JFrog Integration

How to configure the CLI if the CI pipeline can only communicate with a JFrog artifact server

Go to JFrog and create a new remote repository:
- Select the repository type Generic.
- Set the Repository Key as seal-cli.
- Set the URL as https://cli.sealsecurity.io/authenticated/jfrog.
- Set the User Name as jfrog.
- Set the Password / Access Token as the token to the Seal artifact server. See here about how to create a new token.
- Turn on Propagate Query Parameters.
- Turn on Disable URL Normalization.
- Turn off Store Artifacts Locally.
Go to JFrog and create an additional remote repository according to the ecosystem-specific instructions.
Generate a new JFrog access token:
- Set Token scope as "User".
- Set User name to be your user.
- Set Expiration time to "Never".
- Turn on Create Reference Token.
- Click Generate and save the reference token for the next steps.

Configure the CLI:

Similar to the instructions here, we need to configure the authentication with JFrog. We can either use environment variables or the .seal-config.yml.
Using environment variables:

export SEAL_JFROG_AUTH_TOKEN=<token> # the reference token created in the previous step
export SEAL_JFROG_INSTANCE_HOST=<domain> # for example: domain.jfrog.io
export SEAL_JFROG_ENABLED=1
export SEAL_PROJECT=<project-id> # the ID of the current project

Using the .seal-config.yml:

jfrog:
  host: <doman> # for example: domain.jfrog.io
  token: <token> # the reference token created in the previous step
  enabled: true
project: <project-id> # the ID of the current project

PreviousSCA Integrations NextUsage Examples

Last updated 1 year ago