Install JFrog Advanced Security on your Self-Hosted Environment with Helm

You can install JAS in your existing JFrog Platform installation, install a new JFrog Platform installation with JAS, or install JAS along with a new...

✅
Tip
You are in Step 2, of the JFrog Advanced Security installation. For previous and next steps, refer to Installing JFrog Advanced Security.

You can install JAS in your existing JFrog Platform installation, install a new JFrog Platform installation with JAS, or install JAS along with a new installation of Artifactory and Xray.

You can install JAS with an existing Helm installation of the JFrog Platform.

Contact JFrog Support to purchase or obtain a trial license of JFrog Advanced Security.
Add charts.jfrog.io to your Helm client.
```
helm repo add jfrog https://charts.jfrog.io
```
Run the following command to update the Helm repository.
```
helm repo update
```
You can install JAS in a new JFrog Platform installation with JAS, install JAS in your existing JFrog Platform installation, or install JAS with the installation of Artifactory and Xray.

New JFrog Platform Installation
1. Run the following command to install JAS in a new JFrog platform installation.
```
helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform --set xray.serviceAccount.create=true --set xray.rbac.create=true --set jas.healthcheck.enabled=true
```
  You can also install with a values YAML update
  1. Add the following values in the custom-values.yaml file
    serviceAccount: create: true rbac: create: true
  2. Run the following command.
    helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform -f custom-values.yaml --create-namespace
Existing JFrog Platform Installation
1. Run the following command to install JAS in the current JFrog platform installation.
```
helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform --set xray.serviceAccount.create=true --set xray.rbac.create=true --set jas.healthcheck.enabled=true
```
  You can also install with a values YAML update
  1. Add the following values in the custom-values.yaml file.
    serviceAccount: create: true rbac: create: true
  2. Run the following command.
    helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform -f custom-values.yaml
Existing Artifactory and Xray Helm Installation
1. Upgrade Artifactory to version 7.90.x or later. For more information, see Upgrading Artifactory Helm Upgrade.
2. Upgrade Xray to version 3.104.x or later. For more information, see Xray Helm Upgrade.
3. Run the following command to install JAS.
```
helm upgrade xray jfrog/xray --set serviceAccount.create=true --set rbac.create=true --set jas.healthcheck.enabled=true
```
  You can also install with a values YAML update
  1. Add the following values in the custom-values.yaml file.
    serviceAccount: create: true rbac: create: true
  2. Run the following command.
    helm upgrade --install xray jfrog/xray -f custom-values.yaml
Synchronize the database. For more information, see Synchronizing the Database.
Configure a base URL. For more information, see General Settings.

Configure JAS for Self-Signed Helm Installation

📘
Note
Required Xray 3.124.13 or later and when using base URL mode:
Create a secret that contains the ca certificate in PEM base64 format. Update the system.yaml file with the information.
executionService: 
  platformCertificateSecretName: "<secret-name>"
  platformCertificateSecretKey: "<secret-key>"
Version Tagging for JAS Images

The :latest tag is not supported for JFrog Advanced Security (JAS) Docker images (for example, xray-jas-exposures and xray-jas-contextual-analysis).

You must specify an explicit version tag that matches your Xray version (for example, <XRAY_VERSION>).

Ensure that JFConnect is running in the air-gapped mode.

For more information, see Configure JFrog Platform in an Air-gapped Environment.
Install JAS with Helm with the following updates to the Helm values and system YAML files.
- Add Contextual Analysis and Exposures images to the internal registry for the local Artifactory.
  
  Download the images from releases-docker.jfrog.io (with a tag of the same Xray version).
  
  If already you set the global.imageRegistry (for pulling Xray images) in your values file it should work.
```
global:
  imageRegistry: ...
```
  If you want to change only the location of jas images you can set this in the system.yaml file.
```
executionService:
  pullSecret: "<pull-secret-name>"
contextualAnalysis:
  registry: "releases-docker.jfrog.io"
  image: "jfrog/xray-jas-contextual-analysis"
exposures:
  container:
    registry: "releases-docker.jfrog.io"
    image: "jfrog/xray-jas-exposures"
```
  The tag of the images should be the same as the Xray version.
- Add Contextual Analysis and Exposures images to the internal registry directly to the Kubernetes nodes.
  
  Download images on a machine that has an Internet connection.
```
docker pull --platform=linux/amd64 releases-docker.jfrog.io/jfrog/xray-jas-exposures:<XRAY_VERSION>
docker pull --platform=linux/amd64 releases-docker.jfrog.io/jfrog/xray-jas-contextual-analysis:<XRAY_VERSION>
```
  Save the images as tar files.
```
docker save releases-docker.jfrog.io/jfrog/xray-jas-exposures:<XRAY_VERSION> > jas_exposure.tar
docker save releases-docker.jfrog.io/jfrog/xray-jas-contextual-analysis:<XRAY_VERSION> > jas_contextual_analysis.tar
```
  Copy the tar files to all k8s nodes and load with the following commands.
```
ctr -n=k8s.io images import jas_exposure.tar
ctr -n=k8s.io images import jas_contextual_analysis.tar
```

Updated 2 days ago

New JFrog Platform Installation

Existing JFrog Platform Installation

Existing Artifactory and Xray Helm Installation

Configure JAS for Self-Signed Helm Installation