1. Overview

Artifactory is a service for hosting and distributing container images. Artifactory lets you segment the service by repository key, so that you can allocate dedicated registries per project, team, or any other facet. Repositories can be accessed with the Docker client. A repository is a collection of related images, versioned by tag.

Artifactory lets you configure how images in the repository are accessed with a setting called the Docker Access Method. Prisma Cloud supports the subdomain method and the repository method. The port method is not supported.

In the subdomain model, the repository is accessed through a reverse proxy. Each Docker repository is individually addressed by a unique value, known as the repository key, positioned in subdomain of the registry’s URL.

$ docker {pull|push} <REPOSITORY_KEY>.art.example.com/<IMAGE>:<TAG>

In the repository path model, each repository can be directly addressed. The repository key is part of the path to the image repo.

$ docker {pull|push} art.example.com:443/<REPOSITORY_KEY>/<IMAGE>:<TAG>

Artifactory recommends that the subdomain method be used for production environments. The repository model is suitable for small test setups and proof of concepts.

2. Configuring Prisma Cloud to scan images in your registry

To scan images in a JFrog Artifactory Docker registry, create a new registry scan setting. You have a couple of options for setting up your scan.

1) Prisma Cloud can autodiscover and scan all images in all repos across the Artifactory service for versions of Artifactory greater than or equal to 6.2.0. In the registry scan settings, set the version to JFrog Artifactory and set the registry address to your reverse proxy.