Configuring Xray Watches

JFrog Security Documentation

JFrog Xray
Content Type
User Guide

Xray Watches are the focal point for viewing and managing your security and license violations in the JFrog Platform. Watches provide you with the flexibility you need to meet your specific security and violation requirements. You select the resources you would like to scan for security vulnerabilities and compliance and determine the actions to be taken once a security vulnerability is detected. For more information on how JFrog Xray processes watches and policies, see How Does Xray Scan Your Artifacts?

How Does Xray Process Policies on a Watch?

When scanning an artifact, Xray completes the following steps for each resource added to a Watch:

  1. Check existence: Xray checks if the artifact exists in the resource

  2. Check filters: Xray then checks if the artifact matches all of the filters defined for that resource.

  3. Process Assigned Polices: Xray independently processes all of the policies in the Watch. For each assigned policy, Xray performs the following steps:

    1. Processes the rules according to priority.

    2. Checks the criteria of the rule.

    3. If the criteria are met, Xray generates a violation, the automatic actions are executed and the policy is considered as processed. There is no need to continue to the subsequent rules in the policy.

    4. If the criteria are not met, Xray continues to the next rule.

    5. In case none of the rules apply, the policy is considered processed, and Xray continues to the next policy if one exists.


Starting from Xray 3.21.2, the Watches configuration has been moved from the Application Module to the Administration Module in the JFrog Platform UI.