Skip to main content

Xray Access Token

Description

General

  • Documentation: https://jfrog.com/help/r/xray-rest-apis/component-identifiers
  • Summary: Xray is a universal software composition analysis tool that helps developers identify vulnerabilities and license compliance issues in their software packages. This detector aims at detecting access tokens used to interact with Xray's REST API. These tokens allow users to scan artifacts, manage policies, and view vulnerability reports.
  • IPs allowlist: This feature is not available, however, two-factor authentication can be enabled.
  • Scopes: Access tokens inherit the same permissions as the user they are associated with. Permissions can be managed at the user or group level through the Xray dashboard. Tokens can also be configured with a subset of the user's permissions for more granular access control.

Revoke the secret

Access tokens can be revoked directly from the user profile or programmatically via the Xray REST API.

Check for suspicious activity

All access logs are stored and can be reviewed through the administration module under Xray|System Logs.

Details for Xray access token

  • Family: token

  • Category: package_registry

  • Company: JFrog

  • High recall: True

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.02

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - \.jfrog\.io
- type: ContentWhitelistPreValidator
  patterns:
    - eyj2zxiioiiyiiwidhlwijoislduiiwiywxnijoiulmyntyilcjrawqioi

Examples

- text: |
    curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZ4ckAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.ZpGDcUAebnd1sn5zXL0BYd6-Rv-6fKhEdJvKnYzsC28J0wJW0MU5MACmNx_HKWw-Ffr7_06fYJuhphy1XdTjZR6vIfUiQBQRmpFwLScC70MFgD8V-wjh04PkrnHyu6NPjVIg4NCS9IUOltPO3Pd3pzjLxbMG5evyoJ8O5Ucwhug" \
    https://gitguardian.jfrog.io/router/api/v1/system/ping
  # audience: xray
  token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZ4ckAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.ZpGDcUAebnd1sn5zXL0BYd6-Rv-6fKhEdJvKnYzsC28J0wJW0MU5MACmNx_HKWw-Ffr7_06fYJuhphy1XdTjZR6vIfUiQBQRmpFwLScC70MFgD8V-wjh04PkrnHyu6NPjVIg4NCS9IUOltPO3Pd3pzjLxbMG5evyoJ8O5Ucwhug
  host: gitguardian.jfrog.io

- text: |
    curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmeHJAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.G142GFb9wZYn3JG4XKTM8PhmvDWpGph1zPl09AIrSGbGOoEJfDmvIWABys65sH4xBQtn6OH6ys0YWg_m1bcsBMGhgBxxYqNjd61UaENmKHjztzWCT-6UPXXqgNLoYE-avqtD6vkxqWQV6tokgTyupyRizhS2TEjfrHNTtIVWi8Q" \
    https://gitguardian.jfrog.io/router/api/v1/system/ping
  # audience: multiple including xray
  token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmeHJAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.G142GFb9wZYn3JG4XKTM8PhmvDWpGph1zPl09AIrSGbGOoEJfDmvIWABys65sH4xBQtn6OH6ys0YWg_m1bcsBMGhgBxxYqNjd61UaENmKHjztzWCT-6UPXXqgNLoYE-avqtD6vkxqWQV6tokgTyupyRizhS2TEjfrHNTtIVWi8Q
  host: gitguardian.jfrog.io

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 0
  • Total call count may vary: False

HTTP Calls

No HTTP calls for this analyzer.

Other Calls

No other calls for this analyzer.

Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status