### Install and Build Provider Source: https://github.com/jfrog/terraform-provider-xray/blob/main/CONTRIBUTIONS.md Run `make install` to compile the provider and install it locally. This command bumps the minor version but does not create a new tag. ```bash make install ``` -------------------------------- ### Generate Documentation Source: https://github.com/jfrog/terraform-provider-xray/blob/main/CONTRIBUTIONS.md After making changes to resource schemas, install `tfplugindocs` and run `make doc` to regenerate the project documentation. ```bash make doc ``` -------------------------------- ### Terraform Import Example Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/custom_curation_condition.md Demonstrates how to import an existing custom curation condition into Terraform management using its ID. ```bash terraform import xray_custom_curation_condition.cvss_condition 29 ``` -------------------------------- ### Example Usage of xray_binary_manager_release_bundles_v2 Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/binary_manager_release_bundles_v2.md Configure Release Bundles V2 for indexing. Specify the binary manager ID and a list of release bundles to be indexed. Currently, Ant-style path patterns are not supported. ```terraform resource "xray_binary_manager_release_bundles_v2" "my-indexed-release-bundles" { id = "default" indexed_release_bundle_v2 = ["my-release-bundle-1", "my-release-bundle-2"] } ``` -------------------------------- ### Create a licenses report for builds with patterns Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/licenses_report.md This example demonstrates creating a licenses report for builds, filtering by component, artifact, license patterns, and scan date. It also shows how to include or exclude build patterns and specify the number of latest versions. ```terraform resource "xray_licenses_report" "build-report" { name = "build-licenses-report" resources { builds { include_patterns = ["build-*", "release-*"] exclude_patterns = ["test-*", "dev-*"] number_of_latest_versions = 5 } } filters { component = "*node*" artifact = "*web-app*" unknown = false unrecognized = false license_patterns = ["*GPL*", "*MIT*"] scan_date { start = "2023-01-01T00:00:00Z" end = "2023-12-31T23:59:59Z" } } } ``` -------------------------------- ### Get GNU sed Info on macOS Source: https://github.com/jfrog/terraform-provider-xray/blob/main/CONTRIBUTIONS.md After installing `gnu-sed` with brew on macOS, use `brew info gnu-sed` to get installation details and instructions for adding it to your PATH. ```bash $ brew info gnu-sed ``` -------------------------------- ### Create an Ignore Rule for a Release Bundle V2 Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/ignore_rule.md This example demonstrates ignoring CVEs and vulnerabilities for a release bundle using the V2 naming convention. Ensure the name follows the `releaseBundleV2://` format. ```terraform resource "xray_ignore_rule" "ignore-rule-2590577" { notes = "notes" expiration_date = "2026-04-06" cves = ["any"] vulnerabilities = ["any"] release_bundles_v2 { name = "releaseBundleV2://fake-name" version = "fake-version" } } ``` -------------------------------- ### Example Usage of JFrog Xray Provider Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/index.md This is a basic example of how to configure and use the JFrog Xray provider in Terraform. Ensure you have the necessary credentials set up. ```terraform provider "xray" { # Configuration options like server_url, username, password, etc. # See the provider documentation for available configuration arguments. } ``` -------------------------------- ### Create a vulnerabilities report for release bundles Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/vulnerabilities_report.md This example demonstrates how to create an automated vulnerabilities report for release bundles. It includes configuration for the report name, cron schedule, email recipients, and specifies the release bundles to be included. Advanced filters are applied to narrow down the report to vulnerable components matching '*maven*' and impacted artifacts matching '*core*', with a CVSS score between 8.0 and 10.0, published and scanned within 2023, and specific contextual analysis and runtime filters. ```APIDOC ## Resource: xray_vulnerabilities_report ### Description Creates a vulnerabilities report for release bundles with automated generation and advanced filtering. ### Schema #### Required - `name` (String) - Name of the report. #### Optional - `cron_schedule` (String) - Schedule for automated report generation. Format: 'minute hour day-of-month month day-of-week'. Requires Xray 3.130.0 or higher. - `cron_schedule_timezone` (String) - Timezone for cron schedule. Requires Xray 3.130.0 or higher. Only used when `cron_schedule` is set. - `emails` (Set of String) - List of email addresses to notify when report generation is complete. Requires Xray 3.130.0 or higher. - `filters` (Block Set) - Advanced filters. (see [nested schema](#nestedblock--filters)) - `project_key` (String) - Project key for assigning this resource to. - `resources` (Block Set) - The list of resources to include into the report. (see [nested schema](#nestedblock--resources)) #### Read-Only - `id` (String) - The ID of this resource. - `report_id` (Number) - Report ID ### Nested Schema for `filters` #### Optional - `ca_filter` (Block Set) - Contextual Analysis Filter. Requires Xray 3.130.0 or higher. (see [nested schema](#nestedblock--filters--ca_filter)) - `cve` (String) - CVE. - `cvss_score` (Block Set) - CVSS score. (see [nested schema](#nestedblock--filters--cvss_score)) - `has_remediation` (Boolean) - Whether the issue has a fix or not. - `impacted_artifact` (String) - Filter by artifact name, supports wildcards. - `issue_id` (String) - Issue ID. - `published` (Block Set) - (see [nested schema](#nestedblock--filters--published)) - `runtime_filter` (Block Set) - Runtime Filter. Requires Xray 3.130.0 or higher. (see [nested schema](#nestedblock--filters--runtime_filter)) - `scan_date` (Block Set) - (see [nested schema](#nestedblock--filters--scan_date)) - `severities` (Set of String) - Severity levels. Allowed values: 'Low', 'Medium', 'High', 'Critical' - `vulnerable_component` (String) - Filter by component name, supports wildcards. ### Nested Schema for `filters.ca_filter` #### Optional - `allowed_ca_statuses` (Set of String) - Allowed CA statuses. ### Nested Schema for `filters.cvss_score` #### Optional - `max_score` (Number) - Maximum CVSS score. - `min_score` (Number) - Minimum CVSS score. ### Nested Schema for `filters.published` #### Optional - `end` (String) - Published to date. - `start` (String) - Published from date. ### Nested Schema for `filters.runtime_filter` #### Optional - `time_period` (String) - Time period to filter by. ### Nested Schema for `filters.scan_date` #### Optional - `end` (String) - Scanned to date. - `start` (String) - Scanned from date. ### Nested Schema for `resources` #### Optional - `release_bundles` (Block Set) - (see [nested schema](#nestedblock--resources--release_bundles)) ### Nested Schema for `resources.release_bundles` #### Optional - `names` (Set of String) - List of release bundle names. - `number_of_latest_versions` (Number) - Number of latest versions to include. ``` -------------------------------- ### Create a malicious violations report for release bundles with weekly schedule Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/violations_report.md This example shows how to configure a weekly automated malicious violations report for release bundles, including specific filters and email notifications. ```APIDOC ## xray_violations_report malicious-report ### Description Creates an automated malicious violations report for specified release bundles. ### Schema #### Required - `name` (String) Name of the report. #### Optional - `cron_schedule` (String) Schedule for automated report generation (e.g., '45 12 * * FRI'). Requires Xray 3.130.0+. - `cron_schedule_timezone` (String) Timezone for cron schedule (e.g., 'UTC'). Requires Xray 3.130.0+. - `emails` (Set of String) List of email addresses to notify (e.g., ['security-alerts@example.com']). Requires Xray 3.130.0+. - `resources` (Block Set) The list of resources to include in the report. - `release_bundles` (Block Set) - `names` (Set of String) List of release bundle names (e.g., ['release-1', 'release-2']). - `number_of_latest_versions` (Number) Number of latest versions to consider. - `filters` (Block Set) Advanced filters for the report. - `type` (String) Type of filter (e.g., 'malicious'). - `watch_names` (Set of String) List of watch names (e.g., ['malware-watch']). - `policy_names` (Set of String) List of policy names (e.g., ['malware-policy']). - `component` (String) Component pattern (e.g., '*npm*'). - `artifact` (String) Artifact pattern (e.g., '*package*'). - `violation_status` (String) Violation status (e.g., 'Active'). - `severities` (Set of String) List of severities (e.g., ['Critical']). - `ca_filter` (Block Set) Contextual Analysis Filter. Requires Xray 3.130.0+. - `allowed_ca_statuses` (Set of String) List of allowed CA statuses (e.g., ['applicable', 'not_scanned']). - `runtime_filter` (Block Set) Runtime Filter. Requires Xray 3.130.0+. - `time_period` (String) Time period for runtime analysis (e.g., '3 days'). - `updated` (Block Set) - `start` (String) Start date for updates (e.g., '2023-01-01T00:00:00Z'). - `end` (String) End date for updates (e.g., '2023-12-31T23:59:59Z'). #### Read-Only - `id` (String) The ID of this resource. - `report_id` (Number) Report ID ``` -------------------------------- ### Create an operational risks report for builds with patterns Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/operational_risks_report.md This example demonstrates creating an operational risks report for builds using include and exclude patterns. It also allows specifying the number of latest versions to consider and filtering by component, artifact, risk level, and scan date. ```terraform resource "xray_operational_risks_report" "build-report" { name = "build-operational-risks-report" resources { builds { include_patterns = ["build-*", "release-*"] exclude_patterns = ["test-*", "dev-*"] number_of_latest_versions = 5 } } filters { component = "*node*" artifact = "*web-app*" risks = ["Critical", "High"] scan_date { start = "2023-01-01T00:00:00Z" end = "2023-12-31T23:59:59Z" } } } ``` -------------------------------- ### Create an Ignore Rule for a Specific Build Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/ignore_rule.md This example demonstrates how to create an ignore rule that applies to a specific build, identified by its name and version. It also includes ignoring any vulnerabilities. ```terraform resource "xray_ignore_rule" "ignore-rule-2195938" { notes = "notes" expiration_date = "2026-10-19" vulnerabilities = ["any"] build { name = "name" version = "version" } } ``` -------------------------------- ### Create Operational Risk Policy with Custom Criteria Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/operational_risk_policy.md This example demonstrates creating an operational risk policy with custom criteria, including conditions like release date, cadence, and commit counts. Configure actions like failing builds or blocking downloads as required. ```terraform resource "xray_operational_risk_policy" "custom_criteria" { name = "test-operational-risk-policy-custom-criteria" description = "Operational Risk policy with a custom risk rule" type = "operational_risk" project_key = "testproj" rule { name = "op_risk_custom_rule" priority = 1 criteria { op_risk_custom { use_and_condition = true is_eol = false release_date_greater_than_months = 6 newer_versions_greater_than = 1 release_cadence_per_year_less_than = 1 commits_less_than = 10 committers_less_than = 1 risk = "Medium" } } actions { webhooks = ["sec-webhooks"] mails = ["test@email.com"] block_release_bundle_distribution = false fail_build = true notify_watch_recipients = true notify_deployer = true create_ticket_enabled = false // set to true only if Jira integration is enabled fail_pull_request = true build_failure_grace_period_in_days = 5 // use only if fail_build is enabled block_download { unscanned = true active = true } } } } ``` -------------------------------- ### Create License Violations Report Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/violations_report.md Example of creating a license violations report for builds. Configurable with cron scheduling, email notifications, resource selection (builds with version limits), and specific license filters. Requires Xray 3.130.0 or higher for advanced features. ```terraform resource "xray_violations_report" "license-report" { name = "license-violations-report" # Automated report generation (requires Xray 3.130.0 or higher) cron_schedule = "00 23 * * SUN" # requires Xray 3.130.0 or higher cron_schedule_timezone = "Europe/London" # requires Xray 3.130.0 or higher emails = ["legal-team@example.com", "compliance@example.com"] # requires Xray 3.130.0 or higher resources { builds { names = ["build-1", "build-2"] number_of_latest_versions = 5 } } filters { type = "license" watch_patterns = ["license-watch-*"] policy_names = ["license-policy"] component = "*commons*" artifact = "*utils*" violation_status = "Active" severities = ["High"] # Contextual Analysis Filter (requires Xray 3.130.0 or higher) ca_filter { allowed_ca_statuses = [ "applicable", "technology_unsupported", "upgrade_required" ] } # Runtime Filter (requires Xray 3.130.0 or higher) runtime_filter { time_period = "30 days" } license_filters { unknown = true license_names = ["GPL-2.0", "AGPL-3.0"] } updated { start = "2023-01-01T00:00:00Z" end = "2023-12-31T23:59:59Z" } } } ``` -------------------------------- ### Create Security Violations Report Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/violations_report.md Example of creating a security violations report for repositories. Includes configuration for cron scheduling, email notifications, resource selection (repositories with path patterns), and detailed security filters. Requires Xray 3.130.0 or higher for advanced features like cron scheduling and contextual analysis. ```terraform resource "xray_violations_report" "security-report" { name = "security-violations-report" cron_schedule = "30 09 * * MON" # requires Xray 3.130.0 or higher cron_schedule_timezone = "America/New_York" # requires Xray 3.130.0 or higher emails = ["security-team@example.com", "devops@example.com"] # requires Xray 3.130.0 or higher resources { repository { name = "docker-local" include_path_patterns = ["folder1/path/*", "folder2/path*"] exclude_path_patterns = ["folder1/path2/*", "folder2/path2*"] } repository { name = "libs-release-local" include_path_patterns = ["**/*.jar", "**/*.war"] } } filters { type = "security" watch_names = ["security-watch"] policy_names = ["security-policy"] component = "*log4j*" artifact = "*spring*" violation_status = "Active" severities = ["Critical", "High", "Medium"] # Contextual Analysis Filter (requires Xray 3.130.0 or higher) ca_filter { allowed_ca_statuses = [ "applicable", "not_applicable", "undetermined", "not_scanned" ] } # Runtime Filter (requires Xray 3.130.0 or higher) runtime_filter { time_period = "7 days" } security_filters { issue_id = "XRAY-87343" summary_contains = "remote code execution" has_remediation = true cvss_score { min_score = 7.0 max_score = 10.0 } published { start = "2023-01-01T00:00:00Z" end = "2023-12-31T23:59:59Z" } } updated { start = "2023-01-01T00:00:00Z" end = "2023-12-31T23:59:59Z" } } } ``` -------------------------------- ### Terraform Xray Provider Configuration Source: https://github.com/jfrog/terraform-provider-xray/blob/main/README.md Example of how to configure the JFrog Xray provider in a Terraform setup. Ensure you also configure the Artifactory resource. ```hcl terraform { required_providers { xray = { source = "jfrog/xray" version = "~> 1.0" } } } provider "xray" { # Your Xray configuration details here # e.g., url = "https://your-xray-instance.com" # client_id = "your_client_id" # client_secret = "your_client_secret" } resource "artifactory_user_plugin_key" "xray_license" { # Artifactory resource configuration } ``` -------------------------------- ### Import Binary Manager Repositories Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/binary_manager_repos.md Import an existing Xray Binary Manager Repository Indexing configuration. The 'default' ID is used for the binary manager, and an optional project key can be appended for project-scoped configurations. ```shell terraform import xray_binary_manager_repos.my-indexed-repos default ``` ```shell terraform import xray_binary_manager_repos.my-indexed-repos default:my-project-key ``` -------------------------------- ### CVEName - Block specific CVE vulnerabilities Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/custom_curation_condition.md This example demonstrates how to create a custom curation condition to block specific CVE vulnerabilities by their name. ```APIDOC ## xray_custom_curation_condition CVEName ### Description Creates a custom curation condition to block vulnerabilities based on a specific CVE name. ### Parameters #### Path Parameters - None #### Query Parameters - None #### Request Body - **name** (string) - Required - The name of the custom curation condition. - **condition_template_id** (string) - Required - The ID of the condition template, should be 'CVEName'. - **param_values** (json) - Required - A JSON array of parameter values for the condition. - **param_id** (string) - Required - The ID of the parameter, should be 'cve_name'. - **value** (string) - Required - The CVE name to block (e.g., "CVE-2021-45105"). ### Request Example ```terraform resource "xray_custom_curation_condition" "cve_name_condition" { name = "block-log4j-cve" condition_template_id = "CVEName" param_values = jsonencode([ { param_id = "cve_name" value = "CVE-2021-45105" } ]) } ``` ### Response #### Success Response (200) - **id** (string) - The ID of the created custom curation condition. - **name** (string) - The name of the custom curation condition. - **condition_template_id** (string) - The ID of the condition template. - **param_values** (json) - The parameter values for the condition. #### Response Example ```json { "id": "123e4567-e89b-12d3-a456-426614174000", "name": "block-log4j-cve", "condition_template_id": "CVEName", "param_values": [ { "param_id": "cve_name", "value": "CVE-2021-45105" } ] } ``` ``` -------------------------------- ### Import Xray Binary Manager Builds Configuration Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/binary_manager_builds.md Demonstrates how to import an existing Xray Binary Manager Builds configuration into Terraform state. The import command requires the resource name and the target ID, optionally including a project key. ```bash terraform import xray_binary_manager_builds.my-indexed-builds default ``` ```bash terraform import xray_binary_manager_builds.my-indexed-builds default:my-project-key ``` ```bash terraform import xray_binary_manager_builds.my-builds my-builds ``` -------------------------------- ### Get Artifacts Scanned by Xray Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/data-sources/artifacts_scan.md Use this data source to fetch a list of artifacts scanned by Xray for a given repository. You can specify sorting order and offset for pagination. ```terraform data "xray_artifacts_scan" "my_artifacts_scan" { repo = "my-docker-local" order_by = "repo_path" offset = 15 } output "my_artifacts_scan" { value = data.xray_artifacts_scan.my_artifacts_scan.results } ``` -------------------------------- ### Create a SpecificVersions Condition with Equals Operator Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/custom_curation_condition.md Configure a condition to block exact versions of a specific package. This example targets precise vulnerable versions of Maven's log4j-core. ```terraform resource "xray_custom_curation_condition" "specific_versions_equals" { name = "block-vulnerable-log4j-versions" condition_template_id = "SpecificVersions" param_values = jsonencode([ { param_id = "package_type" value = "Maven" }, { param_id = "package_name" value = "log4j-core" }, { param_id = "package_versions" value = { equals = ["2.14.0", "2.15.0", "2.16.0"] # Exact vulnerable versions } } ]) } ``` -------------------------------- ### Create an Xray License Policy (Allowed Licenses) Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/index.md Configure a license policy to allow specific licenses, such as Apache-1.0 and Apache-2.0. This policy can be set to permissive for multiple licenses and can trigger build failures. ```hcl resource "xray_license_policy" "license1" { name = "test-license-policy-allowed-${random_id.randid.dec}" description = "License policy, allow certain licenses" type = "license" rule { name = "License_rule" priority = 1 criteria { allowed_licenses = ["Apache-1.0", "Apache-2.0"] allow_unknown = false multi_license_permissive = true } actions { webhooks = ["xraywebhooks${random_id.randid.dec}"] mails = ["test@email.com"] block_release_bundle_distribution = false fail_build = true notify_watch_recipients = true notify_deployer = true create_ticket_enabled = false // set to true only if Jira integration is enabled fail_pull_request = false custom_severity = "High" build_failure_grace_period_in_days = 5 // use only if fail_build is enabled block_download { unscanned = true active = true } } } } ``` -------------------------------- ### Create an Ignore Rule for a Specific Artifact Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/ignore_rule.md This example shows how to create an ignore rule for a specific artifact, including its name, version, and path. Ensure the artifact path ends with a '/'. ```terraform resource "xray_ignore_rule" "ignore-111" { notes = "fake notes" expiration_date = "2026-01-02" vulnerabilities = ["any"] artifact { name = "fake-name" version = "fake-version" path = "invalid-path/" } } ``` -------------------------------- ### Create a Gradle Local Repository Source: https://github.com/jfrog/terraform-provider-xray/blob/main/README.md Sets up a local Gradle repository in Artifactory with specific checksum policies, snapshot handling, and release/snapshot management. Enable `xray_index` for Xray integration. ```hcl resource "artifactory_local_gradle_repository" "local-gradle-repo" { key = "local-gradle-repo-basic" checksum_policy_type = "client-checksums" snapshot_version_behavior = "unique" max_unique_snapshots = 10 handle_releases = true handle_snapshots = true suppress_pom_consistency_checks = true xray_index = true # must be set to true to be able to assign the watch to the repo } ``` -------------------------------- ### Create an operational risk violations report for projects with daily updates Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/violations_report.md This example demonstrates how to create an automated operational risk violations report for specific projects, with daily generation and email notifications. ```APIDOC ## xray_violations_report operational-risk-report ### Description Creates an automated operational risk violations report for specified projects. ### Schema #### Required - `name` (String) Name of the report. #### Optional - `cron_schedule` (String) Schedule for automated report generation (e.g., '15 06 * * *'). Requires Xray 3.130.0+. - `cron_schedule_timezone` (String) Timezone for cron schedule (e.g., 'Asia/Tokyo'). Requires Xray 3.130.0+. - `emails` (Set of String) List of email addresses to notify (e.g., ['ops-team@example.com']). Requires Xray 3.130.0+. - `resources` (Block Set) The list of resources to include in the report. - `projects` (Block Set) - `keys` (Set of String) List of project keys (e.g., ['project-1', 'project-2']). - `number_of_latest_versions` (Number) Number of latest versions to consider. - `filters` (Block Set) Advanced filters for the report. - `type` (String) Type of filter (e.g., 'operational_risk'). - `watch_names` (Set of String) List of watch names (e.g., ['ops-risk-watch']). - `policy_names` (Set of String) List of policy names (e.g., ['ops-risk-policy']). - `component` (String) Component pattern (e.g., '*node*'). - `artifact` (String) Artifact pattern (e.g., '*web-app*'). - `violation_status` (String) Violation status (e.g., 'Active'). - `severities` (Set of String) List of severities (e.g., ['Critical', 'High', 'Medium']). - `ca_filter` (Block Set) Contextual Analysis Filter. Requires Xray 3.130.0+. - `allowed_ca_statuses` (Set of String) List of allowed CA statuses (e.g., ['applicable']). - `runtime_filter` (Block Set) Runtime Filter. Requires Xray 3.130.0+. - `time_period` (String) Time period for runtime analysis (e.g., '24 hours'). - `updated` (Block Set) - `start` (String) Start date for updates (e.g., '2023-01-01T00:00:00Z'). - `end` (String) End date for updates (e.g., '2023-12-31T23:59:59Z'). #### Read-Only - `id` (String) The ID of this resource. - `report_id` (Number) Report ID ``` -------------------------------- ### Xray Repository Configuration (Basic) Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/index.md Configures basic Xray settings for a repository, including JIT scanning and vulnerability analysis. ```APIDOC ## xray_repository_config xray-repo-config ### Description Configures basic Xray settings for a repository, enabling Just-in-Time (JIT) scanning and vulnerability contextual analysis. ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **repo_name** (string) - Required - The name of the repository. - **jas_enabled** (bool) - Optional - Enables Just-in-Time (JIT) scanning. - **config** (object) - Optional - Configuration block for vulnerability analysis and retention. - **vuln_contextual_analysis** (bool) - Optional - Enables contextual vulnerability analysis. - **retention_in_days** (number) - Optional - The number of days to retain scan data. - **exposures** (object) - Optional - Configuration for security exposures. - **scanners_category** (object) - Optional - Configuration for specific scanner categories. - **secrets** (bool) - Optional - Enables secret scanning. ### Request Example ```hcl resource "xray_repository_config" "xray-repo-config" { repo_name = "example-repo-local" jas_enabled = true config { vuln_contextual_analysis = true retention_in_days = 90 exposures { scanners_category { secrets = true } } } } ``` ### Response None explicitly documented. ``` -------------------------------- ### Importing xray_binary_manager_release_bundles_v2 Resource Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/binary_manager_release_bundles_v2.md Import an existing Release Bundles V2 indexing configuration. The import command supports specifying the binary manager ID and optionally a project key. ```shell terraform import xray_binary_manager_release_bundles_v2.my-indexed-release-bundles default ``` ```shell terraform import xray_binary_manager_release_bundles_v2.my-indexed-release-bundles default:my-project-key ``` -------------------------------- ### Create a SpecificVersions Condition with Version Ranges Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/custom_curation_condition.md Configure a condition to block packages within specified version ranges. This example targets the PyPI 'requests' package across multiple defined ranges. ```terraform resource "xray_custom_curation_condition" "specific_versions_ranges" { name = "block-vulnerable-requests-ranges" condition_template_id = "SpecificVersions" param_values = jsonencode([ { param_id = "package_type" value = "PyPI" }, { param_id = "package_name" value = "requests" }, { param_id = "package_versions" value = { ranges = [ {"gte" = "2.0.0", "lte" = "2.19.0"}, # Range 2.0.0 to 2.19.0 {"gt" = "2.25.0", "lt" = "2.27.0"} # Range 2.25.0 to 2.27.0 (exclusive) ] } } ]) } ``` -------------------------------- ### Create an Xray Watch for All Projects with Filters Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/watch.md Configures a watch for all projects, incorporating Ant patterns to include or exclude specific artifacts. This allows for fine-grained control over what is monitored. ```hcl resource "xray_watch" "all-projects-with-filters" { name = "projects-watch" description = "Watch all the projects with Ant patterns filter" active = true project_key = "testproj" watch_resource { type = "all-projects" bin_mgr_id = "default" ant_filter { exclude_patterns = ["a*", "b*"] include_patterns = ["ab*"] } } assigned_policy { name = xray_security_policy.min_severity.name type = "security" } assigned_policy { name = xray_license_policy.cvss_range.name type = "license" } assigned_policy { name = xray_operational_risk_policy.op_risk.name type = "operational_risk" } watch_recipients = ["test@email.com", "test1@email.com"] } ``` -------------------------------- ### Create an exposures report for release bundles with IaC category Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/exposures_report.md Generate an IaC exposure report for release bundles. This example demonstrates filtering by impacted artifact and a specific scan date range. ```terraform resource "xray_exposures_report" "iac-report" { name = "iac-exposure-report" resources { release_bundles { names = ["release-1", "release-2"] number_of_latest_versions = 2 } } filters { category = "iac" impacted_artifact = "*terraform*" scan_date { start = "2023-01-01T00:00:00Z" end = "2023-12-31T23:59:59Z" } } } ``` -------------------------------- ### Initialize Xray Provider Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/index.md Configure the Xray provider with your Artifactory URL and an access token. Environment variables can also be used for configuration. The `skip_xray_version_check` can be set to `true` to bypass version validation. ```hcl provider "xray" { url = "artifactory.site.com/xray" access_token = "abc..xy" //optional: Skip xray version check, default is false. //skip_xray_version_check = true // Also user can supply the following env vars: // JFROG_URL or XRAY_URL // XRAY_ACCESS_TOKEN or JFROG_ACCESS_TOKEN // Optional: Skip version check, default is false. // SKIP_XRAY_VERSION_CHECK = true } ``` -------------------------------- ### Configure Xray Basic Settings Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/settings.md Use this snippet to configure the basic settings for Xray, including enabling/disabling features, setting timeouts for artifact scanning, and specifying the DB sync update time. Ensure `enabled` is true when `allow_blocked` or `allow_when_unavailable` are set to true. ```terraform resource "xray_settings" "db_sync" { enabled = true allow_blocked = true allow_when_unavailable = true block_unscanned_timeout = 120 block_unfinished_scans_timeout = 3600 db_sync_updates_time = "18:40" } ``` -------------------------------- ### Create a SpecificVersions Condition with Comparison Operators Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/custom_curation_condition.md Define a condition to block packages based on version comparison operators (less than, greater than, etc.). This example blocks outdated or specific ranges of the npm lodash package. ```terraform resource "xray_custom_curation_condition" "specific_versions_comparison" { name = "block-outdated-lodash" condition_template_id = "SpecificVersions" param_values = jsonencode([ { param_id = "package_type" value = "npm" }, { param_id = "package_name" value = "lodash" }, { param_id = "package_versions" value = { lte = ["4.17.20"] # Less than or equal to 4.17.20 gte = ["5.0.0"] lt = ["3.0.0"] gt = ["6.0.0"] } } ]) } ``` -------------------------------- ### Run Acceptance Tests Source: https://github.com/jfrog/terraform-provider-xray/blob/main/CONTRIBUTIONS.md Execute `make acceptance` to run the acceptance tests for the JFrog Terraform Provider. ```bash make acceptance ``` -------------------------------- ### SpecificVersions - Block or allow specific package versions Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/resources/custom_curation_condition.md This example demonstrates how to create a custom curation condition to block or allow specific package versions using various matching criteria like exact versions, comparison operators, and version ranges. ```APIDOC ## xray_custom_curation_condition SpecificVersions ### Description Creates a custom curation condition to block or allow specific package versions based on package type, name, and version matching criteria. ### Parameters #### Path Parameters - None #### Query Parameters - None #### Request Body - **name** (string) - Required - The name of the custom curation condition. - **condition_template_id** (string) - Required - The ID of the condition template, should be 'SpecificVersions'. - **param_values** (json) - Required - A JSON array of parameter values for the condition. - **param_id** (string) - Required - The ID of the parameter. - **value** (any) - Required - The value for the parameter. - For `package_type`: The type of the package (e.g., "Maven", "npm", "PyPI"). - For `package_name`: The name of the package. - For `package_versions`: An object defining the version matching criteria. This can include: - `equals` (list of strings): Exact versions to match. - `lte` (string): Less than or equal to a specific version. - `gte` (string): Greater than or equal to a specific version. - `lt` (string): Less than a specific version. - `gt` (string): Greater than a specific version. - `ranges` (list of objects): A list of version ranges, where each object can have `gte` and `lte` (inclusive) or `gt` and `lt` (exclusive) keys. ### Request Example ```terraform # SpecificVersions with equals operator resource "xray_custom_curation_condition" "specific_versions_equals" { name = "block-vulnerable-log4j-versions" condition_template_id = "SpecificVersions" param_values = jsonencode([ { param_id = "package_type" value = "Maven" }, { param_id = "package_name" value = "log4j-core" }, { param_id = "package_versions" value = { equals = ["2.14.0", "2.15.0", "2.16.0"] # Exact vulnerable versions } } ]) } # SpecificVersions with comparison operators resource "xray_custom_curation_condition" "specific_versions_comparison" { name = "block-outdated-lodash" condition_template_id = "SpecificVersions" param_values = jsonencode([ { param_id = "package_type" value = "npm" }, { param_id = "package_name" value = "lodash" }, { param_id = "package_versions" value = { lte = ["4.17.20"] # Less than or equal to 4.17.20 gte = ["5.0.0"] # Greater than or equal to 5.0.0 lt = ["3.0.0"] # Less than 3.0.0 gt = ["6.0.0"] # Greater than 6.0.0 } } ]) } # SpecificVersions with ranges resource "xray_custom_curation_condition" "specific_versions_ranges" { name = "block-vulnerable-requests-ranges" condition_template_id = "SpecificVersions" param_values = jsonencode([ { param_id = "package_type" value = "PyPI" }, { param_id = "package_name" value = "requests" }, { param_id = "package_versions" value = { ranges = [ {"gte" = "2.0.0", "lte" = "2.19.0"}, # Range 2.0.0 to 2.19.0 {"gt" = "2.25.0", "lt" = "2.27.0"} # Range 2.25.0 to 2.27.0 (exclusive) ] } } ]) } ``` ### Response #### Success Response (200) - **id** (string) - The ID of the created custom curation condition. - **name** (string) - The name of the custom curation condition. - **condition_template_id** (string) - The ID of the condition template. - **param_values** (json) - The parameter values for the condition. #### Response Example ```json { "id": "123e4567-e89b-12d3-a456-426614174002", "name": "block-vulnerable-log4j-versions", "condition_template_id": "SpecificVersions", "param_values": [ { "param_id": "package_type", "value": "Maven" }, { "param_id": "package_name", "value": "log4j-core" }, { "param_id": "package_versions", "value": { "equals": ["2.14.0", "2.15.0", "2.16.0"] } } ] } ``` ``` -------------------------------- ### Configure an Xray Watch for All Repositories Source: https://github.com/jfrog/terraform-provider-xray/blob/main/docs/index.md Use this configuration to create a watch that monitors all repositories. It includes filters for package type and applies security and license policies. ```terraform resource "xray_watch" "all-repos" { name = "all-repos-watch-${random_id.randid.dec}" description = "Watch for all repositories, matching the filter" active = true watch_resource { type = "all-repos" filter { type = "regex" value = ".*" } filter { type = "package-type" value = "Docker" } } assigned_policy { name = xray_security_policy.security1.name type = "security" } assigned_policy { name = xray_license_policy.license1.name type = "license" } watch_recipients = ["test@email.com", "test1@email.com"] } ```