Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender for Containers provides inventory discovery and vulnerability assessment of a container image throughout its lifecycle, from code development to cloud deployment. Defender for Containers protects the JFrog Artifactory (Cloud) container registry images with the same security capabilities available for the cloud-native registry images in Azure Container Registry (ACR), Elastic Container Registry (ECR), and Google Container Registry (GCR).
Security Capabilities
Inventory – Identifies and lists all available container images within the JFrog Artifactory tenant.
Vulnerability assessment – Regularly scans the JFrog Artifactory tenant for supported container images, identifies vulnerabilities, and provides recommendations for issues to be remediated.
Prerequisites
To enable vulnerability assessment for your JFrog Artifactory, a JFrog connector must be configured. As part of the configuration, the JFrog connector generates a script to be executed using the JFrog CLI. The script can run from a Windows, Linux, or macOS environment.
The following are necessary to generate and execute the script:
- You must have administrative access to your JFrog Artifactory tenant.
- The JFrog CLI must be installed.
- The jq JSON parser must be installed.
Onboard JFrog Artifactory environment
You must have Security administrator or higher privileges in Defender for Cloud to add a JFrog Artifactory environment.
Note
Each connector corresponds to only one JFrog Artifactory tenant. You should create a connector for each tenant that is to have security coverage in order to achieve optimal security coverage.
The JFrog environment wizard assists with the onboarding process:
Connector Details
Connector name: Specify a unique connector name.
Location: Specify the geographic location where Defender for Cloud stores the data associated with this connector.
Subscription: The hosting subscription that defines the RBAC scope and billing entity for the JFrog Artifactory environment.
Resource group: For RBAC purposes.
Scanning intervals: Select an interval for scanning the container registry for vulnerabilities.
Server ID: The prefix of the customer's JFrog Artifactory account URL.
Note
A single subscription can be linked to one JFrog Artifactory environment instance, although container images from this instance may be deployed to multiple environments that are overseen by Defender for Cloud, outside the boundaries of the associated subscription.
Select Plans
Multiple plans exist for this environment. Select the desired plan:
Foundational CSPM: Basic plan available for all customers, providing inventory capabilities only.
Containers: Offers inventory and vulnerability assessment features.
Defender CSPM: Offers inventory and vulnerability assessment features, and other capabilities like attack path analysis and code-to-cloud mapping.
Note
For information regarding the plan pricing review Microsoft Defender for Cloud pricing. Ensure your JFrog Artifactory environment plans are in sync with your cloud environment plans and share the same subscription to maximize coverage.
Configure Access
Download the relevant installation script for the environment running the script (Windows, or Linux/macOS )
Execute the connector script using the JFrog CLI.
Review and generate
Review the configured connector details before generating the JFrog connector.
Validate connectivity
Verify the connection is successful and displayed on the environment settings screen.
Validate the feature is working properly
Note
Scanning of the JFrog Artifactory is initiated within one hour of onboarding.
- Inventory – Make sure your see JFrog Artifactory container images in the Defender for Cloud > Inventory view
- Vulnerability Assessment – Ensure you receive the recommendation "[Preview] Container images in JFrog Artifactory registry should have vulnerability findings resolved" to address security issues in your JFrog Artifactory container images.
