jfrog xray report generation on consumed packages #69
Assignees
Comments
|
Hi @psamadda XRay way to have information about dependencies is uploading the "buildInfo" json file to the server, as the server side does not automatically parse and analyze the dependencies and transitive dependencies of every package upload. There are tools in the conan-extensions repo to create the buildInfo. I am moving this ticket to that repo, please have a look to: https://github.com/conan-io/conan-extensions/tree/main/extensions/commands/art |
|
Just wanted to update this issue to confirm that the XRay scan report is generated for builds when using the build-info. See comment #100 (comment) for more information |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is your question?
I have created a conan package from examples2/tutorial/creating_packages/add_requires. When I upload the package in the conan package type repository in jfrog server, the xray report is not showing any security/vulnerability issue in the consumed package(fmt in this case). But xray scan is reporting issues if I push fmt package individually. Does the xray report not generated on consumed packages or libs? If yes, what I am missing?
Have you read the CONTRIBUTING guide?
The text was updated successfully, but these errors were encountered: