frogbot icon indicating copy to clipboard operation
frogbot copied to clipboard
verified publisher icon jfrog

Publish standalone CLI option

Open mcandre opened this issue 1 year ago • 2 comments

Is your feature request related to a problem? Please describe.

I want to run X-Ray scans without depending on either Artifactory or GitHub Actions.

Describe the solution you'd like to see

Provide a free Artifactory URL endpoint and default jf CLI to target that.

Describe alternatives you've considered

Snyk

mcandre avatar Oct 19 '24 06:10 mcandre

Hi @mcandre, thanks for approaching us.

Our security offerings - including Xray, CLI scans, etc - are depending on having an active JFrog subscription. As of today, all of our available subscriptions that include security capabilities also come with Artifactory. Therefore, Xray scans cannot happen without having Artifactory in your organization. Keep in mind that in order to perform security scans you are required to provide the platform URL - mostly for license verification.

Offering Xray without the JFrog Platform is not in our plans.

Please let me know if there's something else I can help with.

barbelity avatar Oct 20 '24 07:10 barbelity

A significant amount of software components, including components used as dependencies in proprietary projects, are FOSS. Free tiers of more security analysis tools for FOSS projects would dramatically improve the security posture of the software industry as a whole.

mcandre avatar Oct 21 '24 02:10 mcandre