JFrog Release Lifecycle Management Solution

JFrog Artifactory Documentation

JFrog Artifactory
Content Type
User Guide

An essential part of delivering quality software is creating releases that are validated as they advance through the software development lifecycle (SDLC) toward their eventual consumption by end users. If not managed properly, the lifecycle of releases can become a complex process involving multiple tools and inconsistent processes used by different development teams, leading to an inefficient software supply chain.

JFrog’s Release Lifecycle Management solution centers around controlling the flow of a new version of Release Bundles (v2), which are created with the platform UI or with REST APIs from several methods, such as build outputs. The set of artifacts that define a release candidate is wrapped in the Release Bundle, which is signed with its content. The Release Bundle can then be promoted towards production via different stages known as environments (for example, DEV, INT, STG, PROD) and can also be distributed to Distribution Edge nodes.

Users with Artifactory 7.68.9 and above and JFrog Xray 3.82.6 and above can scan the contents of Release Bundles v2 and potentially block these Release Bundles from being promoted if Policy violations are identified. Users with JFrog Distribution 2.20.1 and above can also use Xray to block vulnerable Release Bundles from being distributed.

Each action performed on a Release Bundle is tracked within the JFrog Platform, including creation, promotion, and distribution. 



For more details about JFrog's Release Lifecycle Management capabilities and the role they play in ensuring the integrity of your Software Supply Chain, read this blog. You can also submit feedback here.


The JFrog CLI includes commands to facilitate the Release Lifecycle Management process. For more information, see CLI for JFrog Release Lifecycle Management.

Required Subscription Levels

The following subscription levels are required for Release Lifecycle Management operations:

  • Create and promote Release Bundles v2: Pro or above

  • Scan Release Bundles with Xray: Pro X or aboveXray Dependencies Scan

  • Create Xray policies that can control Release Bundle promotion: Enterprise X or abovePolicy Violation Automatic Actions

  • Distribute Release Bundles v2 (including distribution in an Air Gap environment): Enterprise+

  • Create Xray policies that can control Release Bundle distribution: Enterprise+Policy Violation Automatic Actions