tanguydelignieresaccenture
commented
3 years ago See jenkins-artifactory-plugin #320 I commented about this:
I'm in the same context (kaniko pushing the layers to artifactory itself and not the jfrog cli with build info). In fact a build info must be published in order to run an XRay scan.
So I'm trying a workaround:
- Using jfrog-cli set-props, after kaniko has push layers of image to artifactory, to set the properties build.name and build.number on artifacts (it's needed in order for the build info to match the artifacts, see here)
- Creating a build info json file locally using pushed layers properties via jfrog-cli search + jq following the build info format
- Creating the build info on artifactory side via this undocumented private REST API
- Calling the jfrog-cli build-scan on my build
I confirm I was able to make an XRay scan of an already pushed image and its layers, this way. But thinking of the complexity of this sequence, there should be a feature to achieve this as this is a real use case.
eyalbe4
Or-Geva
DS-KrzJon
Is your feature request related to a problem? Please describe. https://github.com/GoogleContainerTools/kaniko
While kaniko is able to push images to Artifactory, there is no CLI support for kaniko.
Describe the solution you'd like to see JFrog CLI supports kaniko image pushing with build info.
Describe alternatives you've considered Push the image with kaniko to Artifactory, then download the image outside of the kaniko container, where the daemon exists. From there, upload the image with buildInfo using CLI.