Assign Resources to the Watch

JFrog Security Documentation

JFrog Xray
Content Type
User Guide

Permissions Apply

You can only see resources in a Watch if they are indexed for scanning by Xray and you have "View" permission on the resource.

You can only add resources to a Watch or remove them if they are indexed for scanning by Xray and you have "Manage" permission on the resource.

The next step is to assign resources to a Watch. The Resources are the set of repositories and builds in the connected Artifactory services that the Watch monitors. If you are using Projects, you can select Projects as resource.

Managing resources for a Watch involves two steps:

  1. Specifying the repositories, builds, Release Bundles, and Projects to monitor.

  2. Applying filters to focus only on those artifacts within those repositories and builds that you are interested in.

To assign resources on a watch:

  • In the Manage Resources section, access each resource type and select the resources to be monitored.

    creating watches-assigning resources.png
  • For Projects:

  • Select the resources to be included within each resource type. You have a number of options to select the resources to be included:

    - All resources within the resource type: Set the Any Repository, Any Build, Any Bundle or Any Project checkboxes to monitor all those resources that have been specified for indexing by Xray. Note that this setting will also apply to new repositories and builds that are created after the Watch is defined. - Packages: Set according to the Repo Path Include and Repo Path Exclude patterns. - Builds and Release Bundles: Select By Name or By Pattern.

- Projects: Select By Name or By Pattern (project keys).

  • Move the resources you are interested in from the list of Available Resources on the left to the list of Selected Resources on the right by dragging them, or by selecting them and using the arrow icons.

Scanning External Resources

From version 2.6, when scanning builds for supported package formats, external (transitive) dependencies that are not directly included in the build are also scanned and will trigger violations if they meet the criteria specified in a Watch. Currently, the supported package formats are: Maven, NuGet, npm and Gradle and scans external resources using SHA-256.Checksum-Based Storage