Running and Configuring the Docker Scout Artifactory Agent

| `artifactory.username` | Username of the Artifactory user with read permissions that the agent will use. | | `artifactory.password` | Password or API token for the Artifactory user. | | `artifactory.image_filters` | Optional: List of repositories and images to analyze. | If you don't specify any repositories in `artifactory.image_filters`, the agent runs image analysis on all images in your Artifactory instance. The following snippet shows a sample configuration: ```json { "agent_id": "acme-prod-agent", "docker": { "organization_name": "acme", "username": "mobythewhale", "pat": "dckr_pat__dsaCAs_xL3kNyupAa7dwO1alwg" }, "artifactory": [ { "base_url": "https://acme.jfrog.io", "username": "acmeagent", "password": "hayKMvFKkFp42RAwKz2K", "image_filters": [ { "repository": "dev-local", "images": ["internal/repo1", "internal/repo2"] }, { "repository": "prod-local", "images": ["staging/repo1", "prod/repo1"] } ] } ] } ``` Create a configuration file and save it somewhere on the server where you plan to run the agent. For example, `/var/opt/artifactory-agent/config.json`. #### Run the agent The following example shows how to run the Docker Scout Artifactory agent using `docker run`. This command creates a bind mount for the directory containing the JSON configuration file created earlier at `/opt/artifactory-agent/data` inside the container. Make sure the mount path you use is the directory containing the `config.json` file.  > [!IMPORTANT] > > Use the `v1` tag of the Artifactory agent image. Don't use the `latest` tag as > doing so may incur breaking changes. ```console $ docker run \ --mount type=bind,src=/var/opt/artifactory-agent,target=/opt/artifactory-agent/data \ docker/artifactory-agent:v1 ``` #### Analyzing pre-existing data By default the agent detects and analyzes images as they're created and updated. If you want to use the agent to analyze pre-existing images, you can use backfill mode. Use the `--backfill-from=TIME` command line option, where `TIME` is an ISO 8601 formatted time, to run the agent in backfill mode. If you use this option, the agent analyzes all images pushed between that time and the current time when the agent starts, then exits. For example: ```console $ docker run \ --mount type=bind,src=/var/opt/artifactory-agent,target=/opt/artifactory-agent/data \ docker/artifactory-agent:v1 --backfill-from=2022-04-10T10:00:00Z ``` When running a backfill multiple times, the agent won't analyze images that it's already analyzed. To force re-analysis, provide the `--force` command line flag. ### View analysis results You can view the image analysis results in the Docker Scout Dashboard. 1. Go to [Images page](https://scout.docker.com/reports/images/) in the Docker Scout Dashboard. This page displays the Docker Scout-enabled repositories in your organization. 2. Select the image in the list. 3. Select the tag. When you have selected a tag, you're taken to the vulnerability report for that tag. Here, you can select if you want to view all vulnerabilities in the image, or vulnerabilities introduced in a specific layer. You can also filter vulnerabilities by severity, and whether or not there's a fix version available.

This section provides instructions on how to run the Docker Scout Artifactory agent using Docker, including creating a bind mount for the configuration file. It emphasizes the importance of using the `v1` tag and not the `latest` tag to avoid breaking changes. The instructions also cover how to analyze pre-existing images using the `--backfill-from` option with an ISO 8601 formatted time, and how to force re-analysis using the `--force` flag. Finally, it describes how to view the analysis results in the Docker Scout Dashboard, including navigating to the Images page, selecting an image and tag, and viewing the vulnerability report with various filtering options.