JFrog Artifactory
JFrog Artifactory is an application security tool that manages and tracks your artifacts throughout the development lifecycle. You can bring project, repository, and user data from JFrog Artifactory into Brinqa to gain insights into the security and compliance of your software components to construct a detailed view of your application environment.
This document details the information you must provide for the connector to authenticate with JFrog Artifactory and how to obtain that information from JFrog. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select JFrog Artifactory from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate JFrog Artifactory with Brinqa:
-
API URL: The JFrog API server URL.
-
Access token: The JFrog access token associated with the JFrog account, which must have permissions to log in to the API server and return data.
Generate a JFrog access token
For the JFrog Artifactory connector to use the JFrog API, you must provide an access token. JFrog does not allow retrieving the access token for an existing user. To generate a new token, follow these steps:
-
Log in to your organization's JFrog portal as an administrator.
-
Navigate to User Management > Access Tokens.
-
Click Generate Token, select Scoped Token, and then complete the following fields:
-
Description: Provide a description for the token.
-
Token scope: Click the dropdown and select the appropriate scope for your integration. You have three options:
-
Admin: Grants full administrative access. Use this option if retrieving your data requires complete control over all aspects of Artifactory. Proceed with caution, as this option provides extensive permissions.
-
User: Grants access based on a specific user's permissions. Use this option if retrieving your data requires performing actions that a typical user would require.
-
Group: Grants access based on a group of users' permissions. Use this option if retrieving your data needs permissions common to a specific group.
noteWhile all three options can be used to authenticate API requests, Brinqa recommends that you use the User or Group scope, as these can provide more controlled access. Consult the JFrog documentation to better understand which scope may better suit your needs.
-
-
User name: Provide a user name for the token.
-
Service: Click the dropdown and select Artifactory.
-
Expiration time: If desired, click the dropdown and set an expiry for the token. Options include: Never, 1 day, 3 days, 1 week, 1 month, or a custom time.
-
Create reference token: Not checked by default. Leave as is.
-
-
Click Generate.
Your access token displays. You cannot view the token after this. Copy and save it to a secure location.
If you do not have permissions to create an access token, contact your JFrog administrator. For additional information, see JFrog documentation.
Types of data to retrieve
The JFrog Artifactory connector can retrieve the following types of data from the JFrog Artifactory API:
Table 1: Data retrieved from JFrog Artifactory
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Project | Yes | Code Project |
| Repository | Yes | Code Repository |
| User | No | Not mapped |
| File | No | Not mapped |
For detailed steps on how to view the data retrieved from JFrog Artifactory in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Project
Table 2: Project attribute mappings
| Source Field | Attribute Name |
|---|---|
| projectKey | UID |
| displayName | NAME |
| description | DESCRIPTION |
| storageQuotaBytes | STORAGE_QUOTA_BYTES |
| softLimit | SOFT_LIMIT |
| storageQuotaEmailNotification | STORAGE_QUOTA_EMAIL_NOTIFICATION |
| (generated) | CATEGORIES |
| (generated) | STATUS |
| sync time | LAST_CAPTURED |
Repository
Table 3: Repository attribute mappings
| Source Field | Attribute Name |
|---|---|
| key | UID |
| key | NAME |
| description | DESCRIPTION |
| url | URL |
| type | REPOSITORY_TYPE |
| packageType | PACKAGE_TYPE |
| (generated) | CATEGORIES |
| (generated) | STATUS |
| sync time | LAST_CAPTURED |
User
Table 4: User attribute mappings
| Source Field | Attribute Name |
|---|---|
| name | UID |
| name | NAME |
| uri | URL |
| realm | REALM |
| (generated) | STATUS |
| sync time | LAST_CAPTURED |
File
Table 5: File attribute mappings
| Source Field | Attribute Name |
|---|---|
| path/name | UID |
| path/name | NAME |
| repo | REPOSITORY |
| created | SOURCE_CREATED_DATE |
| modified | SOURCE_LAST_MODIFIED |
| (constructed) | URL |
| createdBy | CREATED_BY |
| modifiedBy | MODIFIED_BY |
| updated | LAST_UPDATED |
| (constructed) | DOWNLOAD_URI |
| size | SIZE |
| actualSha1 | CHECKSUMS_SHA1 |
| sha256 | CHECKSUMS_SHA256 |
| actualMd5 | CHECKSUMS_MD5 |
| originalSha1 | ORIGINAL_CHECKSUMS_SHA1 |
| originalMd5 | ORIGINAL_CHECKSUMS_MD5 |
| depth | DEPTH |
| virtualRepos | VIRTUAL_REPOS |
| sync time | LAST_CAPTURED |
Operation options
The JFrog Artifactory connector supports the following operation options. See connector operation options for information about how to apply them.
Table 6: JFrog Artifactory connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Repository | excludeRepo | Any repository name(s) | A comma-separated list of repository names. You can use to option to exclude repositories from being retrieved. | Key: excludeRepo Value: repo1,repo2,repo3. This key and value combination excludes the specified repositories from being retrieved by the connector. |
APIs
The JFrog Artifactory connector uses the Artifactory REST API. Specifically, it uses the following endpoints:
Table 7: JFrog Artifactory REST API Endpoints
| Connector Object | API Endpoints |
|---|---|
| Project | GET /access/api/v1/projects |
| Repository | GET /artifactory/api/repositories |
| User | GET /artifactory/api/security/users |
| File | POST /artifactory/api/search/aql |
Changelog
The JFrog Artifactory connector has undergone the following changes:
This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.
Table 8: JFrog Artifactory connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.10 | No change. | June 11th, 2026 |
| 3.0.9 | Re-enabled the File object. The connector now retrieves files stored in Artifactory repositories, in addition to Projects, Repositories, and Users. | May 8th, 2026 |
| 3.0.8 | Modernized the connector to align with the latest Brinqa connector framework and documentation standards. As part of this update, added the CATEGORIES, STATUS, and LAST_CAPTURED attributes to the Project, Repository, and User objects. | April 9th, 2026 |
| 3.0.7 | No change. | April 7th, 2026 |
| 3.0.6 | No change. | February 13th, 2026 |
| 3.0.5 | - Added a new operation option on the Repository object to exclude specific repositories: excludeRepo | June 11th, 2025 |
| 3.0.4 | No change. | April 22nd, 2025 |
| 3.0.3 | Removed the File object, as it was deemed unnecessary for the connector's functionality. | February 28th, 2025 |
| 3.0.2 | No change. | February 19th, 2025 |
| 3.0.1 | No change. | January 23rd, 2025 |
| 3.0.0 | Initial Integration+ release. | August 31st, 2023 |