{"id":30996845,"url":"https://github.com/jfrog/terraform-provider-xray","last_synced_at":"2026-02-11T07:16:42.426Z","repository":{"id":37573645,"uuid":"419061473","full_name":"jfrog/terraform-provider-xray","owner":"jfrog","description":"Terraform provider to manage JFrog Xray","archived":false,"fork":false,"pushed_at":"2026-02-04T06:26:22.000Z","size":36515,"stargazers_count":155,"open_issues_count":11,"forks_count":16,"subscribers_count":9,"default_branch":"main","last_synced_at":"2026-02-04T17:36:27.277Z","etag":null,"topics":["artifactory","configuration-as-code","golang","infrastructure-as-code","jfrog","terraform","terraform-provider","xray"],"latest_commit_sha":null,"homepage":"https://jfrog.com/xray/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jfrog.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-10-19T19:16:54.000Z","updated_at":"2025-12-16T07:18:51.000Z","dependencies_parsed_at":"2022-07-10T03:00:18.717Z","dependency_job_id":"92572d1b-4ee9-4563-8cae-50d36b2b60a8","html_url":"https://github.com/jfrog/terraform-provider-xray","commit_stats":null,"previous_names":[],"tags_count":87,"template":false,"template_full_name":null,"purl":"pkg:github/jfrog/terraform-provider-xray","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fterraform-provider-xray","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fterraform-provider-xray/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fterraform-provider-xray/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fterraform-provider-xray/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jfrog","download_url":"https://codeload.github.com/jfrog/terraform-provider-xray/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fterraform-provider-xray/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29329492,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T06:13:03.264Z","status":"ssl_error","status_checked_at":"2026-02-11T06:12:55.843Z","response_time":97,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["artifactory","configuration-as-code","golang","infrastructure-as-code","jfrog","terraform","terraform-provider","xray"],"created_at":"2025-09-12T22:03:30.275Z","updated_at":"2026-02-11T07:16:42.419Z","avatar_url":"https://github.com/jfrog.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform Provider Xray\n\n[![Terraform \u0026 OpenTofu Acceptance Tests](https://github.com/jfrog/terraform-provider-xray/actions/workflows/acceptance-tests.yml/badge.svg)](https://github.com/jfrog/terraform-provider-xray/actions/workflows/acceptance-tests.yml)\n[![Actions Status](https://github.com/jfrog/terraform-provider-xray/workflows/release/badge.svg)](https://github.com/jfrog/terraform-provider-xray/actions)\n[![Go Report Card](https://goreportcard.com/badge/github.com/jfrog/terraform-provider-xray)](https://goreportcard.com/report/github.com/jfrog/terraform-provider-xray)\n\nTo use this provider in your Terraform module, follow the documentation [here](https://registry.terraform.io/providers/jfrog/xray/latest/docs).\n\n[Xray general information](https://jfrog.com/xray/)\n\n[Xray API Documentation](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API)\n\n## Quick Start\n\nCreate a new Terraform file with `xray` resource (and `artifactory` resource as well):\n\n\u003cdetails\u003e\u003csummary\u003eHCL Example\u003c/summary\u003e\n\n```terraform\n# Required for Terraform 0.13 and up (https://www.terraform.io/upgrade-guides/0-13.html)\nterraform {\n  required_providers {\n    artifactory = {\n      source  = \"jfrog/artifactory\"\n      version = \"10.1.2\"\n    }\n\n    project = {\n      source  = \"jfrog/project\"\n      version = \"1.3.4\"\n    }\n\n    xray = {\n      source  = \"jfrog/xray\"\n      version = \"2.2.0\"\n    }\n  }\n}\nprovider \"artifactory\" {\n  // supply ARTIFACTORY_USERNAME, ARTIFACTORY_PASSWORD and ARTIFACTORY_URL as env vars\n}\n\nprovider \"project\" {\n  // supply PROJECT_URL, PROJECT_ACCESS_TOKEN as env vars\n  url = \"${var.project_url}\"\n  access_token = \"${var.project_access_token}\"\n}\n\nprovider \"xray\" {\n// Also user can supply the following env vars:\n// JFROG_URL or XRAY_URL\n// XRAY_ACCESS_TOKEN or JFROG_ACCESS_TOKEN\n}\n\nresource \"random_id\" \"randid\" {\n  byte_length = 2\n}\n\nresource \"artifactory_user\" \"user1\" {\n  name     = \"user1\"\n  email    = \"test-user1@artifactory-terraform.com\"\n  groups   = [\"readers\"]\n  password = \"Passw0rd!\"\n}\n\nresource \"artifactory_local_docker_v2_repository\" \"docker-local\" {\n  key             = \"docker-local\"\n  description     = \"hello docker-local\"\n  tag_retention   = 3\n  max_unique_tags = 5\n  xray_index = true # must be set to true to be able to assign the watch to the repo\n}\n\nresource \"artifactory_local_gradle_repository\" \"local-gradle-repo\" {\n  key                             = \"local-gradle-repo-basic\"\n  checksum_policy_type            = \"client-checksums\"\n  snapshot_version_behavior       = \"unique\"\n  max_unique_snapshots            = 10\n  handle_releases                 = true\n  handle_snapshots                = true\n  suppress_pom_consistency_checks = true\n  xray_index = true # must be set to true to be able to assign the watch to the repo\n}\n\nresource \"project\" \"myproject\" {\n  key          = \"test\"\n  display_name = \"My Project\"\n  description  = \"My Project\"\n  admin_privileges {\n    manage_members   = true\n    manage_resources = true\n    index_resources  = true\n  }\n}\n\nresource \"project\" \"myproject1\" {\n  key          = \"test1\"\n  display_name = \"My Project\"\n  description  = \"My Project\"\n  admin_privileges {\n    manage_members   = true\n    manage_resources = true\n    index_resources  = true\n  }\n}\n\n\nresource \"xray_security_policy\" \"security1\" {\n  name        = \"test-security-policy-severity-${random_id.randid.dec}\"\n  description = \"Security policy description\"\n  type        = \"security\"\n\n  rule {\n    name     = \"rule-name-severity\"\n    priority = 1\n\n    criteria {\n      min_severity = \"High\"\n    }\n\n    actions {\n      webhooks = []\n      mails    = [\"test@email.com\"]\n      block_release_bundle_distribution  = true\n      fail_build                         = true\n      notify_watch_recipients            = true\n      notify_deployer                    = true\n      create_ticket_enabled              = false // set to true only if Jira integration is enabled\n      build_failure_grace_period_in_days = 5     // use only if fail_build is enabled\n\n      block_download {\n        unscanned = true\n        active    = true\n      }\n    }\n  }\n}\n\nresource \"xray_security_policy\" \"security2\" {\n  name        = \"test-security-policy-cvss-${random_id.randid.dec}\"\n  description = \"Security policy description\"\n  type        = \"security\"\n\n  rule {\n    name     = \"rule-name-cvss\"\n    priority = 1\n\n    criteria {\n\n      cvss_range {\n        from = 1.5\n        to   = 5.3\n      }\n    }\n\n    actions {\n      webhooks = []\n      mails    = [\"test@email.com\"]\n      block_release_bundle_distribution  = true\n      fail_build                         = true\n      notify_watch_recipients            = true\n      notify_deployer                    = true\n      create_ticket_enabled              = false // set to true only if Jira integration is enabled\n      build_failure_grace_period_in_days = 5     // use only if fail_build is enabled\n\n      block_download {\n        unscanned = true\n        active    = true\n      }\n    }\n  }\n}\n\nresource \"xray_license_policy\" \"license1\" {\n  name        = \"test-license-policy-allowed-${random_id.randid.dec}\"\n  description = \"License policy, allow certain licenses\"\n  type        = \"license\"\n\n  rule {\n    name     = \"License_rule\"\n    priority = 1\n\n    criteria {\n      allowed_licenses         = [\"Apache-1.0\", \"Apache-2.0\"]\n      allow_unknown            = false\n      multi_license_permissive = true\n    }\n\n    actions {\n      webhooks = []\n      mails    = [\"test@email.com\"]\n      block_release_bundle_distribution  = false\n      fail_build                         = true\n      notify_watch_recipients            = true\n      notify_deployer                    = true\n      create_ticket_enabled              = false // set to true only if Jira integration is enabled\n      custom_severity                    = \"High\"\n      build_failure_grace_period_in_days = 5 // use only if fail_build is enabled\n\n      block_download {\n        unscanned = true\n        active    = true\n      }\n    }\n  }\n}\n\nresource \"xray_license_policy\" \"license2\" {\n  name        = \"test-license-policy-banned-${random_id.randid.dec}\"\n  description = \"License policy, block certain licenses\"\n  type        = \"license\"\n\n  rule {\n    name     = \"License_rule\"\n    priority = 1\n\n    criteria {\n      banned_licenses          = [\"Apache-1.1\", \"APAFML\"]\n      allow_unknown            = false\n      multi_license_permissive = false\n    }\n\n    actions {\n      webhooks = []\n      mails    = [\"test@email.com\"]\n      block_release_bundle_distribution  = false\n      fail_build                         = true\n      notify_watch_recipients            = true\n      notify_deployer                    = true\n      create_ticket_enabled              = false // set to true only if Jira integration is enabled\n      custom_severity                    = \"Medium\"\n      build_failure_grace_period_in_days = 5 // use only if fail_build is enabled\n\n      block_download {\n        unscanned = true\n        active    = true\n      }\n    }\n  }\n}\n\nresource \"xray_watch\" \"all-repos\" {\n  name        = \"all-repos-watch-${random_id.randid.dec}\"\n  description = \"Watch for all repositories, matching the filter\"\n  active      = true\n\n  watch_resource {\n    type = \"all-repos\"\n\n    filter {\n      type  = \"regex\"\n      value = \".*\"\n    }\n  }\n\n  assigned_policy {\n    name = xray_security_policy.security1.name\n    type = \"security\"\n  }\n\n  assigned_policy {\n    name = xray_license_policy.license1.name\n    type = \"license\"\n  }\n  watch_recipients = [\"test@email.com\", \"test1@email.com\"]\n}\n\nresource \"xray_watch\" \"repository\" {\n  name        = \"repository-watch-${random_id.randid.dec}\"\n  description = \"Watch a single repo or a list of repositories\"\n  active      = true\n\n  watch_resource {\n    type       = \"repository\"\n    bin_mgr_id = \"default\"\n    name       = artifactory_local_docker_v2_repository.docker-local.key\n\n    filter {\n      type  = \"regex\"\n      value = \".*\"\n    }\n  }\n\n  watch_resource {\n    type       = \"repository\"\n    bin_mgr_id = \"default\"\n    name       = artifactory_local_gradle_repository.local-gradle-repo.key\n\n    filter {\n      type  = \"package-type\"\n      value = \"Docker\"\n    }\n  }\n\n  assigned_policy {\n    name = xray_security_policy.security1.name\n    type = \"security\"\n  }\n\n  assigned_policy {\n    name = xray_license_policy.license1.name\n    type = \"license\"\n  }\n\n  watch_recipients = [\"test@email.com\", \"test1@email.com\"]\n}\n\nresource \"xray_watch\" \"build\" {\n  name        = \"build-watch-${random_id.randid.dec}\"\n  description = \"Watch a single build or a list of builds\"\n  active      = true\n\n  watch_resource {\n    type       = \"build\"\n    bin_mgr_id = \"default\"\n    name       = \"your-build-name\"\n  }\n\n  watch_resource {\n    type       = \"build\"\n    bin_mgr_id = \"default\"\n    name       = \"your-other-build-name\"\n  }\n\n  assigned_policy {\n    name = xray_security_policy.security1.name\n    type = \"security\"\n  }\n  assigned_policy {\n    name = xray_license_policy.license1.name\n    type = \"license\"\n  }\n\n  watch_recipients = [\"test@email.com\", \"test1@email.com\"]\n}\n\nresource \"xray_watch\" \"all-projects\" {\n  name        = \"all-projects-watch-${random_id.randid.dec}\"\n  description = \"Watch all the projects\"\n  active      = true\n\n  watch_resource {\n    type       \t= \"all-projects\"\n    bin_mgr_id  = \"default\"\n  }\n\n  assigned_policy {\n    name = xray_security_policy.security1.name\n    type = \"security\"\n  }\n\n  assigned_policy {\n    name = xray_license_policy.license1.name\n    type = \"license\"\n  }\n\n  watch_recipients = [\"test@email.com\", \"test1@email.com\"]\n}\n\nresource \"xray_watch\" \"project\" {\n  name        = \"project-watch-${random_id.randid.dec}\"\n  description = \"Watch selected projects\"\n  active      = true\n\n  watch_resource {\n    type       \t= \"project\"\n    name        = project.myproject.key\n  }\n  watch_resource {\n    type       \t= \"project\"\n    name        = project.myproject1.key\n  }\n\n  assigned_policy {\n    name = xray_security_policy.security1.name\n    type = \"security\"\n  }\n\n  assigned_policy {\n    name = xray_license_policy.license1.name\n    type = \"license\"\n  }\n\n  watch_recipients = [\"test@email.com\", \"test1@email.com\"]\n}\n```\n\u003c/details\u003e\n\n\n## License requirements:\nThis provider requires Xray to be added to your Artifactory installation.\nXray requires minimum Pro Team license (Public Marketplace version or SaaS) or Pro X license (Self-hosted).\nSee the details [here](https://jfrog.com/pricing/#sass)\nYou can determine which license you have by accessing the following Artifactory URL `${host}/artifactory/api/system/licenses/`\n\n## Limitations of functionality\nCurrently, Xray provider is not supporting JSON objects in the Watch filter value. We are working on adding this functionality.\n\n## Versioning\nIn general, this project follows [semver](https://semver.org/) as closely as we\ncan for tagging releases of the package. We've adopted the following versioning policy:\n\n* We increment the **major version** with any incompatible change to\n  functionality, including changes to the exported Go API surface\n  or behavior of the API.\n* We increment the **minor version** with any backwards-compatible changes to\n  functionality.\n* We increment the **patch version** with any backwards-compatible bug fixes.\n\n## Contributors\nSee the [contribution guide](CONTRIBUTIONS.md).\n\n## License\nCopyright (c) 2024 JFrog.\n\nApache 2.0 licensed, see [LICENSE](LICENSE) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fterraform-provider-xray","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjfrog%2Fterraform-provider-xray","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fterraform-provider-xray/lists"}