Deployment Task

The Aqua webhook plugin for Artifactory will notify Aqua of new images pushed into Artifactory, so Aqua will be able to scan new images as they arrive. This is done via a Webhook post request to the Aqua Console API.


Deployment Steps


The plugin consists of 2 components:

1. webhook.groovy - the actual Artifactory plugin
2. webhook.config.json - configuration file for setting URL and events for activation


Installation

To use the Aqua plugin in Artifactory, copy the webhook.config.json and the webhook.groovy files to the Artifactory plugin directory:

cp webhook.config.json /opt/jfrog/artifactory/etc/plugins

cp webhook.groovy /opt/jfrog/artifactory/etc/plugins


Restart the Artifactory service:

sudo systemctl restart artifactory.service


In case Artifactory is running as a container, use the following commands to copy the plugin:

docker cp webhook.config.json <container-name/id>:/opt/jfrog/artifactory/etc/plugins
docker cp webhook.groovy <container-name/id>:/opt/jfrog/artifactory/etc/plugins

Restart the container:
docker restart <container-name/id>


Configuration in the Aqua Console

This webhook.config.json example contains all of the information the Webhook needs in order to connect to the Aqua Console.

{

  "webhooks": {

    "docker": {

      "events": [

        "docker.tagCreated"

      ],

      "repositories": [

        "*"

      ],

      "aquaConsoleAddress": "<http://aqua-console-ip:port>",

      "repoPathAccessMethod": <true/false>,

      "aquaRegistryName": "<name of the registry integration in Aqua Console>",

      "aquaUsername": "<username>",

      "aquaPassword": "<password>",

      "authHeader": "<name of authorization header used by aqua console, default is Authorization>",

      "enabled": true

    }

  },

  "debug": false,

  "timeout": 15000

}


Webhook Properties:

PropertyDescription
eventsThe events to listen to, only docker.tagCreated is supported.
repositoriesThe list of repositories to limit the event listening to.
enabledWhether this Webhook should be enabled.
aquaConsoleAddressURL of the Aqua Console.
repoPathAccessMethodSet this property to true when "Docker Access Method" under "HTTP Settings" is set to "Repository Path".
aquaRegistryNameName of the registry integration in the Aqua Console configured to work with Artifactory.
aquaUsernameUsername of the Aqua Console.
aquaPasswordPassword of the Aqua Console.
authHeaderName of authorization header used by the Aqua Console. The default is Authorization. It can be modified by setting the "AUTHORIZATION_HEADER" environment variable in the Aqua Console container.


Global Properties:

PropertyDescriptionRequired
debugEnable additional loggingfalse
timeoutTimeout for POST requestfalse