Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

feat: add JFrog Xray vulnerability scanning module #410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
blink-so wants to merge 7 commits into main
base: main
Choose a base branch
Loading
from blink/jfrog-xray-module

Conversation

Copy link
Contributor

@blink-so blink-so bot commented Sep 4, 2025

This PR adds a new Terraform module that integrates JFrog Xray vulnerability scanning results into Coder workspace metadata.

Features

  • Fetches vulnerability scan results from JFrog Xray
  • Displays vulnerability counts (Critical, High, Medium, Low) on workspace page
  • Supports flexible image path formats
  • Works with any workspace type using container images
  • Provides secure token handling

Usage

module "jfrog_xray" {
 source = "registry.coder.com/modules/jfrog-xray/coder"
 version = "1.0.0"
 
 resource_id = docker_container.workspace.id
 xray_url = "https://example.jfrog.io/xray"
 xray_token = var.jfrog_access_token
 image = "docker-local/codercom/enterprise-base:latest"
}

Related Issues

Tested with basic Terraform validation. Full integration testing requires live JFrog instance.

blink-so bot and others added 3 commits September 4, 2025 07:08 
Adds a Terraform module that integrates JFrog Xray vulnerability scanning
results into Coder workspace metadata. The module:
- Fetches vulnerability scan results from JFrog Xray
- Displays vulnerability counts (Critical, High, Medium, Low) on workspace page
- Supports flexible image path formats
- Works with any workspace type using container images
- Provides secure token handling
Resolves coder/coder#12838 and addresses #65
Co-authored-by: matifali <10648092+matifali@users.noreply.github.com>
Fixes CI formatting checks for the JFrog Xray module.
Adds the required Terraform usage example immediately after the h1 heading
to satisfy the README validation requirements.
blink-so bot added 4 commits September 4, 2025 07:15 
Fixes remaining formatting issues in the README file.
The check_license argument is not supported by the JFrog Xray Terraform
provider, causing test failures. Removing this argument fixes the
Terraform validation.
Adds proper null handling for cases where xray scan results are null,
which was causing Terraform validation failures. Uses try() function
to gracefully handle null values and provide default vulnerability counts.
Fixes terraform formatting issue identified by CI checks.
Copy link
Member

matifali commented Sep 4, 2025

@jatcod3r can you help me test this if you have s setup ready?
blink-so[bot] reacted with thumbs up emoji

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jatcod3r jatcod3r Awaiting requested review from jatcod3r

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

JFrog Xray integration
1 participant

AltStyle によって変換されたページ (->オリジナル) /