Skip to main content

Set up the JFrog Artifactory connector

JFrog Artifactory is a universal artifact repository that securely stores, manages, and distributes software packages, binaries, and containers.

By integrating JFrog Artifactory, Veracode Risk Manager (VRM) leverages its insights to recommend the best next actions for security teams, ensuring seamless alignment with their broader tool stack and promoting a unified, strategic approach to security management.

Complete the following tasks to set up your VRM connector for JFrog Artifactory.

JFrog requirements

To configure the VRM connector, you must have the JFrog Platform Admin role or the Project Admin role for the project that you want to integrate with VRM.

Create a group

Create a group in JFrog Artifactory to manage who will have permissions to read data from the repositories that you want to integrate with VRM.

Though you can assign the token to a user, Veracode recommends using a group to avoid failures if a user is not part of the system any longer.

  1. In the JFrog Platform, select the Administration tab.

  2. From the left navigation menu, select User Management > Groups.

  3. Select New Group.

  4. Enter a name and, optionally, a description for the group.

    JFrog create group

    NOTE: You do not need to add users to the group in order to integrate with VRM.

  5. Select Save.

Create a permission

Create a permission in JFrog Artifactory that grants read access to the repositories that you want to integrate with VRM.

  1. In the JFrog Platform, from the left navigation menu, select User Management > Permissions.

  2. Select New Permission.

  3. Enter a name for the permission.

  4. Under Resources, select Add Repositories.

  5. Select the repositories that you want to include in the permission and move them to the Selected Repositories list.

    JFrog selected repos

  6. Select Ok.

  7. Select the Groups tab.

  8. Select the group that you created in Create a Group and move it to the Selected Group list.

  9. Select Ok.

  10. Under Selected Group Repositories, select Read.

    JFrog group permissions

  11. Select Create.

Create a token

Create a token that you must use to grant VRM access to your JFrog Artifactory repositories.

  1. In the JFrog Platform, from the left navigation menu, select User Management > Access Tokens.

  2. Select Generate Token.

  3. For Token Scope, select Group.

    JFrog create token

  4. For Groups, select the group that you created in Create a Group.

  5. For Service, select All.

  6. Select an expiration time. When the token expires, you will need to update the token in the VRM platform.

  7. Select Generate.

  8. Copy the token to a secure location.

Create a VRM connector

  1. In VRM, from the left navigation menu, select the Settings icon settings_icon.png.
  2. Select Add Connector.
  3. Select the JFrog Artifactory tile.
  4. Enter a name for the connector.
  5. For Access Token, paste the token that you generated in JFrog Artifactory.
  6. For URL, enter the base URL for your organization's JFrog Platform account. For example: MyOrganization.jfrog.io
  7. Select Add Connector.

Validate your data

After successfully connecting the JFrog Artifactory Connector within VRM, it will take some time for VRM to fetch the asset data.

After the connector has completed the fetch, validate that VRM correctly ingested the data.

  1. In VRM, select Assets Assets icon from the left navigation menu.
  2. Select the Asset Type filter and select JFrog Artifactory Image.

The Assets table lists the JFrog Artifactory assets.

Last updated on