On this page: https://www.jfrog.com/confluence/display/XRAY/Integrations, the XRay documentation discusses how to integrate XRay with other third-party vulnerability providers. At the bottom of the page it also talks about how to integrate with a custom provider. But, I can't find any documentation about how to write a service that allows XRay to pull vulnerability data from my service. What interface does it expect from a custom vulnerability provider? Can anyone point me to the appropriate documentation?
The documentation is on the page you referred to, under the Adding a Custom Integration header.
In order to create a custom integration, the REST service you build needs to have two endpoints:
1) /api/checkauth (a GET operation to validate a specific API key is valid or not)
2) <your api path> (a GET operation to retrieve the actual contents)
For both operations the page lists sample requests and responses.