{
41 | validatorfw_string.ProjectKey(),
42 | },
43 | PlanModifiers: planModifiers,
44 | Description: description,
45 | },
46 | }
47 | }
48 |
49 | type IsRFC3339TimeValidator struct{}
50 |
51 | // Description returns a plain text description of the validator's behavior, suitable for a practitioner to understand its impact.
52 | func (v IsRFC3339TimeValidator) Description(ctx context.Context) string {
53 | return "string must be a valid RFC3339 date"
54 | }
55 |
56 | // MarkdownDescription returns a markdown formatted description of the validator's behavior, suitable for a practitioner to understand its impact.
57 | func (v IsRFC3339TimeValidator) MarkdownDescription(ctx context.Context) string {
58 | return "string must be a valid RFC3339 date"
59 | }
60 |
61 | // Validate runs the main validation logic of the validator, reading configuration data out of `req` and updating `resp` with diagnostics.
62 | func (v IsRFC3339TimeValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) {
63 | // If the value is unknown or null, there is nothing to validate.
64 | if req.ConfigValue.IsUnknown() || req.ConfigValue.IsNull() {
65 | return
66 | }
67 |
68 | timeString := req.ConfigValue.ValueString()
69 |
70 | if _, err := time.Parse(time.RFC3339, timeString); err != nil {
71 | resp.Diagnostics.AddAttributeError(
72 | req.Path,
73 | "Invalid Time Format",
74 | fmt.Sprintf("Value must be a valid RFC3339 date, got: %s: %+v", timeString, err),
75 | )
76 | return
77 | }
78 | }
79 |
80 | func IsRFC3339Time() IsRFC3339TimeValidator {
81 | return IsRFC3339TimeValidator{}
82 | }
83 |
--------------------------------------------------------------------------------
/examples/resources/xray_security_policy/resource.tf:
--------------------------------------------------------------------------------
1 | resource "xray_security_policy" "min_severity" {
2 | name = "test-security-policy-severity"
3 | description = "Security policy description"
4 | type = "security"
5 | project_key = "testproj"
6 |
7 | rule {
8 | name = "rule-name-severity"
9 | priority = 1
10 |
11 | criteria {
12 | min_severity = "High"
13 | fix_version_dependant = false
14 | }
15 |
16 | actions {
17 | webhooks = []
18 | mails = ["test@email.com"]
19 | block_release_bundle_distribution = true
20 | block_release_bundle_promotion = true
21 | fail_build = true
22 | notify_watch_recipients = true
23 | notify_deployer = true
24 | create_ticket_enabled = false // set to true only if Jira integration is enabled
25 | build_failure_grace_period_in_days = 5 // use only if fail_build is enabled
26 |
27 | block_download {
28 | unscanned = true
29 | active = true
30 | }
31 | }
32 | }
33 | }
34 |
35 | resource "xray_security_policy" "cvss_score" {
36 | name = "test-security-policy-cvss"
37 | description = "Security policy description"
38 | type = "security"
39 | project_key = "testproj"
40 |
41 | rule {
42 | name = "rule-name-cvss"
43 | priority = 1
44 |
45 | criteria {
46 |
47 | cvss_range {
48 | from = 1.5
49 | to = 5.3
50 | }
51 | }
52 |
53 | actions {
54 | webhooks = []
55 | mails = ["test@email.com"]
56 | block_release_bundle_distribution = true
57 | fail_build = true
58 | notify_watch_recipients = true
59 | notify_deployer = true
60 | create_ticket_enabled = false // set to true only if Jira integration is enabled
61 | build_failure_grace_period_in_days = 5 // use only if fail_build is enabled
62 |
63 | block_download {
64 | unscanned = true
65 | active = true
66 | }
67 | }
68 | }
69 | }
70 |
71 | resource "xray_security_policy" "malicious_package" {
72 | name = "test-security-policy-mal-pkg"
73 | description = "Security policy description"
74 | type = "security"
75 | project_key = "testproj"
76 |
77 | rule {
78 | name = "rule-name-mp"
79 | priority = 1
80 |
81 | criteria {
82 | malicious_package = true
83 | }
84 |
85 | actions {
86 | webhooks = []
87 | mails = ["test@email.com"]
88 | block_release_bundle_distribution = true
89 | fail_build = true
90 | notify_watch_recipients = true
91 | notify_deployer = true
92 | create_ticket_enabled = false // set to true only if Jira integration is enabled
93 | build_failure_grace_period_in_days = 5 // use only if fail_build is enabled
94 |
95 | block_download {
96 | unscanned = true
97 | active = true
98 | }
99 | }
100 | }
101 | }
--------------------------------------------------------------------------------
/docs/debug.md:
--------------------------------------------------------------------------------
1 | # Debugging a TerraForm provider
2 |
3 | ## Understanding the design
4 |
5 | In order to do it, you first have to understand how Go builds apps, and then how terraform works with it.
6 |
7 | Every terraform provider is a sort of `module`. In order to support an open, modular system, in almost any language, you need to be able to dynamically load modules and interact with them. Terraform is no exception.
8 |
9 | However, the go lang team long ago decided to compile to statically linked applications;
10 | any dependencies you have will be compiled into 1 single binary. Unlike in other native languages (like C, or C++), a
11 | `.dll` or `.so` is not used; there is no dynamic library to load at runtime and thus, modularity becomes a whole other trick.
12 | This is done to avoid the notorious **dll hell** that was so common up until most modern systems included some
13 | kind of dependency management. And yes, it can still be an issue.
14 |
15 | Every terraform provider is its own mini RPC server. When terraform runs your provider, it actually starts a new process that is your provider, and connects to it through
16 | this RPC channel. Compounding the problem is that the lifetime of your provider process is very much
17 | ephemeral; potentially lasting no more and a few seconds. It's this process you need to connect to with your debugger
18 |
19 | ### Normal debugging
20 | Normally, you would directly spin-up your app, and it would load modules into application memory. That's why you can actually
21 | debug it, because your debugger knows how to find the exact memory address for your provider. However, you don't have
22 | this arrangement, and you need to do a _remote_ debug session.
23 |
24 | ### The conundrum
25 | So, you don't load terraform directly, and even if you did, your `module` (a.k.a your provider) is in the memory
26 | space of an entirely different process; and that lasts no more than a few seconds, potentially.
27 |
28 | ## The solution
29 |
30 | 1. You need the debugging tool [delve](https://github.com/go-delve/delve).
31 | 2. You are going to have to place a little bit of shim code close to the spot in the code where you want to begin
32 | debugging. We need to stop this provider process from exiting before we can connect. So, put this bit of code in place:
33 | ```go
34 | connected := false
35 | for !connected {
36 | time.Sleep(time.Second) // set breakpoint here
37 | }
38 | ```
39 | This code effectively creates an infinite sleep loop; but that's actually essential to solving the problem.
40 |
41 | 3. Place a break point right inside this loop. It won't do anything, yet.
42 | 4. Now run the terraform commands you need to, to engage the code you're desiring to debug. Upon doing so,
43 | terraform will basically stop, as it waits on a response from you provider; because you put an infinite sleep loop in
44 | 5. You must now tell `delve` to connect to this remote process using it's PID. This isn't as hard as it seems.
45 | Run this commands:
46 | `dlv --listen=:2345 --headless=true --api-version=2 --accept-multiclient attach $(pgrep terraform-provider-xray)`
47 | The last argument gets the `PID` for your provider and supplies it to `delve` to connect. Immediately upon running this
48 | command, you're going to hit your break point. Please make sure to substitute `terraform-provider-xray` for your provider name
49 | 6. To exit this infinite loop, use your debugger to set `connected` to `true`. By doing so you change the loop predicate
50 | and it will exit this loop on the next iteration.
51 | 7. *DEBUG!* - At this point you can, step, watch, drop the call stack, etc. Your whole arsenel is available
52 |
--------------------------------------------------------------------------------
/templates/debug.md:
--------------------------------------------------------------------------------
1 | # Debugging a TerraForm provider
2 |
3 | ## Understanding the design
4 |
5 | In order to do it, you first have to understand how Go builds apps, and then how terraform works with it.
6 |
7 | Every terraform provider is a sort of `module`. In order to support an open, modular system, in almost any language, you need to be able to dynamically load modules and interact with them. Terraform is no exception.
8 |
9 | However, the go lang team long ago decided to compile to statically linked applications;
10 | any dependencies you have will be compiled into 1 single binary. Unlike in other native languages (like C, or C++), a
11 | `.dll` or `.so` is not used; there is no dynamic library to load at runtime and thus, modularity becomes a whole other trick.
12 | This is done to avoid the notorious **dll hell** that was so common up until most modern systems included some
13 | kind of dependency management. And yes, it can still be an issue.
14 |
15 | Every terraform provider is its own mini RPC server. When terraform runs your provider, it actually starts a new process that is your provider, and connects to it through
16 | this RPC channel. Compounding the problem is that the lifetime of your provider process is very much
17 | ephemeral; potentially lasting no more and a few seconds. It's this process you need to connect to with your debugger
18 |
19 | ### Normal debugging
20 | Normally, you would directly spin-up your app, and it would load modules into application memory. That's why you can actually
21 | debug it, because your debugger knows how to find the exact memory address for your provider. However, you don't have
22 | this arrangement, and you need to do a _remote_ debug session.
23 |
24 | ### The conundrum
25 | So, you don't load terraform directly, and even if you did, your `module` (a.k.a your provider) is in the memory
26 | space of an entirely different process; and that lasts no more than a few seconds, potentially.
27 |
28 | ## The solution
29 |
30 | 1. You need the debugging tool [delve](https://github.com/go-delve/delve).
31 | 2. You are going to have to place a little bit of shim code close to the spot in the code where you want to begin
32 | debugging. We need to stop this provider process from exiting before we can connect. So, put this bit of code in place:
33 | ```go
34 | connected := false
35 | for !connected {
36 | time.Sleep(time.Second) // set breakpoint here
37 | }
38 | ```
39 | This code effectively creates an infinite sleep loop; but that's actually essential to solving the problem.
40 |
41 | 3. Place a break point right inside this loop. It won't do anything, yet.
42 | 4. Now run the terraform commands you need to, to engage the code you're desiring to debug. Upon doing so,
43 | terraform will basically stop, as it waits on a response from you provider; because you put an infinite sleep loop in
44 | 5. You must now tell `delve` to connect to this remote process using it's PID. This isn't as hard as it seems.
45 | Run this commands:
46 | `dlv --listen=:2345 --headless=true --api-version=2 --accept-multiclient attach $(pgrep terraform-provider-xray)`
47 | The last argument gets the `PID` for your provider and supplies it to `delve` to connect. Immediately upon running this
48 | command, you're going to hit your break point. Please make sure to substitute `terraform-provider-xray` for your provider name
49 | 6. To exit this infinite loop, use your debugger to set `connected` to `true`. By doing so you change the loop predicate
50 | and it will exit this loop on the next iteration.
51 | 7. *DEBUG!* - At this point you can, step, watch, drop the call stack, etc. Your whole arsenel is available
52 |
--------------------------------------------------------------------------------
/CONTRIBUTIONS.md:
--------------------------------------------------------------------------------
1 | # Contribution Guide
2 |
3 | ## Contributors
4 | Pull requests, issues and comments are welcomed. For pull requests:
5 |
6 | * Add tests for new features and bug fixes
7 | * Follow the existing style
8 | * Separate unrelated changes into multiple pull requests
9 |
10 | See the existing issues for things to start contributing.
11 |
12 | For bigger changes, make sure you start a discussion first by creating
13 | an issue and explaining the intended change.
14 |
15 | JFrog requires contributors to sign a Contributor License Agreement,
16 | known as a CLA. This serves as a record stating that the contributor is
17 | entitled to contribute the code/documentation/translation to the project
18 | and is willing to have it used in distributions and derivative works
19 | (or is willing to transfer ownership).
20 |
21 |
22 | ## Build the Provider
23 | Simply run `make install` - this will compile the provider and install it to `~/.terraform.d`. When running this, it will
24 | take the current tag and bump it 1 minor version. It does not actually create a new tag (that is `make release`).
25 | If you wish to use the locally installed provider, make sure your TF script refers to the new version number.
26 |
27 | Requirements:
28 | - [Terraform](https://www.terraform.io/downloads.html) 0.13
29 | - [Go](https://golang.org/doc/install) 1.18+ (to build the provider plugin)
30 |
31 | ### Building on macOS
32 |
33 | This provider uses [GNU sed](https://www.gnu.org/software/sed/) as part of the build toolchain, in both Linux and macOS. This provides consistency across OSes.
34 |
35 | If you are building this on macOS, you have two options:
36 | - Install [gnu-sed using brew](https://formulae.brew.sh/formula/gnu-sed), OR
37 | - Use a Linux Docker image/container
38 |
39 | #### Using gnu-sed
40 |
41 | After installing with brew, get the GNU sed information:
42 |
43 | ```sh
44 | $ brew info gnu-sed
45 | ```
46 |
47 | You should see something like:
48 | ```
49 | GNU "sed" has been installed as "gsed".
50 | If you need to use it as "sed", you can add a "gnubin" directory
51 | to your PATH from your bashrc like:
52 |
53 | PATH="$(brew --prefix)/opt/gnu-sed/libexec/gnubin:$PATH"
54 | ```
55 |
56 | Add the `gnubin` directory to your `.bashrc` or `.zshrc` per instruction so that `sed` command uses gnu-sed.
57 |
58 |
59 | ## Testing
60 | Since JFrog Xray is an addon for Artifactory, you will need a running instance of the JFrog platform (Artifactory and Xray).
61 | However, there is no currently supported dockerized, local version. The fastest way to install Artifactory and Xray as a self-hosted installation is to use Platform
62 | Helm chart. Free 30 days trial version is available [here](https://jfrog.com/start-free/#hosted)
63 | If you want to test on SaaS instance - [30 day trial can be freely obtained](https://jfrog.com/start-free/#saas)
64 | and will allow local development.
65 |
66 | Then, you have to set some environment variables as this is how the acceptance tests pick up their config:
67 | ```bash
68 | JFROG_URL=http://localhost:8081
69 | XRAY_ACCESS_TOKEN=your-admin-key
70 | TF_ACC=true
71 | ```
72 | a crucial, and very much hidden, env var to set is
73 | `TF_ACC=true` - you can literally set `TF_ACC` to anything you want, so long as it's set. The acceptance tests use
74 | terraform testing libraries that, if this flag isn't set, will skip all tests.
75 |
76 | `XRAY_ACCESS_TOKEN` can be generated in the UI. Go to **Settings -> Identity and Access -> Access Tokens -> Generate Admin Token**
77 |
78 |
79 | You can then run the tests as `make acceptance`. You can check what it's doing on the background in the [GNUmakefile](GNUmakefile) in the project.
80 |
81 | We've found that it's very convenient to use [Charles proxy](https://www.charlesproxy.com/) to see the payload, generated by Terraform Provider during the testing process.
82 | You can also use any other network packet reader, like Wireshark and so on.
83 |
84 |
85 | ## Registry documentation generation
86 | All the documentation in the project is generated by [tfplugindocs](https://github.com/hashicorp/terraform-plugin-docs).
87 | If you make any changes to the resource schemas, you will need to re-generate documentation.
88 | Install [tfplugindocs](https://github.com/hashicorp/terraform-plugin-docs#installation), then run:
89 | ```sh
90 | $ make doc
91 | ```
92 |
93 | #### Thanks for contributing!
94 |
--------------------------------------------------------------------------------
/docs/resources/custom_issue.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_custom_issue Resource - terraform-provider-xray"
4 | subcategory: "Issues"
5 | ---
6 |
7 | # xray_custom_issue (Resource)
8 |
9 | Provides an Xray custom issue event resource. See [Xray Custom Issue](https://jfrog.com/help/r/xray-how-to-formally-raise-an-issue-regarding-an-indexed-artifact) and [REST API](https://jfrog.com/help/r/jfrog-rest-apis/issues) for more details.
10 |
11 | ~>Due to JFrog Xray REST API behavior, when `component.vulnerable_versions` or `component.fixed_versions` are set, their values are mirrored in the `component.vulnerable_ranges` attribute, and vice versa. We recommend setting all the `component` attribute values to match to avoid state drift.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "xray_custom_issue" "my-issue-1" {
17 | name = "my-issue-1"
18 | description = "My custom issue"
19 | summary = "My issue"
20 | type = "security"
21 | provider_name = "custom"
22 | package_type = "generic"
23 | severity = "High"
24 |
25 | component {
26 | id = "aero:aero"
27 | vulnerable_versions = ["[0.2.3]"]
28 | vulnerable_ranges {
29 | vulnerable_versions = ["[0.2.3]"]
30 | }
31 | }
32 |
33 | cve {
34 | cve = "CVE-2017-1000386"
35 | cvss_v2 = "2.4"
36 | }
37 |
38 | source {
39 | id = "CVE-2017-1000386"
40 | }
41 | }
42 | ```
43 |
44 |
45 | ## Schema
46 |
47 | ### Required
48 |
49 | - `description` (String) Description of custom issue
50 | - `name` (String) Name of the custom issue. It must not begin with 'xray' (case insensitive)
51 | - `package_type` (String) Package Type of custom issue. Valid values are: alpine, bower, cargo, composer, conan, conda, cran, debian, docker, generic, go, gradle, huggingface, ivy, maven, npm, nuget, oci, pypi, rpm, rubygems, sbt, terraformbe
52 | - `provider_name` (String) Provider of custom issue. It must not be 'jfrog' (case insensitive)
53 | - `severity` (String) Severity of custom issue. Valid values: Critical, High, Medium, Low, Information
54 | - `summary` (String) Summary of custom issue
55 | - `type` (String) Type of custom issue. Valid values: other, performance, security, versions
56 |
57 | ### Optional
58 |
59 | - `component` (Block Set) Component of custom issue (see [below for nested schema](#nestedblock--component))
60 | - `cve` (Block Set) CVE of the custom issue (see [below for nested schema](#nestedblock--cve))
61 | - `source` (Block Set) List of sources (see [below for nested schema](#nestedblock--source))
62 |
63 | ### Read-Only
64 |
65 | - `id` (String) The ID of this resource.
66 |
67 |
68 | ### Nested Schema for `component`
69 |
70 | Required:
71 |
72 | - `id` (String) ID of the component
73 |
74 | Optional:
75 |
76 | - `fixed_versions` (Set of String) List of fixed versions
77 | - `vulnerable_ranges` (Block Set) List of the vulnerable ranges (see [below for nested schema](#nestedblock--component--vulnerable_ranges))
78 | - `vulnerable_versions` (Set of String) List of vulnerable versions
79 |
80 |
81 | ### Nested Schema for `component.vulnerable_ranges`
82 |
83 | Optional:
84 |
85 | - `fixed_versions` (Set of String) List of fixed versions
86 | - `vulnerable_versions` (Set of String) List of vulnerable versions
87 |
88 |
89 |
90 |
91 | ### Nested Schema for `cve`
92 |
93 | Optional:
94 |
95 | - `cve` (String) CVE ID
96 | - `cvss_v2` (String) CVSS v2 score
97 | - `cvss_v3` (String) CVSS v3 score
98 |
99 |
100 |
101 | ### Nested Schema for `source`
102 |
103 | Required:
104 |
105 | - `id` (String) ID of the source, e.g. CVE
106 |
107 | Optional:
108 |
109 | - `name` (String) Name of the source
110 | - `url` (String) URL of the source
111 |
112 | ## Import
113 |
114 | Import is supported using the following syntax:
115 |
116 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
117 |
118 | ```shell
119 | terraform import xray_custom_issue.my-issue-1 my-issue-1
120 | ```
121 |
--------------------------------------------------------------------------------
/http/watches.http:
--------------------------------------------------------------------------------
1 | GET {{ host }}/xray/api/v2/watches
2 | Accept: application/json
3 | Content-Type: application/json
4 | Authorization: Bearer {{ token }}
5 |
6 | ###
7 |
8 | GET {{ host }}/xray/api/v2/watches/{{ watch_name_all_repos }}
9 | Accept: application/json
10 | Content-Type: application/json
11 | Authorization: Bearer {{ token }}
12 |
13 | ###
14 |
15 | POST {{ host }}/xray/api/v2/watches
16 | Authorization: Bearer {{ token }}
17 | Content-Type: application/json
18 |
19 | {
20 | "general_data": {
21 | "name": "{{ watch_name_all_repos }}",
22 | "description": "Watch all repositories",
23 | "active": true
24 | },
25 | "project_resources": {
26 | "resources": [
27 | {
28 | "type": "all-repos",
29 | "filters": [
30 | {
31 | "type": "package-type",
32 | "value": "Docker"
33 | },
34 | {
35 | "type": "package-type",
36 | "value": "Debian"
37 | }
38 | ]
39 | }
40 | ]
41 | },
42 | "assigned_policies": [
43 | {
44 | "name": "{{ license_policy_name }}",
45 | "type": "license"
46 | },
47 | {
48 | "name": "{{ security_policy_name }}",
49 | "type": "security"
50 | }
51 | ],
52 | "watch_recipients":["name@myemail.com","name1@youremail.com"]
53 | }
54 |
55 | ###
56 |
57 | POST {{ host }}/xray/api/v2/watches
58 | Authorization: Bearer {{ token }}
59 | Content-Type: application/json
60 |
61 | {
62 | "general_data": {
63 | "name": "{{ watch_name_single_repo }}",
64 | "description": "Watch selected repositories",
65 | "active": true
66 | },
67 | "project_resources": {
68 | "resources": [
69 | {
70 | "type": "repository",
71 | "bin_mgr_id": "default",
72 | "name": "libs-release-local",
73 | "filters": [
74 | {
75 | "type": "regex",
76 | "value": ".*"
77 | }
78 | ]
79 | },
80 | {
81 | "type": "repository",
82 | "bin_mgr_id": "default",
83 | "name": "libs-release-local-1",
84 | "filters": [
85 | {
86 | "type": "regex",
87 | "value": ".*"
88 | }
89 | ]
90 | }
91 | ]
92 | },
93 | "assigned_policies": [
94 | {
95 | "name": "{{ license_policy_name }}",
96 | "type": "license"
97 | },
98 | {
99 | "name": "{{ security_policy_name }}",
100 | "type": "security"
101 | }
102 | ],
103 | "watch_recipients":["name@myemail.com","name1@youremail.com"]
104 | }
105 |
106 | ###
107 |
108 | POST {{ host }}/xray/api/v2/watches
109 | Authorization: Bearer {{ token }}
110 | Content-Type: application/json
111 |
112 | {
113 | "general_data": {
114 | "name": "{{ watch_name_builds }}",
115 | "description": "Watch selected builds",
116 | "active": true
117 | },
118 | "project_resources": {
119 | "resources": [
120 | {
121 | "type": "build",
122 | "bin_mgr_id": "default",
123 | "name": "your-build-name"
124 | },
125 | {
126 | "type": "build",
127 | "bin_mgr_id": "default",
128 | "name": "your-other-build-name"
129 | }
130 | ]
131 | },
132 | "assigned_policies": [
133 | {
134 | "name": "{{ license_policy_name }}",
135 | "type": "license"
136 | },
137 | {
138 | "name": "{{ security_policy_name }}",
139 | "type": "security"
140 | }
141 | ],
142 | "watch_recipients":["name@myemail.com","name1@youremail.com"]
143 | }
144 |
145 | ###
146 |
147 | PUT {{ host }}/xray/api/v2/watches/{{ watch_name_all_repos }}
148 | Authorization: Bearer {{ token }}
149 | Content-Type: application/json
150 |
151 | {
152 | "general_data": {
153 | "name": "{{ watch_name_all_repos }}",
154 | "description": "Watch all repositories, updated",
155 | "active": true
156 | },
157 | "project_resources": {
158 | "resources": [
159 | {
160 | "type": "all-repos",
161 | "filters": [
162 | {
163 | "type": "package-type",
164 | "value": "Docker"
165 | }
166 | ]
167 | }
168 | ]
169 | },
170 | "assigned_policies": [
171 | {
172 | "name": "{{ license_policy_name }}",
173 | "type": "license"
174 | }
175 | ],
176 | "watch_recipients":["name@myemail.com","name1@youremail.com"]
177 | }
178 |
179 |
180 | ###
181 |
182 | DELETE {{ host }}/xray/api/v2/watches/{{ watch_name_all_repos }}
183 | Authorization: Bearer {{ token }}
184 | Content-Type: application/json
--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/jfrog/terraform-provider-xray/v3
2 |
3 | // if you need to do local dev, literally just uncomment the line below
4 | // replace github.com/jfrog/terraform-provider-shared => ../terraform-provider-shared
5 |
6 | go 1.24.0
7 |
8 | toolchain go1.24.6
9 |
10 | require (
11 | github.com/go-resty/resty/v2 v2.17.1
12 | github.com/hashicorp/go-version v1.8.0
13 | github.com/hashicorp/terraform-plugin-docs v0.24.0
14 | github.com/hashicorp/terraform-plugin-framework v1.17.0
15 | github.com/hashicorp/terraform-plugin-framework-validators v0.19.0
16 | github.com/hashicorp/terraform-plugin-go v0.29.0
17 | github.com/hashicorp/terraform-plugin-testing v1.14.0
18 | github.com/jfrog/terraform-provider-shared v1.30.7
19 | github.com/samber/lo v1.52.0
20 | golang.org/x/exp v0.0.0-20251209150349-8475f28825e9
21 | )
22 |
23 | require (
24 | github.com/BurntSushi/toml v1.2.1 // indirect
25 | github.com/Kunde21/markdownfmt/v3 v3.1.0 // indirect
26 | github.com/Masterminds/goutils v1.1.1 // indirect
27 | github.com/Masterminds/semver/v3 v3.2.0 // indirect
28 | github.com/Masterminds/sprig/v3 v3.2.3 // indirect
29 | github.com/ProtonMail/go-crypto v1.3.0 // indirect
30 | github.com/agext/levenshtein v1.2.3 // indirect
31 | github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
32 | github.com/armon/go-radix v1.0.0 // indirect
33 | github.com/bgentry/speakeasy v0.1.0 // indirect
34 | github.com/bmatcuk/doublestar/v4 v4.9.1 // indirect
35 | github.com/cloudflare/circl v1.6.1 // indirect
36 | github.com/fatih/color v1.18.0 // indirect
37 | github.com/golang/protobuf v1.5.4 // indirect
38 | github.com/google/go-cmp v0.7.0 // indirect
39 | github.com/google/uuid v1.6.0 // indirect
40 | github.com/hashicorp/cli v1.1.7 // indirect
41 | github.com/hashicorp/errwrap v1.1.0 // indirect
42 | github.com/hashicorp/go-checkpoint v0.5.0 // indirect
43 | github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
44 | github.com/hashicorp/go-cty v1.5.0 // indirect
45 | github.com/hashicorp/go-hclog v1.6.3 // indirect
46 | github.com/hashicorp/go-multierror v1.1.1 // indirect
47 | github.com/hashicorp/go-plugin v1.7.0 // indirect
48 | github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
49 | github.com/hashicorp/go-uuid v1.0.3 // indirect
50 | github.com/hashicorp/hc-install v0.9.2 // indirect
51 | github.com/hashicorp/hcl/v2 v2.24.0 // indirect
52 | github.com/hashicorp/logutils v1.0.0 // indirect
53 | github.com/hashicorp/terraform-exec v0.24.0 // indirect
54 | github.com/hashicorp/terraform-json v0.27.2 // indirect
55 | github.com/hashicorp/terraform-plugin-log v0.10.0 // indirect
56 | github.com/hashicorp/terraform-plugin-sdk/v2 v2.38.1 // indirect
57 | github.com/hashicorp/terraform-registry-address v0.4.0 // indirect
58 | github.com/hashicorp/terraform-svchost v0.1.1 // indirect
59 | github.com/hashicorp/yamux v0.1.2 // indirect
60 | github.com/huandu/xstrings v1.3.3 // indirect
61 | github.com/imdario/mergo v0.3.15 // indirect
62 | github.com/mattn/go-colorable v0.1.14 // indirect
63 | github.com/mattn/go-isatty v0.0.20 // indirect
64 | github.com/mattn/go-runewidth v0.0.9 // indirect
65 | github.com/mitchellh/copystructure v1.2.0 // indirect
66 | github.com/mitchellh/go-testing-interface v1.14.1 // indirect
67 | github.com/mitchellh/go-wordwrap v1.0.1 // indirect
68 | github.com/mitchellh/mapstructure v1.5.0 // indirect
69 | github.com/mitchellh/reflectwalk v1.0.2 // indirect
70 | github.com/oklog/run v1.2.0 // indirect
71 | github.com/posener/complete v1.2.3 // indirect
72 | github.com/reugn/go-quartz v0.15.2 // indirect
73 | github.com/robfig/cron/v3 v3.0.1 // indirect
74 | github.com/shopspring/decimal v1.3.1 // indirect
75 | github.com/spf13/cast v1.5.0 // indirect
76 | github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
77 | github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
78 | github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
79 | github.com/yuin/goldmark v1.7.7 // indirect
80 | github.com/yuin/goldmark-meta v1.1.0 // indirect
81 | github.com/zclconf/go-cty v1.17.0 // indirect
82 | go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect
83 | golang.org/x/crypto v0.46.0 // indirect
84 | golang.org/x/mod v0.31.0 // indirect
85 | golang.org/x/net v0.48.0 // indirect
86 | golang.org/x/sync v0.19.0 // indirect
87 | golang.org/x/sys v0.39.0 // indirect
88 | golang.org/x/text v0.32.0 // indirect
89 | golang.org/x/tools v0.40.0 // indirect
90 | google.golang.org/appengine v1.6.8 // indirect
91 | google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
92 | google.golang.org/grpc v1.77.0 // indirect
93 | google.golang.org/protobuf v1.36.10 // indirect
94 | gopkg.in/yaml.v2 v2.3.0 // indirect
95 | gopkg.in/yaml.v3 v3.0.1 // indirect
96 | )
97 |
--------------------------------------------------------------------------------
/docs/resources/catalog_labels.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_catalog_labels Resource - terraform-provider-xray"
4 | subcategory: "Catalog"
5 | ---
6 |
7 | # xray_catalog_labels (Resource)
8 |
9 | Manages JFrog Catalog labels and their assignments using the correct GraphQL API mutations.
10 | ~> Requires JFrog Catalog service to be available.
11 |
12 | ## Example Usage
13 |
14 | ```terraform
15 | resource "xray_catalog_labels" "basic" {
16 | labels = [
17 | { name = "lbl_basic_1", description = "Basic label 1" },
18 | { name = "lbl_basic_2", description = "Basic label 2" }
19 | ]
20 | }
21 |
22 | resource "xray_catalog_labels" "with_package_assignments" {
23 | labels = [
24 | { name = "pkg_label", description = "Label for packages" }
25 | ]
26 |
27 | package_assignments = [
28 | { label_name = "pkg_label", package_name = "express", package_type = "npm" },
29 | { label_name = "pkg_label", package_name = "lodash", package_type = "npm" }
30 | ]
31 | }
32 |
33 | resource "xray_catalog_labels" "with_version_assignments_single" {
34 | labels = [
35 | { name = "ver_label_one", description = "Label for a single package version" }
36 | ]
37 |
38 | version_assignments = [
39 | { label_name = "ver_label_one", package_name = "lodash", package_type = "npm", versions = ["4.17.21"] }
40 | ]
41 | }
42 |
43 | resource "xray_catalog_labels" "with_version_assignments_bulk" {
44 | labels = [
45 | { name = "ver_label_bulk", description = "Label for multiple package versions" }
46 | ]
47 |
48 | version_assignments = [
49 | { label_name = "ver_label_bulk", package_name = "express", package_type = "npm", versions = ["4.17.0", "4.18.2"] }
50 | ]
51 | }
52 |
53 | resource "xray_catalog_labels" "combined" {
54 | labels = [
55 | { name = "combined_lbl", description = "Label used in both package and version assignments" },
56 | { name = "doc_label", description = "Another label to demonstrate multiple labels" }
57 | ]
58 |
59 | package_assignments = [
60 | { label_name = "combined_lbl", package_name = "express", package_type = "npm" }
61 | ]
62 |
63 | version_assignments = [
64 | { label_name = "combined_lbl", package_name = "lodash", package_type = "npm", versions = ["4.17.21"] }
65 | ]
66 | }
67 | ```
68 |
69 |
70 | ## Schema
71 |
72 | ### Optional
73 |
74 | - `labels` (Attributes Set) Set of catalog labels to manage. At least one label is required. Maximum of 500 labels can be created in a single operation. (see [below for nested schema](#nestedatt--labels))
75 | - `package_assignments` (Attributes Set) Set of package assignments. Assigns labels to packages. Note: Only one label per package is supported by the API. (see [below for nested schema](#nestedatt--package_assignments))
76 | - `version_assignments` (Attributes Set) Set of package version assignments. Assigns labels to specific package versions. Note: Only one label per package version is supported by the API. (see [below for nested schema](#nestedatt--version_assignments))
77 |
78 |
79 | ### Nested Schema for `labels`
80 |
81 | Required:
82 |
83 | - `description` (String) Description of the catalog label. Must have at most 300 characters.
84 | - `name` (String) The name of the catalog label. Must be unique and have at most 15 characters.
85 |
86 |
87 |
88 | ### Nested Schema for `package_assignments`
89 |
90 | Required:
91 |
92 | - `label_name` (String) Label name to assign to the package. API supports only 1 label per assignment.
93 | - `package_name` (String) Name of the package to assign labels to.
94 | - `package_type` (String) Type of the package (e.g., npm, maven, docker, etc.).
95 |
96 |
97 |
98 | ### Nested Schema for `version_assignments`
99 |
100 | Required:
101 |
102 | - `label_name` (String) Label name to assign to the package version. API supports only 1 label per assignment.
103 | - `package_name` (String) Name of the package.
104 | - `package_type` (String) Type of the package (e.g., npm, maven, docker, etc.).
105 | - `versions` (Set of String) List of versions for bulk assignment with the same label. Must contain at least one non-empty version.
106 |
107 | ## Import
108 |
109 | Import is supported using the following syntax:
110 |
111 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
112 |
113 | ```shell
114 | terraform import xray_catalog_labels.basic lbl_basic_1,lbl_basic_2
115 | terraform import xray_catalog_labels.with_package_assignments pkg_label
116 | terraform import xray_catalog_labels.with_version_assignments_single ver_label_one
117 | terraform import xray_catalog_labels.with_version_assignments_bulk ver_label_bulk
118 | terraform import xray_catalog_labels.combined combined_lbl,doc_label
119 | ```
120 |
--------------------------------------------------------------------------------
/http/policies.http:
--------------------------------------------------------------------------------
1 | GET {{ host }}/xray/api/v2/policies
2 | Accept: application/json
3 | Content-Type: application/json
4 | Authorization: Bearer {{ token }}
5 |
6 | ###
7 |
8 | GET {{ host }}/xray/api/v2/policies/{{ security_policy_name }}
9 | Accept: application/json
10 | Content-Type: application/json
11 | Authorization: Bearer {{ token }}
12 |
13 | ###
14 |
15 | POST {{ host }}/xray/api/v2/policies
16 | Authorization: Bearer {{ token }}
17 | Content-Type: application/json
18 |
19 | {
20 | "name": "{{ license_policy_name }}",
21 | "description": "License policy, allowed and banned licenses",
22 | "type": "license",
23 | "rules": [
24 | {
25 | "name": "Allowed_licenses",
26 | "criteria": {
27 | "allowed_licenses": [
28 | "Apache-1.0",
29 | "Apache-2.0"
30 | ],
31 | "allow_unknown": true,
32 | "multi_license_permissive": true
33 | },
34 | "actions": {
35 | "webhooks": [],
36 | "block_download": {
37 | "active": true,
38 | "unscanned": true
39 | },
40 | "block_release_bundle_distribution": true,
41 | "fail_build": true,
42 | "notify_watch_recipients": true,
43 | "notify_deployer": true,
44 | "create_ticket_enabled": true,
45 | "custom_severity": "high",
46 | "build_failure_grace_period_in_days": 3
47 | },
48 | "priority": 1
49 | },
50 | {
51 | "name": "Banned_licenses",
52 | "criteria": {
53 | "banned_licenses": [
54 | "APSL-1.0",
55 | "APSL-1.1"
56 | ],
57 | "allow_unknown": true,
58 | "multi_license_permissive": true
59 | },
60 | "actions": {
61 | "webhooks": [],
62 | "block_download": {
63 | "active": true,
64 | "unscanned": true
65 | },
66 | "block_release_bundle_distribution": true,
67 | "fail_build": true,
68 | "notify_watch_recipients": true,
69 | "notify_deployer": true,
70 | "create_ticket_enabled": true,
71 | "custom_severity": "high",
72 | "build_failure_grace_period_in_days": 3
73 | },
74 | "priority": 2
75 | }
76 | ]
77 | }
78 |
79 | ###
80 |
81 | POST {{ host }}/xray/api/v2/policies
82 | Authorization: Bearer {{ token }}
83 | Content-Type: application/json
84 |
85 | {
86 | "name": "{{ security_policy_name }}",
87 | "type": "security",
88 | "description": "Security policy, CVSS score and minimum severity rules",
89 | "rules": [{
90 | "name": "CVSS_score",
91 | "priority": 1,
92 | "criteria": {
93 | "cvss_range": {
94 | "from": 2.7,
95 | "to": 7.1
96 | }
97 | },
98 | "actions": {
99 | "fail_build": true,
100 | "block_download": {
101 | "unscanned": false,
102 | "active": false
103 | },
104 | "block_release_bundle_distribution": false,
105 | "notify_watch_recipients": false,
106 | "notify_deployer": false,
107 | "create_ticket_enabled": false,
108 | "build_failure_grace_period_in_days": 5
109 | }
110 | },
111 | {
112 | "name": "Min_severity",
113 | "priority": 2,
114 | "criteria": {
115 | "min_severity": "Medium"
116 | },
117 | "actions": {
118 | "fail_build": true,
119 | "block_download": {
120 | "unscanned": false,
121 | "active": false
122 | },
123 | "block_release_bundle_distribution": false,
124 | "notify_watch_recipients": false,
125 | "notify_deployer": false,
126 | "create_ticket_enabled": false,
127 | "build_failure_grace_period_in_days": 5
128 | }
129 | }]
130 | }
131 |
132 |
133 | ###
134 |
135 | PUT {{ host }}/xray/api/v2/policies/{{ license_policy_name }}
136 | Authorization: Bearer {{ token }}
137 | Content-Type: application/json
138 |
139 | {
140 | "description": "License policy, allowed licenses. Updated",
141 | "type": "license",
142 | "rules": [
143 | {
144 | "name": "Allowed_licenses_single_rule",
145 | "criteria": {
146 | "allowed_licenses": [
147 | "Apache-1.0",
148 | "Apache-2.0"
149 | ],
150 | "allow_unknown": true,
151 | "multi_license_permissive": true
152 | },
153 | "actions": {
154 | "webhooks": [],
155 | "block_download": {
156 | "active": true,
157 | "unscanned": true
158 | },
159 | "block_release_bundle_distribution": true,
160 | "fail_build": true,
161 | "notify_watch_recipients": true,
162 | "notify_deployer": true,
163 | "create_ticket_enabled": true,
164 | "custom_severity": "high",
165 | "build_failure_grace_period_in_days": 3
166 | },
167 | "priority": 1
168 | }
169 | ]
170 | }
171 |
172 | ###
173 |
174 | DELETE {{ host }}/xray/api/v2/policies/{{ license_policy_name }}
175 | Authorization: Bearer {{ token }}
176 | Content-Type: application/json
--------------------------------------------------------------------------------
/templates/index.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | layout: ""
3 | page_title: "JFrog Xray Provider"
4 | description: |-
5 | The Xray provider is used to interact with the resources supported by JFrog Xray.
6 | ---
7 |
8 | # JFrog Xray Provider
9 |
10 | The [Xray](https://jfrog.com/xray/) provider is used to interact with the
11 | resources supported by JFrog Xray. Xray is a part of JFrog Artifactory and can't be used separately.
12 | The provider needs to be configured with the proper credentials before it can be used.
13 | Xray API documentation can be found [here](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API)
14 |
15 | Links to documentation for specific resources can be found in the table of contents to the left.
16 |
17 | ## Terraform CLI version support
18 |
19 | Current version support [Terraform Protocol v6](https://developer.hashicorp.com/terraform/plugin/terraform-plugin-protocol#protocol-version-6) which mean Terraform CLI version 1.0 and later.
20 |
21 | ## Example Usage
22 |
23 | {{tffile "examples/sample.tf"}}
24 |
25 | ## Authentication
26 |
27 | The Xray provider supports supports two ways of authentication. The following methods are supported:
28 | * Bearer Token
29 | * Terraform Cloud OIDC provider
30 |
31 | ### Bearer Token
32 | Artifactory access tokens may be used via the Authorization header by providing the `access_token` field to the provider
33 | block. Getting this value from the environment is supported with the `XRAY_ACCESS_TOKEN`,
34 | or `JFROG_ACCESS_TOKEN` variables.
35 | Set `url` field to provide JFrog Xray URL. Alternatively you can set `ARTIFACTORY_URL`, `JFROG_URL` or `PROJECTS_URL` variables.
36 | Set `skip_xray_version_check` field to true to skip the version check. Alternatively you can set the `SKIP_XRAY_VERSION_CHECK` variable to true to skip the version check
37 |
38 | Usage:
39 | ```hcl
40 | # Configure the Xray provider
41 | provider "xray" {
42 | url = "artifactory.site.com/xray"
43 | access_token = "abc...xy"
44 | skip_xray_version_check = true
45 | }
46 | ```
47 |
48 | ### Terraform Cloud OIDC Provider
49 |
50 | If you are using this provider on Terraform Cloud and wish to use dynamic credentials instead of static access token for authentication with JFrog platform, you can leverage Terraform as the OIDC provider.
51 |
52 | To setup dynamic credentials, follow these steps:
53 | 1. Configure Terraform Cloud as a generic OIDC provider
54 | 2. Set environment variable in your Terraform Workspace
55 | 3. Setup Terraform Cloud in your configuration
56 |
57 | During the provider start up, if it finds env var `TFC_WORKLOAD_IDENTITY_TOKEN` it will use this token with your JFrog instance to exchange for a short-live access token. If that is successful, the provider will the access token for all subsequent API requests with the JFrog instance.
58 |
59 | #### Configure Terraform Cloud as generic OIDC provider
60 |
61 | Follow [confgure an OIDC integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-an-oidc-integration). Enter a name for the provider, e.g. `terraform-cloud`. Use `https://app.terraform.io` for "Provider URL". Choose your own value for "Audience", e.g. `jfrog-terraform-cloud`.
62 |
63 | Then [configure an identity mapping](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-identity-mappings) with appropriate "Claims JSON" (e.g. `aud`, `sub` at minimum. See [Terraform Workload Identity - Configuring Trust with your Cloud Platform](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/dynamic-provider-credentials/workload-identity-tokens#configuring-trust-with-your-cloud-platform)), and select the "Token scope", "User", and "Service" as desired.
64 |
65 | #### Set environment variable in your Terraform Workspace
66 |
67 | In your workspace, add an environment variable `TFC_WORKLOAD_IDENTITY_AUDIENCE` with audience value (e.g. `jfrog-terraform-cloud`) from JFrog OIDC integration above. See [Manually Generating Workload Identity Tokens](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/dynamic-provider-credentials/manual-generation) for more details.
68 |
69 | When a run starts on Terraform Cloud, it will create a workload identity token with the specified audience and assigns it to the environment variable `TFC_WORKLOAD_IDENTITY_TOKEN` for the provider to consume.
70 |
71 | See [Generating Multiple Tokens](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/dynamic-provider-credentials/manual-generation#generating-multiple-tokens) on HCP Terraform for more details on using different tokens.
72 |
73 | #### Setup Terraform Cloud in your configuration
74 |
75 | Add `cloud` block to `terraform` block, and add `oidc_provider_name` attribute (from JFrog OIDC integration) to provider block:
76 |
77 | ```terraform
78 | terraform {
79 | cloud {
80 | organization = "my-org"
81 | workspaces {
82 | name = "my-workspace"
83 | }
84 | }
85 |
86 | required_providers {
87 | xray = {
88 | source = "jfrog/xray"
89 | version = "2.5.1"
90 | }
91 | }
92 | }
93 |
94 | provider "xray" {
95 | url = "https://myinstance.jfrog.io"
96 | oidc_provider_name = "terraform-cloud"
97 | tfc_credential_tag_name = "JFROG"
98 | }
99 | ```
100 |
101 | **Note:** Ensure `access_token` attribute and `JFROG_ACCESS_TOKEN` env var are not set
102 |
103 | {{ .SchemaMarkdown | trimspace }}
104 |
--------------------------------------------------------------------------------
/docs/data-sources/artifacts_scan.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_artifacts_scan Data Source - terraform-provider-xray"
4 | subcategory: ""
5 | description: |-
6 | Get a list of artifacts scanned by Xray for a specific repository. See JFrog Scans List - Get Artifacts API documentation https://jfrog.com/help/r/xray-rest-apis/scans-list-get-artifacts for more details.
7 | ---
8 |
9 | # xray_artifacts_scan (Data Source)
10 |
11 | Get a list of artifacts scanned by Xray for a specific repository. See JFrog [Scans List - Get Artifacts API documentation](https://jfrog.com/help/r/xray-rest-apis/scans-list-get-artifacts) for more details.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | data "xray_artifacts_scan" "my_artifacts_scan" {
17 | repo = "my-docker-local"
18 | order_by = "repo_path"
19 | offset = 15
20 | }
21 |
22 | output "my_artifacts_scan" {
23 | value = data.xray_artifacts_scan.my_artifacts_scan.results
24 | }
25 | ```
26 |
27 |
28 | ## Schema
29 |
30 | ### Required
31 |
32 | - `repo` (String) The repository key for which to get artifacts.
33 |
34 | ### Optional
35 |
36 | - `created_end` (String) Return only records created before the specified time (in RFC 3339 format).
37 | - `created_start` (String) Return only records created after the specified time (in RFC 3339 format).
38 | - `direction` (String) The direction by which to order the results (either ascending or descending). Allowed value: `asc` or `desc`. Default is `asc`.
39 | - `num_of_rows` (Number) The number of entries to return. Default is 15.
40 | - `offset` (Number) A value returned by the API. It needs to be passed to the API to get the next page. A value of -1 means that the last page was reached.
41 | - `order_by` (String) By which column to order the results. Allowed value: `created`, `size`, `name`, or `repo_path`.
42 | - `repo_path` (String)
43 |
44 | ### Read-Only
45 |
46 | - `results` (Attributes List) Result of artifacts scan. (see [below for nested schema](#nestedatt--results))
47 |
48 |
49 | ### Nested Schema for `results`
50 |
51 | Read-Only:
52 |
53 | - `created` (String)
54 | - `deployed_by` (String)
55 | - `exposures_issues` (Attributes) (see [below for nested schema](#nestedatt--results--exposures_issues))
56 | - `malicious_packages` (Set of String)
57 | - `name` (String)
58 | - `package_id` (String)
59 | - `repo_full_path` (String)
60 | - `repo_path` (String)
61 | - `sec_issues` (Attributes) (see [below for nested schema](#nestedatt--results--sec_issues))
62 | - `size` (String)
63 | - `version` (String)
64 | - `violations` (Number)
65 |
66 |
67 | ### Nested Schema for `results.exposures_issues`
68 |
69 | Read-Only:
70 |
71 | - `categories` (Attributes) (see [below for nested schema](#nestedatt--results--exposures_issues--categories))
72 | - `last_scanned` (String)
73 |
74 |
75 | ### Nested Schema for `results.exposures_issues.categories`
76 |
77 | Read-Only:
78 |
79 | - `applications` (Attributes) (see [below for nested schema](#nestedatt--results--exposures_issues--categories--applications))
80 | - `iac` (Attributes) (see [below for nested schema](#nestedatt--results--exposures_issues--categories--iac))
81 | - `secrets` (Attributes) (see [below for nested schema](#nestedatt--results--exposures_issues--categories--secrets))
82 | - `services` (Attributes) (see [below for nested schema](#nestedatt--results--exposures_issues--categories--services))
83 |
84 |
85 | ### Nested Schema for `results.exposures_issues.categories.applications`
86 |
87 | Read-Only:
88 |
89 | - `critical` (Number)
90 | - `high` (Number)
91 | - `information` (Number)
92 | - `low` (Number)
93 | - `medium` (Number)
94 | - `total` (Number)
95 | - `unknown` (Number)
96 |
97 |
98 |
99 | ### Nested Schema for `results.exposures_issues.categories.iac`
100 |
101 | Read-Only:
102 |
103 | - `critical` (Number)
104 | - `high` (Number)
105 | - `information` (Number)
106 | - `low` (Number)
107 | - `medium` (Number)
108 | - `total` (Number)
109 | - `unknown` (Number)
110 |
111 |
112 |
113 | ### Nested Schema for `results.exposures_issues.categories.secrets`
114 |
115 | Read-Only:
116 |
117 | - `critical` (Number)
118 | - `high` (Number)
119 | - `information` (Number)
120 | - `low` (Number)
121 | - `medium` (Number)
122 | - `total` (Number)
123 | - `unknown` (Number)
124 |
125 |
126 |
127 | ### Nested Schema for `results.exposures_issues.categories.services`
128 |
129 | Read-Only:
130 |
131 | - `critical` (Number)
132 | - `high` (Number)
133 | - `information` (Number)
134 | - `low` (Number)
135 | - `medium` (Number)
136 | - `total` (Number)
137 | - `unknown` (Number)
138 |
139 |
140 |
141 |
142 |
143 | ### Nested Schema for `results.sec_issues`
144 |
145 | Read-Only:
146 |
147 | - `critical` (Number)
148 | - `high` (Number)
149 | - `information` (Number)
150 | - `low` (Number)
151 | - `medium` (Number)
152 | - `total` (Number)
153 | - `unknown` (Number)
154 |
--------------------------------------------------------------------------------
/releaseXrayProvider.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # A script to fetch the latest stable versions and then create a new Git release branch and tag for specific Terraform providers.
3 |
4 | # Exit on error, unset var usage, and pipeline errors
5 | set -euo pipefail
6 |
7 | # honor non-interactive mode
8 | ASSUME_YES=${ASSUME_YES:-0}
9 | if [[ "${1:-}" == "-y" ]]; then
10 | ASSUME_YES=1
11 | shift || true
12 | fi
13 |
14 | # --- Function to get the latest stable version from a Git repository ---
15 | get_latest_version() {
16 | local repo_url="$1"
17 | # Fetch all tags, sort them by version, and get the latest stable version (not pre-release).
18 | # We use grep to filter for tags that match the vX.Y.Z pattern, excluding any with hyphens (e.g., v1.2.3-beta).
19 | local latest_version=$(git ls-remote --tags --refs --sort='-v:refname' "$repo_url" | grep -o 'v[0-9]*\.[0-9]*\.[0-9]*$' | head -n 1)
20 |
21 | if [ -z "$latest_version" ]; then
22 | echo "Version not found"
23 | else
24 | # Remove the 'v' prefix for cleaner output
25 | echo "${latest_version:1}"
26 | fi
27 | }
28 |
29 | # Small helper to confirm an action
30 | confirm() {
31 | local prompt="$1"
32 | if [[ "$ASSUME_YES" == "1" ]]; then
33 | echo "$prompt (auto-yes)"
34 | return 0
35 | fi
36 | echo ""
37 | read -p "$prompt (y/n) " -n 1 -r
38 | echo
39 | if [[ ! $REPLY =~ ^[Yy]$ ]]; then
40 | echo "Operation cancelled."
41 | exit 0
42 | fi
43 | }
44 |
45 | # Determine the default branch name of the current repo
46 | detect_default_branch() {
47 | git remote show origin 2>/dev/null | sed -n '/HEAD branch/s/.*: //p'
48 | }
49 |
50 | # Ensure working tree is clean
51 | ensure_clean_worktree() {
52 | if ! git diff-index --quiet HEAD --; then
53 | echo "Your working tree has uncommitted changes."
54 | confirm "Proceed anyway?"
55 | fi
56 | }
57 |
58 | # Validate version input as SemVer (with optional leading 'v') and normalize to 'vX.Y.Z'
59 | normalize_version() {
60 | local input="$1"
61 | if [[ ! "$input" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
62 | echo "Error: Version must be SemVer (e.g., 1.2.3 or v1.2.3)." >&2
63 | exit 1
64 | fi
65 | if [[ "$input" =~ ^v ]]; then
66 | echo "$input"
67 | else
68 | echo "v$input"
69 | fi
70 | }
71 |
72 | # Check if a tag already exists locally or remotely
73 | tag_exists() {
74 | local tag="$1"
75 | git fetch --tags >/dev/null 2>&1 || true
76 | if git rev-parse -q --verify "refs/tags/$tag" >/dev/null; then
77 | return 0
78 | fi
79 | if git ls-remote --tags origin | grep -q "refs/tags/$tag$"; then
80 | return 0
81 | fi
82 | return 1
83 | }
84 |
85 | # --- Fetch and Display Latest Stable Versions ---
86 | echo "--- Fetching Latest Stable Provider Versions ---"
87 |
88 | # Define the GitHub repositories for each provider.
89 | REPOSITORIES=(
90 | "jfrog/terraform-provider-xray"
91 | )
92 |
93 | # Loop through each repository, fetch its latest version, and display it.
94 | for repo in "${REPOSITORIES[@]}"; do
95 | provider_name=$(basename "$repo")
96 | repo_url="https://github.com/${repo}"
97 | latest=$(get_latest_version "$repo_url")
98 | echo "Latest version for ${provider_name}: v$latest"
99 | done
100 |
101 | echo "-------------------------------------"
102 | echo ""
103 |
104 | # --- Inputs ---
105 | PROVIDER_NAME="terraform-provider-xray"
106 | echo "Using provider: ${PROVIDER_NAME}"
107 |
108 | # Read version unless provided via NEW_VERSION env
109 | if [[ -z "${NEW_VERSION:-}" ]]; then
110 | read -p "Please enter the new version number (e.g., 1.2.3): " NEW_VERSION
111 | fi
112 | NEW_VERSION=$(normalize_version "$NEW_VERSION")
113 |
114 | # --- Determine the correct branch to use ---
115 | BRANCH_TO_CHECKOUT=""
116 | case "$PROVIDER_NAME" in
117 | "terraform-provider-xray")
118 | # Auto-detect default branch; fallback to main
119 | BRANCH_TO_CHECKOUT="$(detect_default_branch)"
120 | [[ -z "$BRANCH_TO_CHECKOUT" ]] && BRANCH_TO_CHECKOUT="main"
121 | ;;
122 | *)
123 | echo "Error: Unknown provider name '$PROVIDER_NAME'."
124 | echo "Known providers are: terraform-provider-xray."
125 | exit 1
126 | ;;
127 | esac
128 |
129 | # Safety checks
130 | ensure_clean_worktree
131 | if tag_exists "$NEW_VERSION"; then
132 | echo "Error: Tag $NEW_VERSION already exists locally or on origin." >&2
133 | exit 1
134 | fi
135 |
136 | echo "--- Starting release process for provider '${PROVIDER_NAME}' and version ${NEW_VERSION} ---"
137 |
138 | # --- Git Workflow ---
139 | # 1. Checkout the correct base branch.
140 | echo "About to checkout branch '${BRANCH_TO_CHECKOUT}'..."
141 | confirm "Proceed to checkout '${BRANCH_TO_CHECKOUT}'?"
142 | git checkout "${BRANCH_TO_CHECKOUT}"
143 |
144 | # 2. Pull the latest code.
145 | echo "About to pull latest code from '${BRANCH_TO_CHECKOUT}'..."
146 | confirm "Proceed to pull from '${BRANCH_TO_CHECKOUT}'?"
147 | git pull --ff-only
148 |
149 | # 3. Checkout a new branch for the release.
150 | echo "About to create and checkout new release branch: ${NEW_VERSION}..."
151 | confirm "Proceed to create branch '${NEW_VERSION}'?"
152 | git checkout -b "${NEW_VERSION}"
153 |
154 | # 4. Push the new branch to the remote repository.
155 | echo "About to push new branch to origin: ${NEW_VERSION}..."
156 | confirm "Proceed to push branch '${NEW_VERSION}' to origin?"
157 | git push -u origin "${NEW_VERSION}"
158 |
159 | # 5. Create a new tag from the new branch.
160 | echo "About to create new tag: ${NEW_VERSION}..."
161 | confirm "Proceed to create tag '${NEW_VERSION}'?"
162 | git tag "${NEW_VERSION}"
163 |
164 | # 6. Push the new tag to the remote repository.
165 | echo "About to push new tag to origin: ${NEW_VERSION}..."
166 | confirm "Proceed to push tag '${NEW_VERSION}' to origin?"
167 | git push origin tag "${NEW_VERSION}"
168 |
169 | echo ""
170 | echo "--- Release process completed successfully for ${PROVIDER_NAME}! ---"
171 |
172 |
--------------------------------------------------------------------------------
/pkg/xray/resource/resource_xray_exposures_report.go:
--------------------------------------------------------------------------------
1 | package xray
2 |
3 | import (
4 | "context"
5 |
6 | "github.com/hashicorp/terraform-plugin-framework-validators/setvalidator"
7 | "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
8 | "github.com/hashicorp/terraform-plugin-framework/attr"
9 | "github.com/hashicorp/terraform-plugin-framework/diag"
10 | "github.com/hashicorp/terraform-plugin-framework/resource"
11 | "github.com/hashicorp/terraform-plugin-framework/resource/schema"
12 | "github.com/hashicorp/terraform-plugin-framework/schema/validator"
13 | "github.com/hashicorp/terraform-plugin-framework/types"
14 | "github.com/jfrog/terraform-provider-shared/util"
15 | )
16 |
17 | var _ resource.Resource = &ExposuresReportResource{}
18 |
19 | func NewExposuresReportResource() resource.Resource {
20 | return &ExposuresReportResource{
21 | ReportResource: ReportResource{
22 | TypeName: "xray_exposures_report",
23 | },
24 | }
25 | }
26 |
27 | type ExposuresReportResource struct {
28 | ReportResource
29 | }
30 |
31 | func (r *ExposuresReportResource) toFiltersAPIModel(ctx context.Context, filtersElems []attr.Value) (*FiltersAPIModel, diag.Diagnostics) {
32 | diags := diag.Diagnostics{}
33 |
34 | var filters *FiltersAPIModel
35 | if len(filtersElems) > 0 {
36 | attrs := filtersElems[0].(types.Object).Attributes()
37 |
38 | var scanDate *StartAndEndDateAPIModel
39 | scanDateElems := attrs["scan_date"].(types.Set).Elements()
40 | if len(scanDateElems) > 0 {
41 | attrs := scanDateElems[0].(types.Object).Attributes()
42 |
43 | scanDate = &StartAndEndDateAPIModel{
44 | Start: attrs["start"].(types.String).ValueString(),
45 | End: attrs["end"].(types.String).ValueString(),
46 | }
47 | }
48 |
49 | filters = &FiltersAPIModel{
50 | Category: attrs["category"].(types.String).ValueString(),
51 | ImpactedArtifact: attrs["impacted_artifact"].(types.String).ValueString(),
52 | ScanDate: scanDate,
53 | }
54 | }
55 | return filters, diags
56 | }
57 |
58 | func (r ExposuresReportResource) toAPIModel(ctx context.Context, plan ReportResourceModel, report *ReportAPIModel) diag.Diagnostics {
59 | return plan.toAPIModel(ctx, report, r.toFiltersAPIModel)
60 | }
61 |
62 | func (r *ExposuresReportResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
63 | resp.TypeName = r.TypeName
64 | }
65 |
66 | var exposuresFiltersAttrs = map[string]schema.Attribute{
67 | "category": schema.StringAttribute{
68 | Required: true,
69 | Validators: []validator.String{
70 | stringvalidator.OneOf("secrets", "services", "applications", "iac"),
71 | },
72 | Description: "The exposure category. Must be one of: 'secrets', 'services', 'applications', 'iac'.",
73 | },
74 | "impacted_artifact": schema.StringAttribute{
75 | Optional: true,
76 | Validators: []validator.String{
77 | stringvalidator.LengthAtLeast(1),
78 | },
79 | Description: "Filter by impacted artifact name.",
80 | },
81 | }
82 |
83 | var exposuresFiltersBlocks = map[string]schema.Block{
84 | "scan_date": schema.SetNestedBlock{
85 | NestedObject: schema.NestedBlockObject{
86 | Attributes: map[string]schema.Attribute{
87 | "start": schema.StringAttribute{
88 | Optional: true,
89 | Validators: []validator.String{
90 | IsRFC3339Time(),
91 | },
92 | Description: "Scan from date.",
93 | },
94 | "end": schema.StringAttribute{
95 | Optional: true,
96 | Validators: []validator.String{
97 | IsRFC3339Time(),
98 | },
99 | Description: "Scan to date.",
100 | },
101 | },
102 | },
103 | Validators: []validator.Set{
104 | setvalidator.SizeAtMost(1),
105 | },
106 | Description: "Scan date range.",
107 | },
108 | }
109 |
110 | func (r *ExposuresReportResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
111 | resp.Schema = schema.Schema{
112 | Version: 1,
113 | Attributes: reportsSchemaAttrs,
114 | Blocks: reportsBlocks(exposuresFiltersAttrs, exposuresFiltersBlocks),
115 | Description: "Creates Xray Exposures report. The Exposures report provides you with information about " +
116 | "potential security exposures in your artifacts, such as secrets, services, applications, and IaC configurations.",
117 | }
118 | }
119 |
120 | func (r *ExposuresReportResource) ValidateConfig(ctx context.Context, req resource.ValidateConfigRequest, resp *resource.ValidateConfigResponse) {
121 | validateSingleResourceType(ctx, req, resp)
122 | validateDateRanges(ctx, req, resp, "scan_date")
123 | validateProjectsScope(ctx, req, resp, r.ProviderData.Client)
124 | }
125 |
126 | func (r *ExposuresReportResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
127 | // Prevent panic if the provider has not been configured.
128 | if req.ProviderData == nil {
129 | return
130 | }
131 | r.ProviderData = req.ProviderData.(util.ProviderMetadata)
132 | }
133 |
134 | func (r *ExposuresReportResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
135 | r.ReportResource.Create(ctx, "exposures", r.toAPIModel, req, resp)
136 | }
137 |
138 | func (r *ExposuresReportResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
139 | r.ReportResource.Read(ctx, req, resp)
140 | }
141 |
142 | func (r *ExposuresReportResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
143 | // Add error about API limitations
144 | resp.Diagnostics.AddError(
145 | "Exposures Report Update Not Supported",
146 | "Direct updates to Exposures Report are not supported by the public API. The resource needs to be destroyed and recreated to apply changes.",
147 | )
148 | }
149 |
150 | func (r *ExposuresReportResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
151 | r.ReportResource.Delete(ctx, req, resp)
152 | }
153 |
--------------------------------------------------------------------------------
/pkg/xray/resource/resource_xray_settings_test.go:
--------------------------------------------------------------------------------
1 | package xray_test
2 |
3 | import (
4 | "fmt"
5 | "regexp"
6 | "testing"
7 |
8 | "github.com/hashicorp/terraform-plugin-testing/helper/resource"
9 | "github.com/hashicorp/terraform-plugin-testing/plancheck"
10 | "github.com/jfrog/terraform-provider-shared/testutil"
11 | "github.com/jfrog/terraform-provider-shared/util"
12 | "github.com/jfrog/terraform-provider-xray/v3/pkg/acctest"
13 | )
14 |
15 | func TestAccSettings_UpgradeFromSDKv2(t *testing.T) {
16 | _, fqrn, resourceName := testutil.MkNames("test-settings", "xray_settings")
17 |
18 | tmpl := `
19 | resource "xray_settings" "{{ .name }}" {
20 | enabled = true
21 | allow_blocked = {{ .allowBlocked }}
22 | allow_when_unavailable = {{ .allowWhenUnavailable }}
23 | block_unscanned_timeout = {{ .blockUnscannedTimeout }}
24 | block_unfinished_scans_timeout = {{ .blockUnfinishedScansTimeout }}
25 | db_sync_updates_time = "00:00"
26 | }`
27 |
28 | testData := map[string]any{
29 | "name": resourceName,
30 | "allowBlocked": testutil.RandBool(),
31 | "allowWhenUnavailable": testutil.RandBool(),
32 | "blockUnscannedTimeout": 120,
33 | "blockUnfinishedScansTimeout": 3600,
34 | }
35 |
36 | config := util.ExecuteTemplate(fqrn, tmpl, testData)
37 |
38 | resource.Test(t, resource.TestCase{
39 | Steps: []resource.TestStep{
40 | {
41 | ExternalProviders: map[string]resource.ExternalProvider{
42 | "xray": {
43 | VersionConstraint: "2.4.0",
44 | Source: "jfrog/xray",
45 | },
46 | },
47 | Config: config,
48 | Check: resource.ComposeTestCheckFunc(
49 | resource.TestCheckResourceAttr(fqrn, "enabled", "true"),
50 | resource.TestCheckResourceAttr(fqrn, "allow_blocked", fmt.Sprintf("%t", testData["allowBlocked"])),
51 | resource.TestCheckResourceAttr(fqrn, "allow_when_unavailable", fmt.Sprintf("%t", testData["allowWhenUnavailable"])),
52 | resource.TestCheckResourceAttr(fqrn, "block_unscanned_timeout", fmt.Sprintf("%d", testData["blockUnscannedTimeout"])),
53 | resource.TestCheckResourceAttr(fqrn, "block_unfinished_scans_timeout", fmt.Sprintf("%d", testData["blockUnfinishedScansTimeout"])),
54 | resource.TestCheckResourceAttr(fqrn, "db_sync_updates_time", "00:00"),
55 | ),
56 | },
57 | {
58 | ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
59 | Config: config,
60 | ConfigPlanChecks: resource.ConfigPlanChecks{
61 | PreApply: []plancheck.PlanCheck{
62 | plancheck.ExpectEmptyPlan(),
63 | },
64 | },
65 | },
66 | },
67 | })
68 | }
69 |
70 | func TestAccSettings_basic(t *testing.T) {
71 | _, fqrn, resourceName := testutil.MkNames("test-settings", "xray_settings")
72 |
73 | tmpl := `
74 | resource "xray_settings" "{{ .name }}" {
75 | enabled = true
76 | allow_blocked = {{ .allowBlocked }}
77 | allow_when_unavailable = {{ .allowWhenUnavailable }}
78 | block_unscanned_timeout = {{ .blockUnscannedTimeout }}
79 | block_unfinished_scans_timeout = {{ .blockUnfinishedScansTimeout }}
80 | db_sync_updates_time = "00:00"
81 | }`
82 |
83 | testData := map[string]any{
84 | "name": resourceName,
85 | "allowBlocked": testutil.RandBool(),
86 | "allowWhenUnavailable": testutil.RandBool(),
87 | "blockUnscannedTimeout": 120,
88 | "blockUnfinishedScansTimeout": 3600,
89 | }
90 |
91 | config := util.ExecuteTemplate(fqrn, tmpl, testData)
92 |
93 | resource.Test(t, resource.TestCase{
94 | ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
95 | Steps: []resource.TestStep{
96 | {
97 | Config: config,
98 | Check: resource.ComposeTestCheckFunc(
99 | resource.TestCheckResourceAttr(fqrn, "enabled", "true"),
100 | resource.TestCheckResourceAttr(fqrn, "allow_blocked", fmt.Sprintf("%t", testData["allowBlocked"])),
101 | resource.TestCheckResourceAttr(fqrn, "allow_when_unavailable", fmt.Sprintf("%t", testData["allowWhenUnavailable"])),
102 | resource.TestCheckResourceAttr(fqrn, "block_unscanned_timeout", fmt.Sprintf("%d", testData["blockUnscannedTimeout"])),
103 | resource.TestCheckResourceAttr(fqrn, "block_unfinished_scans_timeout", fmt.Sprintf("%d", testData["blockUnfinishedScansTimeout"])),
104 | resource.TestCheckResourceAttr(fqrn, "db_sync_updates_time", "00:00"),
105 | ),
106 | },
107 | {
108 | ResourceName: fqrn,
109 | ImportState: true,
110 | ImportStateVerify: true,
111 | },
112 | },
113 | })
114 | }
115 |
116 | func TestAccSettings_DbSyncTime(t *testing.T) {
117 | _, fqrn, resourceName := testutil.MkNames("db_sync-", "xray_settings")
118 | time := "18:45"
119 |
120 | resource.Test(t, resource.TestCase{
121 | ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
122 | Steps: []resource.TestStep{
123 | {
124 | Config: dbSyncTimeConfig(resourceName, time),
125 | Check: resource.TestCheckResourceAttr(fqrn, "db_sync_updates_time", time),
126 | },
127 | },
128 | })
129 | }
130 |
131 | func TestAccSettings_DbSyncTime_Invalid(t *testing.T) {
132 | _, _, resourceName := testutil.MkNames("db_sync-", "xray_settings")
133 | var invalidTime = []string{"24:00", "24:55", "", "12:0", "string", "12pm", "9:00"}
134 | for _, time := range invalidTime {
135 | resource.Test(t, resource.TestCase{
136 | ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
137 | Steps: []resource.TestStep{
138 | {
139 | Config: dbSyncTimeConfig(resourceName, time),
140 | ExpectError: regexp.MustCompile(`.*Wrong format input, expected valid\n.*hour:minutes \(HH:mm\) form.*`),
141 | },
142 | },
143 | })
144 | }
145 | }
146 |
147 | func dbSyncTimeConfig(resourceName string, time string) string {
148 | return fmt.Sprintf(`
149 | resource "xray_settings" "%s" {
150 | db_sync_updates_time = "%s"
151 | }
152 | `, resourceName, time)
153 | }
154 |
--------------------------------------------------------------------------------
/examples/resources/xray_vulnerabilities_report/resource.tf:
--------------------------------------------------------------------------------
1 | # Example: Create a vulnerabilities report for repositories with CVE
2 | resource "xray_vulnerabilities_report" "repository-report" {
3 | name = "repository-vulnerabilities-report"
4 |
5 | # Automated report generation (requires Xray 3.130.0 or higher)
6 | cron_schedule = "30 09 * * MON"
7 | cron_schedule_timezone = "America/New_York"
8 | emails = ["security-team@example.com", "devops@example.com"]
9 | resources {
10 | repository {
11 | name = "docker-local"
12 | include_path_patterns = ["folder1/path/*", "folder2/path*"]
13 | exclude_path_patterns = ["folder1/path2/*", "folder2/path2*"]
14 | }
15 | repository {
16 | name = "libs-release-local"
17 | include_path_patterns = ["**/*.jar", "**/*.war"]
18 | }
19 | }
20 | filters {
21 | vulnerable_component = "*log4j*"
22 | impacted_artifact = "*spring*"
23 | has_remediation = true
24 | cve = "CVE-2021-44228"
25 | cvss_score {
26 | min_score = 7.0
27 | max_score = 10.0
28 | }
29 | published {
30 | start = "2023-01-01T00:00:00Z"
31 | end = "2023-12-31T23:59:59Z"
32 | }
33 | scan_date {
34 | start = "2023-01-01T00:00:00Z"
35 | end = "2023-12-31T23:59:59Z"
36 | }
37 |
38 | # Contextual Analysis Filter (requires Xray 3.130.0 or higher)
39 | ca_filter {
40 | allowed_ca_statuses = [
41 | "applicable",
42 | "not_applicable",
43 | "undetermined",
44 | "not_scanned"
45 | ]
46 | }
47 |
48 | # Runtime Filter (requires Xray 3.130.0 or higher)
49 | runtime_filter {
50 | time_period = "7 days"
51 | }
52 | }
53 | }
54 |
55 | # Example: Create a vulnerabilities report for builds with patterns
56 | resource "xray_vulnerabilities_report" "build-report" {
57 | name = "build-vulnerabilities-report"
58 |
59 | # Automated report generation (requires Xray 3.130.0 or higher)
60 | cron_schedule = "00 23 * * SUN"
61 | cron_schedule_timezone = "Europe/London"
62 | emails = ["build-team@example.com", "ci-cd@example.com"]
63 | resources {
64 | builds {
65 | include_patterns = ["build-*", "release-*"]
66 | exclude_patterns = ["test-*", "dev-*"]
67 | number_of_latest_versions = 5
68 | }
69 | }
70 | filters {
71 | vulnerable_component = "*node*"
72 | impacted_artifact = "*web-app*"
73 | has_remediation = false
74 | issue_id = "XRAY-87343"
75 | severities = ["High", "Medium"]
76 | published {
77 | start = "2023-01-01T00:00:00Z"
78 | end = "2023-12-31T23:59:59Z"
79 | }
80 | scan_date {
81 | start = "2023-01-01T00:00:00Z"
82 | end = "2023-12-31T23:59:59Z"
83 | }
84 |
85 | # Contextual Analysis Filter (requires Xray 3.130.0 or higher)
86 | ca_filter {
87 | allowed_ca_statuses = [
88 | "applicable",
89 | "not_applicable",
90 | "undetermined",
91 | "not_scanned"
92 | ]
93 | }
94 |
95 | # Runtime Filter (requires Xray 3.130.0 or higher)
96 | runtime_filter {
97 | time_period = "7 days"
98 | }
99 | }
100 | }
101 |
102 | # Example: Create a vulnerabilities report for projects
103 | resource "xray_vulnerabilities_report" "project-report" {
104 | name = "project-vulnerabilities-report"
105 |
106 | # Automated report generation (requires Xray 3.130.0 or higher)
107 | cron_schedule = "15 06 * * *"
108 | cron_schedule_timezone = "Asia/Tokyo"
109 | emails = ["project-team@example.com", "managers@example.com"]
110 | resources {
111 | projects {
112 | keys = ["project-1", "project-2"]
113 | number_of_latest_versions = 3
114 | }
115 | }
116 | filters {
117 | vulnerable_component = "*commons*"
118 | impacted_artifact = "*utils*"
119 | has_remediation = true
120 | severities = ["Critical", "High", "Medium"]
121 | published {
122 | start = "2023-01-01T00:00:00Z"
123 | end = "2023-12-31T23:59:59Z"
124 | }
125 | scan_date {
126 | start = "2023-01-01T00:00:00Z"
127 | end = "2023-12-31T23:59:59Z"
128 | }
129 |
130 | # Contextual Analysis Filter (requires Xray 3.130.0 or higher)
131 | ca_filter {
132 | allowed_ca_statuses = [
133 | "applicable",
134 | "not_applicable",
135 | "undetermined",
136 | "not_scanned"
137 | ]
138 | }
139 |
140 | # Runtime Filter (requires Xray 3.130.0 or higher)
141 | runtime_filter {
142 | time_period = "7 days"
143 | }
144 | }
145 | }
146 |
147 | # Example: Create a vulnerabilities report for release bundles
148 | resource "xray_vulnerabilities_report" "release-bundle-report" {
149 | name = "release-bundle-vulnerabilities-report"
150 |
151 | # Automated report generation (requires Xray 3.130.0 or higher)
152 | cron_schedule = "45 12 * * FRI"
153 | cron_schedule_timezone = "UTC"
154 | emails = ["release-team@example.com", "qa@example.com"]
155 | resources {
156 | release_bundles {
157 | names = ["release-1", "release-2"]
158 | number_of_latest_versions = 3
159 | }
160 | }
161 | filters {
162 | vulnerable_component = "*maven*"
163 | impacted_artifact = "*core*"
164 | has_remediation = true
165 | cvss_score {
166 | min_score = 8.0
167 | max_score = 10.0
168 | }
169 | published {
170 | start = "2023-01-01T00:00:00Z"
171 | end = "2023-12-31T23:59:59Z"
172 | }
173 | scan_date {
174 | start = "2023-01-01T00:00:00Z"
175 | end = "2023-12-31T23:59:59Z"
176 | }
177 |
178 | # Contextual Analysis Filter (requires Xray 3.130.0 or higher)
179 | ca_filter {
180 | allowed_ca_statuses = [
181 | "applicable",
182 | "not_applicable",
183 | "undetermined",
184 | "not_scanned"
185 | ]
186 | }
187 |
188 | # Runtime Filter (requires Xray 3.130.0 or higher)
189 | runtime_filter {
190 | time_period = "7 days"
191 | }
192 | }
193 | }
--------------------------------------------------------------------------------
/examples/resources/xray_violations_report/resource.tf:
--------------------------------------------------------------------------------
1 | # Example: Create a security violations report for repositories with all features
2 | resource "xray_violations_report" "security-report" {
3 | name = "security-violations-report"
4 |
5 | cron_schedule = "30 09 * * MON" # requires Xray 3.130.0 or higher
6 | cron_schedule_timezone = "America/New_York" # requires Xray 3.130.0 or higher
7 | emails = ["security-team@example.com", "devops@example.com"] # requires Xray 3.130.0 or higher
8 |
9 | resources {
10 | repository {
11 | name = "docker-local"
12 | include_path_patterns = ["folder1/path/*", "folder2/path*"]
13 | exclude_path_patterns = ["folder1/path2/*", "folder2/path2*"]
14 | }
15 | repository {
16 | name = "libs-release-local"
17 | include_path_patterns = ["**/*.jar", "**/*.war"]
18 | }
19 | }
20 |
21 | filters {
22 | type = "security"
23 | watch_names = ["security-watch"]
24 | policy_names = ["security-policy"]
25 | component = "*log4j*"
26 | artifact = "*spring*"
27 | violation_status = "Active"
28 | severities = ["Critical", "High", "Medium"]
29 |
30 | # Contextual Analysis Filter (requires Xray 3.130.0 or higher)
31 | ca_filter {
32 | allowed_ca_statuses = [
33 | "applicable",
34 | "not_applicable",
35 | "undetermined",
36 | "not_scanned"
37 | ]
38 | }
39 |
40 | # Runtime Filter (requires Xray 3.130.0 or higher)
41 | runtime_filter {
42 | time_period = "7 days"
43 | }
44 |
45 | security_filters {
46 | issue_id = "XRAY-87343"
47 | summary_contains = "remote code execution"
48 | has_remediation = true
49 | cvss_score {
50 | min_score = 7.0
51 | max_score = 10.0
52 | }
53 | published {
54 | start = "2023-01-01T00:00:00Z"
55 | end = "2023-12-31T23:59:59Z"
56 | }
57 | }
58 |
59 | updated {
60 | start = "2023-01-01T00:00:00Z"
61 | end = "2023-12-31T23:59:59Z"
62 | }
63 | }
64 | }
65 |
66 | # Example: Create a license violations report for builds with scheduled reporting
67 | resource "xray_violations_report" "license-report" {
68 | name = "license-violations-report"
69 |
70 | # Automated report generation (requires Xray 3.130.0 or higher)
71 | cron_schedule = "00 23 * * SUN" # requires Xray 3.130.0 or higher
72 | cron_schedule_timezone = "Europe/London" # requires Xray 3.130.0 or higher
73 | emails = ["legal-team@example.com", "compliance@example.com"] # requires Xray 3.130.0 or higher
74 |
75 | resources {
76 | builds {
77 | names = ["build-1", "build-2"]
78 | number_of_latest_versions = 5
79 | }
80 | }
81 |
82 | filters {
83 | type = "license"
84 | watch_patterns = ["license-watch-*"]
85 | policy_names = ["license-policy"]
86 | component = "*commons*"
87 | artifact = "*utils*"
88 | violation_status = "Active"
89 | severities = ["High"]
90 |
91 | # Contextual Analysis Filter (requires Xray 3.130.0 or higher)
92 | ca_filter {
93 | allowed_ca_statuses = [
94 | "applicable",
95 | "technology_unsupported",
96 | "upgrade_required"
97 | ]
98 | }
99 |
100 | # Runtime Filter (requires Xray 3.130.0 or higher)
101 | runtime_filter {
102 | time_period = "30 days"
103 | }
104 |
105 | license_filters {
106 | unknown = true
107 | license_names = ["GPL-2.0", "AGPL-3.0"]
108 | }
109 |
110 | updated {
111 | start = "2023-01-01T00:00:00Z"
112 | end = "2023-12-31T23:59:59Z"
113 | }
114 | }
115 | }
116 |
117 | # Example: Create an operational risk violations report for projects with daily updates
118 | resource "xray_violations_report" "operational-risk-report" {
119 | name = "operational-risk-violations-report"
120 |
121 | # Automated report generation
122 | cron_schedule = "15 06 * * *" # requires Xray 3.130.0 or higher
123 | cron_schedule_timezone = "Asia/Tokyo" # requires Xray 3.130.0 or higher
124 | emails = ["ops-team@example.com", "risk-management@example.com"] # requires Xray 3.130.0 or higher
125 |
126 | resources {
127 | projects {
128 | keys = ["project-1", "project-2"]
129 | number_of_latest_versions = 3
130 | }
131 | }
132 |
133 | filters {
134 | type = "operational_risk"
135 | watch_names = ["ops-risk-watch"]
136 | policy_names = ["ops-risk-policy"]
137 | component = "*node*"
138 | artifact = "*web-app*"
139 | violation_status = "Active"
140 | severities = ["Critical", "High", "Medium"]
141 |
142 | # Contextual Analysis Filter (requires Xray 3.130.0 or higher)
143 | ca_filter {
144 | allowed_ca_statuses = [
145 | "applicable",
146 | "rescan_required",
147 | "not_covered"
148 | ]
149 | }
150 |
151 | # Runtime Filter (requires Xray 3.130.0 or higher)
152 | runtime_filter {
153 | time_period = "24 hours"
154 | }
155 |
156 | updated {
157 | start = "2023-01-01T00:00:00Z"
158 | end = "2023-12-31T23:59:59Z"
159 | }
160 | }
161 | }
162 |
163 | # Example: Create a malicious violations report for release bundles with weekly schedule
164 | resource "xray_violations_report" "malicious-report" {
165 | name = "malicious-violations-report"
166 |
167 | # Automated report generation (requires Xray 3.130.0 or higher)
168 | cron_schedule = "45 12 * * FRI"
169 | cron_schedule_timezone = "UTC"
170 | emails = ["security-alerts@example.com"]
171 |
172 | resources {
173 | release_bundles {
174 | names = ["release-1", "release-2"]
175 | number_of_latest_versions = 2
176 | }
177 | }
178 |
179 | filters {
180 | type = "malicious"
181 | watch_names = ["malware-watch"]
182 | policy_names = ["malware-policy"]
183 | component = "*npm*"
184 | artifact = "*package*"
185 | violation_status = "Active"
186 | severities = ["Critical"]
187 |
188 | # Contextual Analysis Filter (requires Xray 3.130.0 or higher)
189 | ca_filter {
190 | allowed_ca_statuses = [
191 | "applicable",
192 | "not_scanned",
193 | "undetermined"
194 | ]
195 | }
196 |
197 | # Runtime Filter (requires Xray 3.130.0 or higher)
198 | runtime_filter {
199 | time_period = "3 days"
200 | }
201 |
202 | updated {
203 | start = "2023-01-01T00:00:00Z"
204 | end = "2023-12-31T23:59:59Z"
205 | }
206 | }
207 | }
--------------------------------------------------------------------------------
/pkg/xray/resource/resource_xray_operational_risks_report.go:
--------------------------------------------------------------------------------
1 | package xray
2 |
3 | import (
4 | "context"
5 |
6 | "github.com/hashicorp/terraform-plugin-framework-validators/setvalidator"
7 | "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
8 | "github.com/hashicorp/terraform-plugin-framework/attr"
9 | "github.com/hashicorp/terraform-plugin-framework/diag"
10 | "github.com/hashicorp/terraform-plugin-framework/resource"
11 | "github.com/hashicorp/terraform-plugin-framework/resource/schema"
12 | "github.com/hashicorp/terraform-plugin-framework/resource/schema/setdefault"
13 | "github.com/hashicorp/terraform-plugin-framework/schema/validator"
14 | "github.com/hashicorp/terraform-plugin-framework/types"
15 | "github.com/jfrog/terraform-provider-shared/util"
16 | )
17 |
18 | var _ resource.Resource = &OperationalRisksReportResource{}
19 |
20 | func NewOperationalRisksReportResource() resource.Resource {
21 | return &OperationalRisksReportResource{
22 | ReportResource: ReportResource{
23 | TypeName: "xray_operational_risks_report",
24 | },
25 | }
26 | }
27 |
28 | type OperationalRisksReportResource struct {
29 | ReportResource
30 | }
31 |
32 | func (r *OperationalRisksReportResource) toFiltersAPIModel(ctx context.Context, filtersElems []attr.Value) (*FiltersAPIModel, diag.Diagnostics) {
33 | diags := diag.Diagnostics{}
34 |
35 | var filters *FiltersAPIModel
36 | if len(filtersElems) > 0 {
37 | attrs := filtersElems[0].(types.Object).Attributes()
38 |
39 | var risks []string
40 | d := attrs["risks"].(types.Set).ElementsAs(ctx, &risks, false)
41 | if d.HasError() {
42 | diags.Append(d...)
43 | }
44 |
45 | var scanDate *StartAndEndDateAPIModel
46 | scanDateElems := attrs["scan_date"].(types.Set).Elements()
47 | if len(scanDateElems) > 0 {
48 | attrs := scanDateElems[0].(types.Object).Attributes()
49 |
50 | scanDate = &StartAndEndDateAPIModel{
51 | Start: attrs["start"].(types.String).ValueString(),
52 | End: attrs["end"].(types.String).ValueString(),
53 | }
54 | }
55 |
56 | filters = &FiltersAPIModel{
57 | Component: attrs["component"].(types.String).ValueString(),
58 | Artifact: attrs["artifact"].(types.String).ValueString(),
59 | Risks: risks,
60 | ScanDate: scanDate,
61 | }
62 | }
63 |
64 | return filters, diags
65 | }
66 |
67 | func (r OperationalRisksReportResource) toAPIModel(ctx context.Context, plan ReportResourceModel, report *ReportAPIModel) diag.Diagnostics {
68 | return plan.toAPIModel(ctx, report, r.toFiltersAPIModel)
69 | }
70 |
71 | func (r *OperationalRisksReportResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
72 | resp.TypeName = r.TypeName
73 | }
74 |
75 | var opRisksFiltersAttrs = map[string]schema.Attribute{
76 | "component": schema.StringAttribute{
77 | Optional: true,
78 | Validators: []validator.String{
79 | stringvalidator.LengthAtLeast(1),
80 | },
81 | Description: "Artifact's component.",
82 | },
83 | "artifact": schema.StringAttribute{
84 | Optional: true,
85 | Validators: []validator.String{
86 | stringvalidator.LengthAtLeast(1),
87 | },
88 | Description: "Artifact name.",
89 | },
90 | "risks": schema.SetAttribute{
91 | ElementType: types.StringType,
92 | Optional: true,
93 | Computed: true,
94 | Default: setdefault.StaticValue(types.SetValueMust(types.StringType, []attr.Value{})), // backward compatibility with SDKv2 version
95 | Validators: []validator.Set{
96 | setvalidator.SizeAtLeast(1),
97 | setvalidator.ValueStringsAre(
98 | stringvalidator.OneOf("None", "Low", "Medium", "High"),
99 | ),
100 | },
101 | Description: "Operational risk level. Allowed values: 'None', 'Low', 'Medium', 'High'.",
102 | },
103 | }
104 |
105 | var opRisksFiltersBlocks = map[string]schema.Block{
106 | "scan_date": schema.SetNestedBlock{
107 | NestedObject: schema.NestedBlockObject{
108 | Attributes: map[string]schema.Attribute{
109 | "start": schema.StringAttribute{
110 | Optional: true,
111 | Validators: []validator.String{
112 | IsRFC3339Time(),
113 | },
114 | Description: "Scan start date.",
115 | },
116 | "end": schema.StringAttribute{
117 | Optional: true,
118 | Validators: []validator.String{
119 | IsRFC3339Time(),
120 | },
121 | Description: "Scan end date.",
122 | },
123 | },
124 | },
125 | Validators: []validator.Set{
126 | setvalidator.SizeAtMost(1),
127 | },
128 | },
129 | }
130 |
131 | func (r *OperationalRisksReportResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
132 | resp.Schema = schema.Schema{
133 | Version: 1,
134 | Attributes: reportsSchemaAttrs,
135 | Blocks: reportsBlocks(opRisksFiltersAttrs, opRisksFiltersBlocks),
136 | Description: "Creates Xray Operational Risks report. The Operational Risk report provides you with additional " +
137 | "data on OSS components that will help you gain insights into the risk level of the components in use, " +
138 | "such as; EOL, Version Age, Number of New Versions, and so on. For more information, see " +
139 | "[Components Operational Risk](https://www.jfrog.com/confluence/display/JFROG/Components+Operational+Risk)",
140 | }
141 | }
142 |
143 | func (r *OperationalRisksReportResource) ValidateConfig(ctx context.Context, req resource.ValidateConfigRequest, resp *resource.ValidateConfigResponse) {
144 | validateSingleResourceType(ctx, req, resp)
145 | validateDateRanges(ctx, req, resp, "scan_date")
146 | validateProjectsScope(ctx, req, resp, r.ProviderData.Client)
147 | }
148 |
149 | func (r *OperationalRisksReportResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
150 | // Prevent panic if the provider has not been configured.
151 | if req.ProviderData == nil {
152 | return
153 | }
154 | r.ProviderData = req.ProviderData.(util.ProviderMetadata)
155 | }
156 |
157 | func (r *OperationalRisksReportResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
158 | r.ReportResource.Create(ctx, "operationalRisks", r.toAPIModel, req, resp)
159 | }
160 |
161 | func (r *OperationalRisksReportResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
162 | r.ReportResource.Read(ctx, req, resp)
163 | }
164 |
165 | func (r *OperationalRisksReportResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
166 | // Add error about API limitations
167 | resp.Diagnostics.AddError(
168 | "Operational Risks Report Update Not Supported",
169 | "Direct updates to Operational Risks Report are not supported by the public API. The resource needs to be destroyed and recreated to apply changes.",
170 | )
171 | }
172 |
173 | func (r *OperationalRisksReportResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
174 | r.ReportResource.Delete(ctx, req, resp)
175 | }
176 |
--------------------------------------------------------------------------------
/docs/resources/ignore_rule.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_ignore_rule Resource - terraform-provider-xray"
4 | subcategory: "Ignore Rule"
5 | ---
6 |
7 | # xray_ignore_rule (Resource)
8 |
9 | Provides an Xray ignore rule resource. See [Xray Ignore Rules](https://www.jfrog.com/confluence/display/JFROG/Ignore+Rules) and [REST API](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-IGNORERULES) for more details.
10 |
11 | ~> At least one of the `vulnerabilities/cves/liceneses`, `component`, and `dockerlayers/artifact/build/releasebundle` should not be empty. When selecting the ignore criteria, take note of the combinations you choose. Some combinations such as omitting everything is not allowed as it will ignore all future violations (in the watch or in the system).
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "xray_ignore_rule" "ignore-rule-5649816" {
17 | notes = "notes"
18 | cves = ["fake-cves", "cves-1"]
19 | expiration_date = "2026-10-25"
20 | }
21 |
22 | resource "xray_ignore_rule" "ignore-rule-2195938" {
23 | notes = "notes"
24 | expiration_date = "2026-10-19"
25 | vulnerabilities = ["any"]
26 |
27 | build {
28 | name = "name"
29 | version = "version"
30 | }
31 | }
32 |
33 | resource "xray_ignore_rule" "ignore-rule-2590577" {
34 | notes = "notes"
35 | expiration_date = "2026-10-19"
36 | vulnerabilities = ["any"]
37 |
38 | component {
39 | name = "name"
40 | version = "version"
41 | }
42 | }
43 |
44 | resource "xray_ignore_rule" "ignore-111" {
45 | notes = "fake notes"
46 | expiration_date = "2026-01-02"
47 | vulnerabilities = ["any"]
48 |
49 | artifact {
50 | name = "fake-name"
51 | version = "fake-version"
52 | path = "invalid-path/"
53 | }
54 | }
55 |
56 | resource "xray_ignore_rule" "ignore-rule-2590576" {
57 | notes = "notes"
58 | expiration_date = "2026-04-05"
59 | cves = ["any"]
60 | vulnerabilities = ["any"]
61 |
62 | release_bundle {
63 | name = "fake-name"
64 | version = "fake-version"
65 | }
66 | }
67 |
68 | resource "xray_ignore_rule" "ignore-rule-2590577" {
69 | notes = "notes"
70 | expiration_date = "2026-04-06"
71 | cves = ["any"]
72 | vulnerabilities = ["any"]
73 |
74 | release_bundles_v2 {
75 | name = "releaseBundleV2://fake-name"
76 | version = "fake-version"
77 | }
78 | }
79 |
80 | resource "xray_ignore_rule" "ignore-rule-2590578" {
81 | notes = "notes"
82 | expiration_date = "2026-04-06"
83 |
84 | exposures {
85 | scanners = [ "EXP-123" ]
86 | categories = [ "secrets" , "applications" ]
87 | file_path = ["/path/to/file"]
88 | }
89 | }
90 | ```
91 |
92 |
93 | ## Schema
94 |
95 | ### Required
96 |
97 | - `notes` (String) Notes of the ignore rule
98 |
99 | ### Optional
100 |
101 | - `artifact` (Block Set) List of specific artifacts to ignore. Omit to apply to all. (see [below for nested schema](#nestedblock--artifact))
102 | - `build` (Block Set) List of specific builds to ignore. Omit to apply to all. (see [below for nested schema](#nestedblock--build))
103 | - `component` (Block Set) List of specific components to ignore. Omit to apply to all. (see [below for nested schema](#nestedblock--component))
104 | - `cves` (Set of String) List of specific CVEs to ignore. Omit to apply to all. Should set to 'any' when 'vulnerabilities' is set to 'any'.
105 | - `docker_layers` (Set of String) List of Docker layer SHA256 hashes to ignore. Omit to apply to all.
106 | - `expiration_date` (String) The Ignore Rule will be active until the expiration date. At that date it will automatically get deleted. The rule with the expiration date less than current day, will error out. Vaule assumes to be in local timezone. Ensure client and server time zones match.
107 | - `exposures` (Block, Optional) List of specific exposures to ignore. Omit to apply to all. (see [below for nested schema](#nestedblock--exposures))
108 | - `licenses` (Set of String) List of specific licenses to ignore. Omit to apply to all.
109 | - `operational_risk` (Set of String) Operational risk to ignore. Only accept 'any'
110 | - `policies` (Set of String) List of specific policies to ignore. Omit to apply to all.
111 | - `project_key` (String) Project key for assigning this resource to. Must be 2 - 10 lowercase alphanumeric and hyphen characters.
112 | - `release_bundle` (Block Set) List of specific release bundles to ignore. Omit to apply to all. (see [below for nested schema](#nestedblock--release_bundle))
113 | - `release_bundles_v2` (Block Set) List of specific release bundles v2 to ignore. Omit to apply to all. (see [below for nested schema](#nestedblock--release_bundles_v2))
114 | - `vulnerabilities` (Set of String) List of specific vulnerabilities to ignore. Omit to apply to all.
115 | - `watches` (Set of String) List of specific watches to ignore. Omit to apply to all.
116 |
117 | ### Read-Only
118 |
119 | - `author` (String)
120 | - `created` (String)
121 | - `id` (String) ID of the ignore rule
122 | - `is_expired` (Boolean)
123 |
124 |
125 | ### Nested Schema for `artifact`
126 |
127 | Required:
128 |
129 | - `name` (String) Name of the artifact. Wildcards are not supported.
130 |
131 | Optional:
132 |
133 | - `path` (String) Path of the artifact. Must end with a '/'
134 | - `version` (String) Version of the artifact
135 |
136 |
137 |
138 | ### Nested Schema for `build`
139 |
140 | Required:
141 |
142 | - `name` (String) Name of the build
143 |
144 | Optional:
145 |
146 | - `version` (String) Version of the build
147 |
148 |
149 |
150 | ### Nested Schema for `component`
151 |
152 | Required:
153 |
154 | - `name` (String) Name of the component
155 |
156 | Optional:
157 |
158 | - `version` (String) Version of the component
159 |
160 |
161 |
162 | ### Nested Schema for `exposures`
163 |
164 | Optional:
165 |
166 | - `categories` (Set of String) Ignores all violations of the specific exposures category. Include one or more exposure categories: 'secrets', 'services', 'applications', or 'iac'.
167 | - `file_path` (Set of String) Path of the artifact. Must start with a '/'.
168 | - `scanners` (Set of String) Ignores all violations for the specific scanner. Scanner IDs must start with 'EXP-' followed by a number.
169 |
170 |
171 |
172 | ### Nested Schema for `release_bundle`
173 |
174 | Required:
175 |
176 | - `name` (String) Name of the release bundle
177 |
178 | Optional:
179 |
180 | - `version` (String) Version of the release bundle
181 |
182 |
183 |
184 | ### Nested Schema for `release_bundles_v2`
185 |
186 | Required:
187 |
188 | - `name` (String) Name of the release bundle v2. Must start with 'releaseBundleV2://'.
189 |
190 | Optional:
191 |
192 | - `version` (String) Version of the release bundle v2.
193 |
194 | ## Import
195 |
196 | Import is supported using the following syntax:
197 |
198 | ```shell
199 | terraform import xray_ignore_rule.my-rule 44b273ac-dca3-42dc-6819-f70648c0b48e
200 | ```
--------------------------------------------------------------------------------
/docs/resources/repository_config.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_repository_config Resource - terraform-provider-xray"
4 | subcategory: "Repository Config"
5 | ---
6 |
7 | # xray_repository_config (Resource)
8 |
9 | Provides an Xray repository config resource. See [Xray Indexing Resources](https://www.jfrog.com/confluence/display/JFROG/Indexing+Xray+Resources#IndexingXrayResources-SetaRetentionPeriod) and [REST API](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-UpdateRepositoriesConfigurations) for more details.
10 |
11 | ## Example Usage
12 |
13 | ```terraform
14 | resource "xray_repository_config" "xray-repo-config-pattern" {
15 | repo_name = "example-repo-local"
16 |
17 | config {
18 | vuln_contextual_analysis = true
19 | retention_in_days = 90
20 | }
21 |
22 | paths_config {
23 | pattern {
24 | include = "core/**"
25 | exclude = "core/internal/**"
26 | index_new_artifacts = true
27 | retention_in_days = 60
28 | }
29 |
30 | pattern {
31 | include = "core/**"
32 | exclude = "core/external/**"
33 | index_new_artifacts = true
34 | retention_in_days = 45
35 | }
36 |
37 | all_other_artifacts {
38 | index_new_artifacts = true
39 | retention_in_days = 60
40 | }
41 | }
42 | }
43 |
44 | resource "xray_repository_config" "xray-repo-config" {
45 | repo_name = "example-repo-local"
46 | jas_enabled = true
47 |
48 | config {
49 | vuln_contextual_analysis = true
50 | retention_in_days = 90
51 | }
52 | }
53 | ```
54 |
55 |
56 | ## Schema
57 |
58 | ### Required
59 |
60 | - `repo_name` (String) The name of the repository to update configurations for.
61 |
62 | ### Optional
63 |
64 | - `config` (Block Set) Single repository configuration. (see [below for nested schema](#nestedblock--config))
65 | - `jas_enabled` (Boolean) Specified if JFrog Advanced Security is enabled or not. Default to 'false'
66 | - `paths_config` (Block Set) Enables you to set a more granular retention period. It enables you to scan future artifacts within the specific path, and set a retention period for the historical data of artifacts after they are scanned (see [below for nested schema](#nestedblock--paths_config))
67 |
68 |
69 | ### Nested Schema for `config`
70 |
71 | Optional:
72 |
73 | - `exposures` (Block Set) Enables Xray to perform scans for multiple categories that cover security issues in your configurations and the usage of open source libraries in your code. Available only to CLOUD (SaaS)/SELF HOSTED for ENTERPRISE X and ENTERPRISE+ with Advanced DevSecOps. Must be set for Docker, Maven, NPM, PyPi, and Terraform Backend package type. (see [below for nested schema](#nestedblock--config--exposures))
74 | - `retention_in_days` (Number) The artifact will be retained for the number of days you set here, after the artifact is scanned. This will apply to all artifacts in the repository. Can be omitted when `paths_config` is set.
75 | - `vuln_contextual_analysis` (Boolean) Enables or disables vulnerability contextual analysis. Only for SaaS instances, will be available after Xray 3.59. Must be set for Docker, OCI, and Maven package types.
76 |
77 |
78 | ### Nested Schema for `config.exposures`
79 |
80 | Optional:
81 |
82 | - `scanners_category` (Block Set) Exposures' scanners categories configurations. (see [below for nested schema](#nestedblock--config--exposures--scanners_category))
83 |
84 |
85 | ### Nested Schema for `config.exposures.scanners_category`
86 |
87 | Optional:
88 |
89 | - `applications` (Boolean) Detect whether common OSS libraries and services are used securely by the application.
90 | - `iac` (Boolean) Scans IaC files stored in Artifactory for early detection of cloud and infrastructure misconfigurations to prevent attacks and data leak. Only supported by Terraform Backend package type.
91 | - `secrets` (Boolean) Detect any secret left exposed in any containers stored in Artifactory to stop any accidental leak of internal tokens or credentials.
92 | - `services` (Boolean) Detect whether common OSS libraries and services are configured securely, so application can be easily hardened by default.
93 |
94 |
95 |
96 |
97 |
98 | ### Nested Schema for `paths_config`
99 |
100 | Optional:
101 |
102 | - `all_other_artifacts` (Block Set) If you select by pattern, you must define a retention period for all other artifacts in the repository in the All Other Artifacts setting. (see [below for nested schema](#nestedblock--paths_config--all_other_artifacts))
103 | - `pattern` (Block Set) Pattern, applied to the repositories. (see [below for nested schema](#nestedblock--paths_config--pattern))
104 |
105 |
106 | ### Nested Schema for `paths_config.all_other_artifacts`
107 |
108 | Optional:
109 |
110 | - `index_new_artifacts` (Boolean) If checked, Xray will scan newly added artifacts in the path. Note that existing artifacts will not be scanned. If the folder contains existing artifacts that have been scanned, and you do not want to index new artifacts in that folder, you can choose not to index that folder.
111 | - `retention_in_days` (Number) The artifact will be retained for the number of days you set here, after the artifact is scanned. This will apply to all artifacts in the repository.
112 |
113 |
114 |
115 | ### Nested Schema for `paths_config.pattern`
116 |
117 | Required:
118 |
119 | - `include` (String) Paths pattern to include in the set specific configuration.
120 |
121 | Optional:
122 |
123 | - `exclude` (String) Paths pattern to exclude from the set specific configuration.
124 | - `index_new_artifacts` (Boolean) If checked, Xray will scan newly added artifacts in the path. Note that existing artifacts will not be scanned. If the folder contains existing artifacts that have been scanned, and you do not want to index new artifacts in that folder, you can choose not to index that folder.
125 | - `retention_in_days` (Number) The artifact will be retained for the number of days you set here, after the artifact is scanned. This will apply to all artifacts in the repository.
126 |
127 | ## Import
128 |
129 | Import is supported using the following syntax:
130 |
131 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
132 |
133 | To import repository configuration, you'll need to specific if your JFrog Platform has Advanced Security enabled as part of the resource ID along with repository name, separated by a colon (`:`).
134 |
135 | For instance, using the following config during import:
136 | ```terraform
137 | resource "xray_repository_config" "xray-repo-config" {
138 | repo_name = "example-repo-local"
139 | jas_enabled = false
140 |
141 | config {
142 | retention_in_days = 90
143 | }
144 | }
145 | ```
146 |
147 | Then use `terraform import xray_repository_config.xray-repo-config example-repo-local:false` to import the repository configuration `xray-repo-config` with `jas_enabled` set to `false`.
148 |
--------------------------------------------------------------------------------
/examples/resources/xray_curation_policy/resource.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | xray = {
4 | source = "jfrog/xray"
5 | version = "~> 3.0"
6 | }
7 | }
8 | }
9 |
10 | provider "xray" {
11 | url = "https://your-instance.jfrog.io"
12 | access_token = "your-access-token"
13 | }
14 |
15 | # Valid curation policy with manual waiver requests
16 | resource "xray_curation_policy" "example_manual" {
17 | name = "example-manual-policy"
18 | condition_id = "3"
19 | scope = "all_repos"
20 | policy_action = "block"
21 | waiver_request_config = "manual"
22 | decision_owners = ["admin-group", "security-team"]
23 |
24 | waivers = [
25 | {
26 | pkg_type = "npm"
27 | pkg_name = "lodash"
28 | all_versions = false
29 | pkg_versions = ["4.17.20", "4.17.21"] # Required when all_versions = false
30 | justification = "Required for legacy system compatibility"
31 | },
32 | {
33 | pkg_type = "npm"
34 | pkg_name = "moment"
35 | all_versions = true # When true, pkg_versions can be omitted
36 | justification = "Legacy dependency - all versions allowed"
37 | }
38 | ]
39 |
40 | label_waivers = [
41 | {
42 | label = "high-risk"
43 | justification = "Approved by security team for specific use case"
44 | }
45 | ]
46 |
47 | notify_emails = ["security@company.com"]
48 | }
49 |
50 | # Valid policy with forbidden waiver requests
51 | resource "xray_curation_policy" "example_forbidden" {
52 | name = "example-forbidden-policy"
53 | condition_id = "3"
54 | scope = "pkg_types"
55 | pkg_types_include = ["npm", "PyPI"]
56 | policy_action = "block"
57 | waiver_request_config = "forbidden"
58 | # decision_owners not needed when waiver_request_config is "forbidden"
59 | }
60 |
61 | # Policy with auto-approved waiver requests
62 | resource "xray_curation_policy" "example_auto_approved" {
63 | name = "auto-approved-policy"
64 | condition_id = "5"
65 | scope = "all_repos"
66 | policy_action = "block"
67 | waiver_request_config = "auto_approved"
68 | notify_emails = ["devops@company.com", "security@company.com"]
69 |
70 | waivers = [
71 | {
72 | pkg_type = "Maven"
73 | pkg_name = "log4j-core"
74 | all_versions = false
75 | pkg_versions = ["2.17.0", "2.17.1", "2.17.2"] # Only allow specific safe versions
76 | justification = "Approved safe versions after security review"
77 | },
78 | {
79 | pkg_type = "Go"
80 | pkg_name = "github.com/gin-gonic/gin"
81 | all_versions = true
82 | justification = "Framework approved for all projects"
83 | }
84 | ]
85 |
86 | label_waivers = [
87 | {
88 | label = "approved-internal"
89 | justification = "Internal packages pre-approved by security team"
90 | }
91 | ]
92 | }
93 |
94 | # Dry run policy for testing
95 | resource "xray_curation_policy" "example_dry_run" {
96 | name = "dry-run-test-policy"
97 | condition_id = "7"
98 | scope = "pkg_types"
99 | pkg_types_include = ["Docker", "Gems"]
100 | policy_action = "dry_run" # Only logs, doesn't block
101 | notify_emails = ["audit@company.com"]
102 | }
103 |
104 | # Policy targeting specific repositories
105 | resource "xray_curation_policy" "example_specific_repos" {
106 | name = "production-repos-policy"
107 | condition_id = "4"
108 | scope = "specific_repos"
109 | repo_include = ["prod-npm-local", "prod-maven-local", "prod-docker-local"]
110 | policy_action = "block"
111 | waiver_request_config = "manual"
112 | decision_owners = ["prod-security-team", "release-managers"]
113 |
114 | waivers = [
115 | {
116 | pkg_type = "npm"
117 | pkg_name = "express"
118 | pkg_versions = ["4.18.0", "4.18.1", "4.18.2"]
119 | all_versions = false
120 | justification = "Core framework - specific versions approved for production"
121 | },
122 | {
123 | pkg_type = "Docker"
124 | pkg_name = "alpine"
125 | all_versions = true
126 | justification = "Base image approved for all production containers"
127 | }
128 | ]
129 |
130 | notify_emails = ["prod-alerts@company.com"]
131 | }
132 |
133 | # Policy with repo exclusions
134 | resource "xray_curation_policy" "example_with_exclusions" {
135 | name = "company-wide-except-dev"
136 | condition_id = "6"
137 | scope = "all_repos"
138 | repo_exclude = ["dev-sandbox", "test-playground", "experimental-repo"]
139 | policy_action = "block"
140 | waiver_request_config = "auto_approved"
141 |
142 | waivers = [
143 | {
144 | pkg_type = "PyPI"
145 | pkg_name = "requests"
146 | all_versions = false
147 | pkg_versions = ["2.28.0", "2.28.1", "2.28.2", "2.29.0"]
148 | justification = "HTTP library - approved versions only"
149 | },
150 | {
151 | pkg_type = "NuGet"
152 | pkg_name = "Newtonsoft.Json"
153 | all_versions = true
154 | justification = "JSON library widely used across projects"
155 | }
156 | ]
157 |
158 | label_waivers = [
159 | {
160 | label = "security-approved"
161 | justification = "Packages with security team approval"
162 | },
163 | {
164 | label = "legacy-supported"
165 | justification = "Legacy packages still supported by vendor"
166 | }
167 | ]
168 |
169 | notify_emails = ["compliance@company.com"]
170 | }
171 |
172 | # Comprehensive policy with multiple package types
173 | resource "xray_curation_policy" "example_comprehensive" {
174 | name = "multi-ecosystem-policy"
175 | condition_id = "8"
176 | scope = "pkg_types"
177 | pkg_types_include = ["npm", "PyPI", "Maven", "Go", "NuGet", "Docker"]
178 | policy_action = "block"
179 | waiver_request_config = "manual"
180 | decision_owners = ["architecture-council", "security-team"]
181 |
182 | waivers = [
183 | {
184 | pkg_type = "npm"
185 | pkg_name = "lodash"
186 | pkg_versions = ["4.17.21"]
187 | all_versions = false
188 | justification = "Utility library - only latest secure version allowed"
189 | },
190 | {
191 | pkg_type = "PyPI"
192 | pkg_name = "django"
193 | pkg_versions = ["4.1.0", "4.2.0", "4.2.1"]
194 | all_versions = false
195 | justification = "Web framework - LTS and recent versions only"
196 | },
197 | {
198 | pkg_type = "Maven"
199 | pkg_name = "springframework"
200 | all_versions = true
201 | justification = "Enterprise framework - all versions pre-approved"
202 | },
203 | {
204 | pkg_type = "Go"
205 | pkg_name = "github.com/gorilla/mux"
206 | all_versions = true
207 | justification = "Router library approved for all Go projects"
208 | },
209 | {
210 | pkg_type = "Docker"
211 | pkg_name = "nginx"
212 | pkg_versions = ["1.20", "1.21", "1.22", "latest"]
213 | all_versions = false
214 | justification = "Web server - approved stable versions and latest"
215 | }
216 | ]
217 |
218 | label_waivers = [
219 | {
220 | label = "cncf-graduated"
221 | justification = "CNCF graduated projects are pre-approved"
222 | },
223 | {
224 | label = "enterprise-support"
225 | justification = "Packages with enterprise support contracts"
226 | }
227 | ]
228 |
229 | notify_emails = ["architecture@company.com", "devsecops@company.com"]
230 | }
231 |
--------------------------------------------------------------------------------
/docs/resources/workers_count.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_workers_count Resource - terraform-provider-xray"
4 | subcategory: "Workers Count"
5 | ---
6 |
7 | # xray_workers_count (Resource)
8 |
9 | Provides an Xray Workers Count resource.
10 |
11 | ~> Self-Hosted only.
12 |
13 | [Official documentation](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray#ConfiguringXray-AdvancedSettings).
14 |
15 | [API documentation](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-ConfiguringtheWorkersCount).
16 |
17 | ## Example Usage
18 |
19 | ```terraform
20 | resource "xray_workers_count" "workers-count" {
21 | index {
22 | new_content = 4
23 | existing_content = 2
24 | }
25 | persist {
26 | new_content = 4
27 | existing_content = 2
28 | }
29 | analysis {
30 | new_content = 4
31 | existing_content = 2
32 | }
33 | policy_enforcer {
34 | new_content = 4
35 | existing_content = 2
36 | }
37 | impact_analysis {
38 | new_content = 2
39 | }
40 | notification {
41 | new_content = 2
42 | }
43 | user_catalog {
44 | new_content = 4
45 | existing_content = 2
46 | }
47 | sbom_impact_analysis {
48 | new_content = 4
49 | existing_content = 2
50 | }
51 | migration_sbom {
52 | new_content = 4
53 | existing_content = 2
54 | }
55 | sbom {
56 | new_content = 4
57 | existing_content = 2
58 | }
59 | panoramic {
60 | new_content = 4
61 | }
62 | sbom_enricher {
63 | new_content = 4
64 | existing_content = 2
65 | }
66 | sbom_dependencies {
67 | new_content = 4
68 | existing_content = 2
69 | }
70 | sbom_deleter {
71 | new_content = 4
72 | existing_content = 2
73 | }
74 | }
75 | ```
76 |
77 |
78 | ## Schema
79 |
80 | ### Optional
81 |
82 | - `analysis` (Block Set) The number of workers involved in scanning analysis. (see [below for nested schema](#nestedblock--analysis))
83 | - `impact_analysis` (Block Set) The number of workers involved in Impact Analysis to determine how a component with a reported issue impacts others in the system. (see [below for nested schema](#nestedblock--impact_analysis))
84 | - `index` (Block Set) The number of workers managing indexing of artifacts. (see [below for nested schema](#nestedblock--index))
85 | - `migration_sbom` (Block Set) The number of workers managing SBOM migration. (see [below for nested schema](#nestedblock--migration_sbom))
86 | - `notification` (Block Set) The number of workers managing notifications. (see [below for nested schema](#nestedblock--notification))
87 | - `panoramic` (Block Set) The number of workers managing panoramic. (see [below for nested schema](#nestedblock--panoramic))
88 | - `persist` (Block Set) The number of workers managing persistent storage needed to build the artifact relationship graph. (see [below for nested schema](#nestedblock--persist))
89 | - `policy_enforcer` (Block Set) The number of workers managing policy enforcer. (see [below for nested schema](#nestedblock--policy_enforcer))
90 | - `sbom` (Block Set) The number of workers managing SBOM. (see [below for nested schema](#nestedblock--sbom))
91 | - `sbom_deleter` (Block Set) The number of workers managing SBOM deletion. (see [below for nested schema](#nestedblock--sbom_deleter))
92 | - `sbom_dependencies` (Block Set) The number of workers managing SBOM dependencies. (see [below for nested schema](#nestedblock--sbom_dependencies))
93 | - `sbom_enricher` (Block Set) The number of workers managing SBOM enrichment. (see [below for nested schema](#nestedblock--sbom_enricher))
94 | - `sbom_impact_analysis` (Block Set) The number of workers managing SBOM impact analysis. (see [below for nested schema](#nestedblock--sbom_impact_analysis))
95 | - `user_catalog` (Block Set) The number of workers managing user catalog. (see [below for nested schema](#nestedblock--user_catalog))
96 |
97 | ### Read-Only
98 |
99 | - `id` (String) The ID of this resource.
100 |
101 |
102 | ### Nested Schema for `analysis`
103 |
104 | Required:
105 |
106 | - `existing_content` (Number) Number of workers for existing content
107 | - `new_content` (Number) Number of workers for new content
108 |
109 |
110 |
111 | ### Nested Schema for `impact_analysis`
112 |
113 | Required:
114 |
115 | - `new_content` (Number) Number of workers for new content
116 |
117 |
118 |
119 | ### Nested Schema for `index`
120 |
121 | Required:
122 |
123 | - `existing_content` (Number) Number of workers for existing content
124 | - `new_content` (Number) Number of workers for new content
125 |
126 |
127 |
128 | ### Nested Schema for `migration_sbom`
129 |
130 | Required:
131 |
132 | - `existing_content` (Number) Number of workers for existing content
133 | - `new_content` (Number) Number of workers for new content
134 |
135 |
136 |
137 | ### Nested Schema for `notification`
138 |
139 | Required:
140 |
141 | - `new_content` (Number) Number of workers for new content
142 |
143 |
144 |
145 | ### Nested Schema for `panoramic`
146 |
147 | Required:
148 |
149 | - `new_content` (Number) Number of workers for new content
150 |
151 |
152 |
153 | ### Nested Schema for `persist`
154 |
155 | Required:
156 |
157 | - `existing_content` (Number) Number of workers for existing content
158 | - `new_content` (Number) Number of workers for new content
159 |
160 |
161 |
162 | ### Nested Schema for `policy_enforcer`
163 |
164 | Required:
165 |
166 | - `existing_content` (Number) Number of workers for existing content
167 | - `new_content` (Number) Number of workers for new content
168 |
169 |
170 |
171 | ### Nested Schema for `sbom`
172 |
173 | Required:
174 |
175 | - `existing_content` (Number) Number of workers for existing content
176 | - `new_content` (Number) Number of workers for new content
177 |
178 |
179 |
180 | ### Nested Schema for `sbom_deleter`
181 |
182 | Required:
183 |
184 | - `existing_content` (Number) Number of workers for existing content
185 | - `new_content` (Number) Number of workers for new content
186 |
187 |
188 |
189 | ### Nested Schema for `sbom_dependencies`
190 |
191 | Required:
192 |
193 | - `existing_content` (Number) Number of workers for existing content
194 | - `new_content` (Number) Number of workers for new content
195 |
196 |
197 |
198 | ### Nested Schema for `sbom_enricher`
199 |
200 | Required:
201 |
202 | - `existing_content` (Number) Number of workers for existing content
203 | - `new_content` (Number) Number of workers for new content
204 |
205 |
206 |
207 | ### Nested Schema for `sbom_impact_analysis`
208 |
209 | Required:
210 |
211 | - `existing_content` (Number) Number of workers for existing content
212 | - `new_content` (Number) Number of workers for new content
213 |
214 |
215 |
216 | ### Nested Schema for `user_catalog`
217 |
218 | Required:
219 |
220 | - `existing_content` (Number) Number of workers for existing content
221 | - `new_content` (Number) Number of workers for new content
222 |
223 | ## Import
224 |
225 | The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
226 |
227 | Import is supported using the following syntax:
228 |
229 | Workers count resource can be imported using their names, e.g.
230 | ```
231 | $ terraform import xray_workers_count.workers-count workers-count
232 | ```
--------------------------------------------------------------------------------
/docs/resources/exposures_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_exposures_report Resource - terraform-provider-xray"
4 | subcategory: "Reports"
5 | ---
6 |
7 | # xray_exposures_report (Resource)
8 |
9 | Creates Xray Exposures report. The Exposures report provides you with information about potential security exposures in your artifacts, such as secrets, services, applications, and IaC configurations.
10 |
11 | ## Example Usage
12 |
13 | ```terraform
14 | # Example: Create an exposures report for repositories with secrets category
15 | resource "xray_exposures_report" "secrets-report" {
16 | name = "secrets-exposure-report"
17 | resources {
18 | repository {
19 | name = "docker-local"
20 | include_path_patterns = ["folder1/path/*", "folder2/path*"]
21 | exclude_path_patterns = ["folder1/path2/*", "folder2/path2*"]
22 | }
23 | repository {
24 | name = "libs-release-local"
25 | include_path_patterns = ["**/*.jar", "**/*.war"]
26 | }
27 | }
28 | filters {
29 | category = "secrets"
30 | impacted_artifact = "*spring*"
31 | scan_date {
32 | start = "2023-01-01T00:00:00Z"
33 | end = "2023-12-31T23:59:59Z"
34 | }
35 | }
36 | }
37 |
38 | # Example: Create an exposures report for builds with services category
39 | resource "xray_exposures_report" "services-report" {
40 | name = "services-exposure-report"
41 | resources {
42 | builds {
43 | names = ["build-1", "build-2"]
44 | number_of_latest_versions = 5
45 | }
46 | }
47 | filters {
48 | category = "services"
49 | impacted_artifact = "*nginx*"
50 | scan_date {
51 | start = "2023-01-01T00:00:00Z"
52 | end = "2023-12-31T23:59:59Z"
53 | }
54 | }
55 | }
56 |
57 | # Example: Create an exposures report for projects with applications category
58 | resource "xray_exposures_report" "applications-report" {
59 | name = "applications-exposure-report"
60 | resources {
61 | projects {
62 | keys = ["test-project-1", "test-project-2"]
63 | number_of_latest_versions = 3
64 | }
65 | }
66 | filters {
67 | category = "applications"
68 | impacted_artifact = "*web-app*"
69 | scan_date {
70 | start = "2023-01-01T00:00:00Z"
71 | end = "2023-12-31T23:59:59Z"
72 | }
73 | }
74 | }
75 |
76 | # Example: Create an exposures report for release bundles with IaC category
77 | resource "xray_exposures_report" "iac-report" {
78 | name = "iac-exposure-report"
79 | resources {
80 | release_bundles {
81 | names = ["release-1", "release-2"]
82 | number_of_latest_versions = 2
83 | }
84 | }
85 | filters {
86 | category = "iac"
87 | impacted_artifact = "*terraform*"
88 | scan_date {
89 | start = "2023-01-01T00:00:00Z"
90 | end = "2023-12-31T23:59:59Z"
91 | }
92 | }
93 | }
94 | ```
95 |
96 |
97 | ## Schema
98 |
99 | ### Required
100 |
101 | - `name` (String) Name of the report.
102 |
103 | ### Optional
104 |
105 | - `filters` (Block Set) Advanced filters. (see [below for nested schema](#nestedblock--filters))
106 | - `project_key` (String) Project key for assigning this resource to. Must be 2 - 10 lowercase alphanumeric and hyphen characters.
107 | - `resources` (Block Set) The list of resources to include into the report. (see [below for nested schema](#nestedblock--resources))
108 |
109 | ### Read-Only
110 |
111 | - `id` (String) The ID of this resource.
112 | - `report_id` (Number) Report ID
113 |
114 |
115 | ### Nested Schema for `filters`
116 |
117 | Required:
118 |
119 | - `category` (String) The exposure category. Must be one of: 'secrets', 'services', 'applications', 'iac'.
120 |
121 | Optional:
122 |
123 | - `impacted_artifact` (String) Filter by impacted artifact name.
124 | - `scan_date` (Block Set) Scan date range. (see [below for nested schema](#nestedblock--filters--scan_date))
125 |
126 |
127 | ### Nested Schema for `filters.scan_date`
128 |
129 | Optional:
130 |
131 | - `end` (String) Scan to date.
132 | - `start` (String) Scan from date.
133 |
134 |
135 |
136 |
137 | ### Nested Schema for `resources`
138 |
139 | Optional:
140 |
141 | - `builds` (Block Set) The builds to include into the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--builds))
142 | - `projects` (Block Set) The projects to include into the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--projects))
143 | - `release_bundles` (Block Set) The release bundles to include into the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--release_bundles))
144 | - `release_bundles_v2` (Block Set) The release bundles v2 to include into the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--release_bundles_v2))
145 | - `repository` (Block Set) The list of repositories for the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--repository))
146 |
147 |
148 | ### Nested Schema for `resources.builds`
149 |
150 | Optional:
151 |
152 | - `exclude_patterns` (List of String) The list of exclude patterns. Only one of 'names' or '*_patterns' can be set.
153 | - `include_patterns` (List of String) The list of include patterns. Only one of 'names' or '*_patterns' can be set.
154 | - `names` (Set of String) The list of build names. Only one of 'names' or '*_patterns' can be set.
155 | - `number_of_latest_versions` (Number) The number of latest build versions to include to the report.
156 |
157 |
158 |
159 | ### Nested Schema for `resources.projects`
160 |
161 | Optional:
162 |
163 | - `exclude_key_patterns` (List of String) The list of exclude patterns
164 | - `include_key_patterns` (List of String) The list of include patterns
165 | - `keys` (Set of String) The list of project keys. Note: Available from Xray version 3.130.0 and higher.
166 | - `names` (Set of String, Deprecated) The list of project names.
167 | - `number_of_latest_versions` (Number) The number of latest release bundle versions to include to the report.
168 |
169 |
170 |
171 | ### Nested Schema for `resources.release_bundles`
172 |
173 | Optional:
174 |
175 | - `exclude_patterns` (List of String) The list of exclude patterns
176 | - `include_patterns` (List of String) The list of include patterns
177 | - `names` (Set of String) The list of release bundles names.
178 | - `number_of_latest_versions` (Number) The number of latest release bundle versions to include to the report.
179 |
180 |
181 |
182 | ### Nested Schema for `resources.release_bundles_v2`
183 |
184 | Optional:
185 |
186 | - `exclude_patterns` (List of String) The list of exclude patterns
187 | - `include_patterns` (List of String) The list of include patterns
188 | - `names` (Set of String) The list of release bundles names.
189 | - `number_of_latest_versions` (Number) The number of latest release bundle versions to include to the report.
190 |
191 |
192 |
193 | ### Nested Schema for `resources.repository`
194 |
195 | Required:
196 |
197 | - `name` (String) Repository name.
198 |
199 | Optional:
200 |
201 | - `exclude_path_patterns` (List of String) Exclude path patterns.
202 | - `include_path_patterns` (List of String) Include path patterns.
203 |
204 | ## Import
205 |
206 | Import is supported using the following syntax:
207 |
208 | ```shell
209 | terraform import xray_exposures_report.my-report my-report
210 | ```
211 |
--------------------------------------------------------------------------------
/docs/resources/operational_risks_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "xray_operational_risks_report Resource - terraform-provider-xray"
4 | subcategory: "Reports"
5 | ---
6 |
7 | # xray_operational_risks_report (Resource)
8 |
9 | Creates Xray Operational Risks report. The Operational Risk report provides you with additional data on OSS components that will help you gain insights into the risk level of the components in use, such as; EOL, Version Age, Number of New Versions, and so on. For more information, see [Components Operational Risk](https://www.jfrog.com/confluence/display/JFROG/Components+Operational+Risk)
10 |
11 | ## Example Usage
12 |
13 | ```terraform
14 | # Example: Create an operational risks report for repositories
15 | resource "xray_operational_risks_report" "repository-report" {
16 | name = "repository-operational-risks-report"
17 | resources {
18 | repository {
19 | name = "docker-local"
20 | include_path_patterns = ["folder1/path/*", "folder2/path*"]
21 | exclude_path_patterns = ["folder1/path2/*", "folder2/path2*"]
22 | }
23 | repository {
24 | name = "libs-release-local"
25 | include_path_patterns = ["**/*.jar", "**/*.war"]
26 | }
27 | }
28 | filters {
29 | component = "*log4j*"
30 | artifact = "*spring*"
31 | risks = ["High", "Medium", "Low"]
32 | scan_date {
33 | start = "2023-01-01T00:00:00Z"
34 | end = "2023-12-31T23:59:59Z"
35 | }
36 | }
37 | }
38 |
39 | # Example: Create an operational risks report for builds with patterns
40 | resource "xray_operational_risks_report" "build-report" {
41 | name = "build-operational-risks-report"
42 | resources {
43 | builds {
44 | include_patterns = ["build-*", "release-*"]
45 | exclude_patterns = ["test-*", "dev-*"]
46 | number_of_latest_versions = 5
47 | }
48 | }
49 | filters {
50 | component = "*node*"
51 | artifact = "*web-app*"
52 | risks = ["Critical", "High"]
53 | scan_date {
54 | start = "2023-01-01T00:00:00Z"
55 | end = "2023-12-31T23:59:59Z"
56 | }
57 | }
58 | }
59 |
60 | # Example: Create an operational risks report for projects
61 | resource "xray_operational_risks_report" "project-report" {
62 | name = "project-operational-risks-report"
63 | resources {
64 | projects {
65 | keys = ["project-1", "project-2"]
66 | number_of_latest_versions = 3
67 | }
68 | }
69 | filters {
70 | component = "*commons*"
71 | artifact = "*utils*"
72 | risks = ["None", "Low", "Medium", "High"]
73 | scan_date {
74 | start = "2023-01-01T00:00:00Z"
75 | end = "2023-12-31T23:59:59Z"
76 | }
77 | }
78 | }
79 |
80 | # Example: Create an operational risks report for release bundles
81 | resource "xray_operational_risks_report" "release-bundle-report" {
82 | name = "release-bundle-operational-risks-report"
83 | resources {
84 | release_bundles {
85 | names = ["release-1", "release-2"]
86 | number_of_latest_versions = 3
87 | }
88 | }
89 | filters {
90 | component = "*maven*"
91 | artifact = "*core*"
92 | risks = ["Critical", "High", "Medium"]
93 | scan_date {
94 | start = "2023-01-01T00:00:00Z"
95 | end = "2023-12-31T23:59:59Z"
96 | }
97 | }
98 | }
99 | ```
100 |
101 |
102 | ## Schema
103 |
104 | ### Required
105 |
106 | - `name` (String) Name of the report.
107 |
108 | ### Optional
109 |
110 | - `filters` (Block Set) Advanced filters. (see [below for nested schema](#nestedblock--filters))
111 | - `project_key` (String) Project key for assigning this resource to. Must be 2 - 10 lowercase alphanumeric and hyphen characters.
112 | - `resources` (Block Set) The list of resources to include into the report. (see [below for nested schema](#nestedblock--resources))
113 |
114 | ### Read-Only
115 |
116 | - `id` (String) The ID of this resource.
117 | - `report_id` (Number) Report ID
118 |
119 |
120 | ### Nested Schema for `filters`
121 |
122 | Optional:
123 |
124 | - `artifact` (String) Artifact name.
125 | - `component` (String) Artifact's component.
126 | - `risks` (Set of String) Operational risk level. Allowed values: 'None', 'Low', 'Medium', 'High'.
127 | - `scan_date` (Block Set) (see [below for nested schema](#nestedblock--filters--scan_date))
128 |
129 |
130 | ### Nested Schema for `filters.scan_date`
131 |
132 | Optional:
133 |
134 | - `end` (String) Scan end date.
135 | - `start` (String) Scan start date.
136 |
137 |
138 |
139 |
140 | ### Nested Schema for `resources`
141 |
142 | Optional:
143 |
144 | - `builds` (Block Set) The builds to include into the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--builds))
145 | - `projects` (Block Set) The projects to include into the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--projects))
146 | - `release_bundles` (Block Set) The release bundles to include into the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--release_bundles))
147 | - `release_bundles_v2` (Block Set) The release bundles v2 to include into the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--release_bundles_v2))
148 | - `repository` (Block Set) The list of repositories for the report. Only one type of resource can be set per report. (see [below for nested schema](#nestedblock--resources--repository))
149 |
150 |
151 | ### Nested Schema for `resources.builds`
152 |
153 | Optional:
154 |
155 | - `exclude_patterns` (List of String) The list of exclude patterns. Only one of 'names' or '*_patterns' can be set.
156 | - `include_patterns` (List of String) The list of include patterns. Only one of 'names' or '*_patterns' can be set.
157 | - `names` (Set of String) The list of build names. Only one of 'names' or '*_patterns' can be set.
158 | - `number_of_latest_versions` (Number) The number of latest build versions to include to the report.
159 |
160 |
161 |
162 | ### Nested Schema for `resources.projects`
163 |
164 | Optional:
165 |
166 | - `exclude_key_patterns` (List of String) The list of exclude patterns
167 | - `include_key_patterns` (List of String) The list of include patterns
168 | - `keys` (Set of String) The list of project keys. Note: Available from Xray version 3.130.0 and higher.
169 | - `names` (Set of String, Deprecated) The list of project names.
170 | - `number_of_latest_versions` (Number) The number of latest release bundle versions to include to the report.
171 |
172 |
173 |
174 | ### Nested Schema for `resources.release_bundles`
175 |
176 | Optional:
177 |
178 | - `exclude_patterns` (List of String) The list of exclude patterns
179 | - `include_patterns` (List of String) The list of include patterns
180 | - `names` (Set of String) The list of release bundles names.
181 | - `number_of_latest_versions` (Number) The number of latest release bundle versions to include to the report.
182 |
183 |
184 |
185 | ### Nested Schema for `resources.release_bundles_v2`
186 |
187 | Optional:
188 |
189 | - `exclude_patterns` (List of String) The list of exclude patterns
190 | - `include_patterns` (List of String) The list of include patterns
191 | - `names` (Set of String) The list of release bundles names.
192 | - `number_of_latest_versions` (Number) The number of latest release bundle versions to include to the report.
193 |
194 |
195 |
196 | ### Nested Schema for `resources.repository`
197 |
198 | Required:
199 |
200 | - `name` (String) Repository name.
201 |
202 | Optional:
203 |
204 | - `exclude_path_patterns` (List of String) Exclude path patterns.
205 | - `include_path_patterns` (List of String) Include path patterns.
206 |
--------------------------------------------------------------------------------