跳到主要內容

Onboard Jfrog

Implementation Effort: Medium – Requires administrative access to JFrog Artifactory, CLI setup, and connector configuration in Microsoft Defender for Cloud.

User Impact: Low – Onboarding is handled by security and DevOps teams; end users are not directly affected.

Overview

Onboarding JFrog Artifactory in Microsoft Defender for Containers enables vulnerability assessments and inventory discovery for container images stored in JFrog’s cloud registry. This integration brings the same security capabilities available for Azure Container Registry (ACR), Amazon ECR, and Google GCR to JFrog-hosted images.

Key Capabilities

  • Inventory discovery – Lists all container images in the JFrog Artifactory tenant.
  • Vulnerability assessment – Scans images for known vulnerabilities and provides remediation recommendations.

Prerequisites

  • Administrative access to the JFrog Artifactory tenant.
  • Installed JFrog CLI and jq JSON parser on the machine executing the onboarding script.
  • Security Administrator or higher role in Microsoft Defender for Cloud 1.

Onboarding Steps

  1. Create a JFrog Connector:

    • Go to Microsoft Defender for Cloud > Environment settings.
    • Select your subscription and choose to add a new JFrog Artifactory connector.
    • Provide:
      • Connector name
      • Location (where Defender stores data)
      • Subscription and Resource group
      • Server ID (prefix of your JFrog Artifactory URL)
      • Scanning interval (e.g., daily, weekly)

  2. Generate and Run the Script:

    • The connector wizard generates a script.
    • Run the script using the JFrog CLI on a supported OS (Windows, Linux, macOS).
    • This script authenticates and configures Defender to access your JFrog environment 1.

  3. Select a Plan:

    • Choose between:
      • Foundational CSPM – Inventory only.
      • Containers – Includes vulnerability scanning and inventory.

Each connector supports one JFrog tenant. For multiple tenants, repeat the onboarding process.

This capability supports the "Verify Explicitly" principle of Zero Trust by ensuring that all container images in JFrog are continuously scanned and monitored for vulnerabilities before deployment.

Reference