Missing Xray build scan information on Artifactory tab?

[Andrew-F]

The Artifactory tab in the Azure DevOps pipeline result page is only showing a single 'Artifactory Build Info' link and no 'Xray Build Scan Report'.

I ran a build pipeline with the JFrog Publish Build Info task and JFrog Build Scan task according to the following documentation: https://www.jfrog.com/confluence/display/JFROG/JFrog+Azure+DevOps+Extension

Should the Xray scan information be more visible from this tab?

Screenshots Expected (Publishing Build Info to Artifactory): Actual:

Versions

• JFrog Azure DevOps Extension version: 2.0.4
• Agent operating system: Windows
• JFrog Artifactory version: 7.33.12
• JFrog Xray version: 3.37.0

[RobiNino]

Hi @Andrew-F , Thank you for reporting this. Im afraid the documentation was misleading. When the new extension was created, the Xray report link was removed from the Artifactory tab in favor of a vulnerabilities table in the task run logs. The table is informative, reducing the need to access the UI in a lot of cases. The link to the report is also printed along with the table.

We've update the documentation accordingly. Sorry for the inconvenience caused by this.

[Maetis]

Would it be possible to add the ability to choose the output format for the JFrog Build Scan task?

For example, if we could export the output to a Sarif file we could use an extension like SARIF SAST Scans Tab to display the result in the Azure DevOps interface.