How to configure Prisma Compute to scan a JFrog Cloud Artifactory?

How to configure Prisma Compute to scan a JFrog Cloud Artifactory?

4029
Created On 06/17/23 22:11 PM - Last Modified 07/14/25 18:15 PM


Objective


The objective of this article is to educate the reader about the registry settings on Prisma Compute for the configuration of a JFrog Cloud artifactory, and this should include the following:
  • Identifying a JFrog local configuration URL
  • Identifying a JFrog cloud configuration URL
  • How to scan all repositories within the JFrog cloud artifactory
  • How to scope repositories within a JFrog cloud artifactory

Environment


  • Prisma Cloud Compute Edition - Self-hosted & SaaS
  • JFrog Cloud Artifactory

Procedure


  • Identifying a JFrog local configuration URL:

The URL in this case shall have a ".com" as a suffix followed by "/artifactory" or more. The following screenshots show a sample JFrog local configuration.

  • Identifying a JFrog cloud configuration URL
The URL in this case shall have a ".io" as a suffix followed by the repository name, if and when necessary. The following screenshots show a sample JFrog cloud configuration.



  • How to scan all repositories within the JFrog cloud artifactory
The URL entered under Defend > Vulnerabilities > Registry settings > Add registry > Registry must have a ".io" as a suffix, and should exactly look like the configuration shown in the first screenshot of the previous bullet point. 

Please note that one must carefully select the "Repository types", whether it is Local, Remote, or Virtual. If all three are chosen without knowing the type of the repository, it can lead to an error in the scanning.
  • How to scope repositories within a JFrog cloud artifactory
The URL entered under Defend > Vulnerabilities > Registry settings > Add registry > Registry must have a ".io" as a suffix, and instead of mentioning the repository along with the registry URL, you must mention it under the "Repository" field. 

Please note that a wildcard ("*") must be included after the repository path as shown in the screenshot below. This configuration should only scan all the images within the "docker-local/redis" repository.

Additional Information
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kI7rCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail