Basic Settings for Local Repositories

JFrog Artifactory Documentation

JFrog Artifactory
Content Type
User Guide

The following basic settings are common for all package types.



Package Type

The package type must be specified when the repository is created, and once set, cannot be changed.

Repository Key

The repository key is a mandatory, unique identifier for the repository. It cannot begin with a number or contain spaces or special characters.


Defines the environment in which this repository will reside. Environments aggregate project resources (repositories, Pipeline sources, etc.) to simplify their management. For more information, see Environments.Environments

Repository Layout

Sets the layout that the repository should use for storing and identifying modules. A recommended layout that corresponds to the package type defined is suggested.

Public Description

A free text field that describes the content and purpose of the repository. This description can be viewed by all users with access to the repository.

Internal Description

A free text field to add additional notes about the repository. These notes are visible only to the administrator.

Include and Exclude Patterns

The Include Patterns and Exclude Patterns fields provide a way to filter out specific repositories when resolving the location of different artifacts.

In each field, you can specify a list of Ant-like patterns to filter in and filter out artifact queries. Filtering works by subtracting the excluded patterns (default is none) from the included patterns (default is all).


Consider that the Include Patterns and Exclude Patterns for a repository are as follows:

Include Patterns: org/apache/**,com/acme/**

Exclude Patterns:


In this example, the repository is searched for org/apache/maven/parent/1/1.pom and com/acme/project-x/core/1.0/nit-1.0.jar but not for com/acme/exp-project/core/1.1/san-1.1.jar because com/acme/exp-project/** is specified as an Exclude pattern.

Enable Indexing in Xray

Enables indexing on the repository for security and compliance analysis. Available with JFrog Xray.JFrog Xray

Repositories may have additional basic settings depending on the package type, as described in the section that follows.

Basic Settings for Maven, Gradle, Ivy, and SBT Repositories




Checksum Policy

The checksum effectively verifies the integrity of a deployed resource. The Checksum Policy determines how Artifactory behaves when a client checksum for a deployed resource is missing or conflicts with the locally calculated checksum.

There are two options:

  • Verify against client checksums (default) - If a client has not sent a valid checksum for a deployed artifact then Artifactory will return a 404 (not found) error to a client trying to access that checksum. If the client has sent a checksum, but it conflicts with the one calculated on the server then Artifactory will return a 409 (conflict) error until a valid checksum is deployed.

  • Trust server generated checksums - Artifactory will not verify checksums sent by clients and will trust the server's locally calculated checksums. An uploaded artifact is immediately available for use, but integrity might be compromised.

Maven Snapshot Version Behavior

Artifactory supports centralized control of how snapshots are deployed into a repository, regardless of end user-specific settings. This can be used to guarantee a standardized format for deployed snapshots within your organization. There are three options:

  • Unique: Uses a unique, time-based version number.

  • Nonunique: Uses the default self-overriding naming pattern: artifactID-version-SNAPSHOT.type

  • Deployer: Uses the format sent by the deployer as is.

    Deployer parameter option

    Metadata will not be generated when selecting the Deployer option. This option should not be used when setting up replication, since each Artifactory instance will need to generate its metadata locally.

Maven 3 Only Supports Unique Snapshots

Maven 3 has dropped support for resolving and deploying non-unique snapshots. Therefore, if you have a snapshot repository using non-unique snapshots, we recommend that you change your Maven snapshot policy to 'Unique' and remove any previously deployed snapshots from this repository.

The unique snapshot name generated by the Maven client on deployment cannot help in identifying the source control changes from which the snapshot was built and has no relation to the time sources were checked out. Therefore,we recommend that the artifact itself should embed the revision/tag (as part of its name or internally) for clear and visible revision tracking. Artifactory allows you to tag artifacts with the revision number as part of its Build Integration support.Build Integration

Suppress POM Consistency

When deploying an artifact to a repository, Artifactory verifies that the value set for groupId:artifactId:version in the POM is consistent with the deployed path.

If there is a conflict between these then Artifactory will reject the deployment. You can disable this behavior by setting this checkbox.