Glide to JFrog DevSecOps with the New Experience
By
5min read
We’re excited to share with you that we have launched a completely new way to start using the JFrogDevOps Platformthat you – as a developer – will love. We’ve provided a super-easy, developer-friendly path to discovering how Artifactory and Xray can help you produce safer apps, faster, getting started through the command line shell and IDE that you use every day.
It’s already easy to get a free JFrog cloud account through our website, which equips you with:
- Artifactory– The industry-leadingrepository managerand secure source of truth for all packages, images, and artifacts.
- Xray– Thesoftware composition analysis toolthat helps keep out knownopen source vulnerabilities.
- Pipelines– Natively integrated CI/CD automation for yourDevOps pipelinethat powers your JFrog circle of trust.
Now you can not only start the same signup process for a free cloud account through your command line, but we’ll automatically install the JFrog CLI and configure your environment to start using your new JFrog account with your projects. All in under 5 minutes!
Just sit back, run a few simple commands, and we’ll do the rest for you.
Developer-Friendly Setup
To start using JFrog, you only have to run one command from your terminal, then follow the instructions.
Mac or Linux
If you’re using Mac or Linux, you can get started using thecurlutility:
curl -fL https://getcli.jfrog.io/setup | sh
Windows
If your using Windows, run Powershell:
powershell "Start-Process -Wait -Verb RunAs powershell '-NoProfile iwr https://releases.jfrog.io/artifactory/jfrog-cli/v2/[RELEASE]/jfrog-cli-windows-amd64/jfrog.exe -OutFile $env:SYSTEMROOT\system32\jf.exe'" ; jf setup
Running either of these commands launches the setup of your JFrog environment:
- The JFrog CLI is installed on your workstation.
- A browser window opens with a simple registration form.
- After filling out the form and clickingProceed, we’ll create a new free JFrog account for you. The newly installed JFrog CLI automatically pulls its connection details, and sets up your workstation to work with it.
- In your terminal, you’ll be prompted to run the newjf project initcommand under the root of your code project.
- Once the project completes initialization, you’ll be able to start using the features of Artifactory and Xray through the JFrog CLI.
Discover the Value
Your new JFrog cloud account is available right away, and you can access it anytime through your browser using your e-mail and password.
But you don’t even have to leave your terminal to start using the JFrog Platform with your projects.
First, change your current directory (through thecdcommand) to the root directory of your project. Then, initialize your project for use with JFrog.
cd \myworkspace\myproject jf project init
Once the project completes initialization, you’ll be able to start using the features of Artifactory and Xray through the JFrog CLI.
Auditing and Scanning
From your command line, you can harness JFrog Xray’s component analysis and extensive vulnerabilities database to produce a security report for the project or for any software package on your workstation
Through a simple JFrog CLI command, you can reveal which of your project’s open source components are vulnerable and replace them with safer versions even before you commit your code.
- To audit your code project forsecurity vulnerabilities, while inside the root directory of your project:
jf audit
- To scan a particular software package on your local machine for security vulnerabilities:
jf scan path/to/dir/or/package
Your security report will be displayed in the terminal.
IDE Integration
You’re also set up to bring this security visibility into your IDE. If you’re using VS Code, IntelliJ IDEA, WebStorm, PyCharm, Android Studio or GoLand, just install theJFrog extension or plugin. Your IDE will magically become aware of the new environment.
Once your IDE plugin is installed, you’ll be able to view security violation information about your local project in the newly activated JFrog panel. For example, in IntelliJ IDEA:
Build and Deploy
You can perform builds and deploys of your projects through the JFrog CLI as well, which will collect build info that you can then publish to Artifactory.
For example, to perform a Maven install and deploy:
jf mvn install deploy
To publish build info for your build to your JFrog environment, run the following command:
jf rt bp
You can learn much more about the kind of builds and deploys you can do for npm, Gradle, pip, or Golang through the JFrog CLI in ourGetting Started Guide.
Just the Start
在JFrog,我们已经把很多心思trying to make this flow as automatic, easy to use and convenient as it can be. You don’t need to know whatLocal, Remote or Virtual repositoriesare in Artifactory. You don’t need to configure Watches, Rules or Policies in Xray.
But after seeing how JFrog can help you as a developer, we hope you’ll want to learn more, use the power of the JFrog Platform to accelerate development, and invite others on your team to give Artifactory and Xray a try!
