• Query Artifactory for image vulnerability on workspace startup.
• Inform users when they are using a vulnerable image.

Apply the Helm chart to start monitoring workspaces:

helm repo add coder-xray https://helm.coder.com/coder-xray
    --namespace coder \
helm install coder-xray coder-xray/coder-xray \
	--set coder.url="https://<your-coder-url>/" \
	--set coder.secretName="<your coder token secret>" \
	--set artifactory.url="https://<your-artifactory-url>/" \
	--set artifactory.secretName="<your artifactory secret>"

For a detailed step by step guide, see the scanning coder workspaces with xray guide.

Note For additional customization (such as customizing the image, details on creating a secret, etc.), you can use the values.yaml file directly.

In order to use this service the following is required:

• A Coder API token with at least Template Admin privileges
• An Artifactory token

Kubernetes provides an informers API that streams pod and event data from the API server.

coder-xray listens for pod creation events with containers that have the CODER_AGENT_TOKEN environment variable set. All matching pods/containers are then queried against the provided Artifactory instance and any XRay results are then pushed to the provided Coder deployment.