JFrog is used by millions of developers and DevSecOps teams to manage and control their software development lifecycle. With solutions like JFrog Artifactory, the industry-standard artifact repository manager, and JFrog Xray, you can maintain high levels of security and reliability while improving compliance of your entire software supply chain from code to production.
But what if you could optimize your software delivery processes, improve software quality, reduce risk, and gain a competitive advantage by visualizing and analyzing the performance of your software supply chain in real-time? What about getting full observability into all your JFrog applications, artifacts, and dependencies—including metrics related to build times, artifact downloads, and deployment success rate along with it?
That’s why we’ve partnered with JFrog to launch a new quickstart integration, providing DevOps, DevSecOps, and engineers full visibility into the performance and security of your software releases from your JFrog environments to quickly identify potential bottlenecks and areas for improvement. The integration is available in New Relic Instant Observability, the largest open ecosystem of integrations, tools, and pre-built resources designed to help engineers embrace observability as a daily practice.
All full New Relic users and all tiers of self-hosted JFrog customers can access it for free. Benefits of this integration include:
- Faster and more secure software delivery. Monitor all your JFrog applications, artifacts, and dependencies in real time with pre-built dashboards to correlate performance alongside the rest of your telemetry data in a unified view.
- Better compliance and security. Identify vulnerabilities and malicious users with JFrog Xray scanning tools, then prioritize security issues with New Relic vulnerability management to deliver more secure software with less toil.
- Improved software supply chain performance. Gain insights into the various stages of the software delivery pipeline, such as build, test, and, deployment, to proactively manage performance degradation, remediate issues, and boost release velocity and quality.
Get real-time insights of your software supply chain in minutes
In this blog post, you’ll learn how to connect and visualize data from JFrog and get full observability into all your applications, artifacts, and dependencies. By the end of this post, you’ll be able to:
- Set up the integration to send JFrog log data and key metrics to New Relic
- Understand service performance and utilization with the Artifactory dashboard
- Mitigate vulnerabilities with Xray dashboard in New Relic
To get started, you'll need to connect logs and metrics data from JFrog to New Relic. To send logs, this integration uses Fluentd, a lightweight open source data collector that unifies log collection and consumption. It also uses OpenMetrics to transmit key metrics. For full installation instructions of the New Relic Fluentd plugin to forward logs, see the readme.
Install the quickstart for instant JFrog observability
Once you have Fluentd running, the best way to start monitoring your JFrog environments is with one of the pre-built dashboards. Once you have JFrog data flowing into New Relic, you can add our quickstart dashboards to get an overview of your environments in less than a minute:
- Go to the JFrog quickstart in New Relic Instant Observability, and select Install now.
- Select an account and select Begin installation.
- If you've already completed the earlier integration steps in this tutorial, select Done to move on to the next step.
- The quickstart deploys the resources to your account. Select See your data, and then select the dashboard you’d like to see.
Improve decision-making with actionable insights with the JFrog Artifactory dashboard
The JFrog Artifactory dashboard provides real-time visibility into the performance, health, and usage of your environments. You’ll get answers to questions like:
- "What is my most requested artifact?”
- “What services are running slow?”
- “Who are my heaviest users?”
With these answers, you can accurately provision resources, fix errors, and update permissions.
For example, you might notice a spike in errors. You can investigate whether it could be coming from a known user that is misconfigured and needs additional permissions. Or, perhaps you’ll discover from the performance metrics that an instance is overloaded.
The dashboard includes seven pages to provide full observability into your JFrog Artifactory instances such as:
Start here to get a snapshot of your artifactory services. Each widget is labeled with the relevant dashboard page where you can learn more.
- Get key metrics such as disk and memory usage, error rates, and heap memory.
- See a breakdown of top HTTP response failures and data transfer by repo.
- You can even dive into individual log details with log management in the connected UI.
System Metrics page
Track the performance of your artifactory service.
- See usage for disk space, CPU, memory, heap memory, and processors over time.
Track log volume and artifactory errors over time.
- Get error rates, log volume, and HTTP connections.
Track audit logs to determine who is accessing your artifactory instance and from where.
- Get a breakdown of denied actions and logins by username and IP.
- See which users have the most accepted deployments.
- Use the dashboard variables to quickly filter by user and IP address.
Track your Docker Hub status over time.
- Get a breakdown of uploads and downloads by repo.
- See which images and repos are being accessed.
- Use variables to filter your charts by repo.
Track key database metrics such as active connections, idle connections, and DB connection utilization.
Track HTTP response codes as well as upload/download activity by IP address.
Uncover and mitigate vulnerabilities with the JFrog XRay dashboard
For DevSecOps, it’s important to understand your security posture and to know where a vulnerable build has been deployed into production. New Relic Vulnerability Management already helps you reduce the vulnerability surface area of your software systems, and now, with the JFrog XRay dashboard, you can also:
- Discover and track violation trends to monitor for unwanted increases in security threats in your software supply chain.
- Drive continuous security by tracking the most downloaded artifacts and surfacing the artifacts which harbor the most common vulnerabilities and exposures (CVEs).
- Discover bad users and user misuse by monitoring who is accessing your artifacts and from what IPs.
The dashboard is divided into three pages:
Violations page: See an aggregated summary of all the license violations and security vulnerabilities found by Xray.
- Breakdown of violations by watch, severity, policy, and rules.
- See top impacted artifacts, infected components, and CVEs.
- See the most downloaded vulnerable artifacts.
- Get violation details down to the signature.
Logs page: View summaries of access, service, and traffic log volumes associated with Xray. Track various HTTP response codes, HTTP 500 errors, and log errors for greater operational insight.
Metrics page: See system performance, storage consumption, connection statistics, and the count and type of artifacts and components that are scanned by JFrog Xray.
View even more JFrog metrics and logs
While the quickstart gives you just about everything you need to begin monitoring JFrog in New Relic, you can also manually query, display, and create alerts to dive into individual metrics and get full control over your JFrog monitoring strategy.
This should get you started with JFrog Software Supply Chain Platform and New Relic to get the insights you need to boost release velocity, security, and quality. Keep an eye out for more integrations between JFrog and New Relic coming soon!
Get more secure and seamless software releases at no additional cost. The JFrog integration with New Relic lets you proactively manage software performance, reduce risks, and remediate issues to ensure optimal uptime. All full New Relic users and all tiers of self-hosted JFrog customers can access it for free.
The views expressed on this blog are those of the author and do not necessarily reflect the views of New Relic. Any solutions offered by the author are environment-specific and not part of the commercial solutions or support offered by New Relic. Please join us exclusively at the Explorers Hub (discuss.newrelic.com) for questions and support related to this blog post. This blog may contain links to content on third-party sites. By providing such links, New Relic does not adopt, guarantee, approve or endorse the information, views or products available on such sites.