Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



32 Commits


release license

  • Query Artifactory for image vulnerability on workspace startup.
  • Inform users when they are using a vulnerable image.



Apply the Helm chart to start monitoring workspaces:

helm repo add coder-xray
    --namespace coder \
helm install coder-xray coder-xray/coder-xray \
	--set coder.url="https://<your-coder-url>" \
	--set coder.secretName="<your coder token secret>" \
	--set artifactory.url="https://<your-artifactory-url>" \
	--set artifactory.secretName="<your artifactory secret>"

For a detailed step by step guide, see the scanning coder workspaces with xray guide.

Note For additional customization (such as customizing the image, details on creating a secret, etc.), you can use the values.yaml file directly.


In order to use this service the following is required:

  • A Coder API token with at least Template Admin privileges
  • An Artifactory token


Kubernetes provides an informers API that streams pod and event data from the API server.

coder-xray listens for pod creation events with containers that have the CODER_AGENT_TOKEN environment variable set. All matching pods/containers are then queried against the provided Artifactory instance and any XRay results are then pushed to the provided Coder deployment.