Overview
The JFrog Platform brings the universal nature of Artifactory to full force with advanced package management for all major packaging formats in use today. As the only repository with a unique architecture that includes a filestore layer and a separate database layer, Artifactory is the only repository manager that can natively support current package formats as well as any new format that may arise from time to time.
With a paradigm of single-type repositories, all repositories are assigned a type upon creation allowing efficient indexing to allow any client or dependency manager to work directly with Artifactory transparently as its natural repository.
The Packages view in the Application module provides easy access to information about all the packages in your repositories and supports:
Supported Package Types
The JFrog Platform supports the following package formats with new formats added regularly as the need arises.
Package Type | Description |
---|---|
Alpine Linux | Use Artifactory to gain full control of your deployment and resolution process of Alpine Linux ( |
Bower | Boost your front-end development by hosting your own Bower components and proxying the Bower registry in Artifactory. |
Cargo | Enhance your capabilities for configuration management with Cargo using all the benefits of a repository manager. |
Chef | Enhance your capabilities for configuration management with Chef using all the benefits of a repository manager. |
CocoaPods | Speed up development with Xcode and CocoaPods with fully-fledged CocoaPods repositories. |
Conan | Artifactory is the only secure, private repository for C/C++ packages with fine-grained access control. |
Conda | Artifactory natively supports Conda repositories for Python, R, Ruby, Lua, Scala, Java, JavaScript, C/ C++, FORTRAN. |
CRAN | Deploy and resolve CRAN packages for the R language using dedicated CRAN repositories. |
Debian | Host and provision Debian packages complete with GPG signatures. |
Docker | Host your own secure private Docker registries and proxy external Docker registries such as Docker Hub. |
Git LFS | Optimize your workflow when working with large media files and other binary resources. |
Go Registry | Build Go projects while resolving dependencies through Artifactory, and then publish the resulting Go packages into a secure, private Go registry |
Gradle | Resolve dependencies from and deploy build output to Gradle repositories when running Gradle builds. |
Helm | Manage your Helm Charts in Artifactory and gain control over deployments to your Kubernetes cluster. |
Maven | Artifactory is both a source for Maven artifacts needed for a build, and a target to deploy artifacts generated in the build process. |
npm | Host your own node.js packages, and proxy remote npm repositories like npmjs.org through Artifactory. |
NuGet | Host and proxy NuGet packages in Artifactory, and pull libraries from Artifactory into your various Visual Studio .NET applications. |
Opkg | Optimize your work with OpenWrt using Opkg repositories. Proxy the official OpenWrt repository and cache remote .ipk files. |
P2 | Proxy and host all your Eclipse plugins via an Artifactory P2 repository, allowing users to have a single access point for all Eclipse updates. |
PHP Composer | Provision Composer packages from Artifactory to the Composer command line tool, and access Packagist and other remote Composer metadata repositories. |
Pub Repositories | Artifactory natively supports Dart packages, giving you full control of your deployment and resolution process of Flutter, Angular Dart, and general Dart programs. |
Puppet | Configuration management meets repository management with Puppet repositories in Artifactory. |
PyPI | Host and proxy PyPI distributions with full support for pip. |
RPM | Distribute RPMs directly from your Artifactory server, acting as a fully-featured YUM repository. |
RubyGems | Use Artifactory to host your own gems and proxy remote gem repositories like rubygems.org. |
SBT | Resolve dependencies from and deploy build output to SBT repositories when running SBT builds. |
Swift | Artifactory natively supports a dedicated Swift registry, giving you full control of the deployment and resolution process of your Swift packages and the dependencies. |
Terraform | A fully-fledged Terraform repository solution giving you full control of your deployment and resolve process of Terraform Modules, Providers, and Backend packages. |
Vagrant | Securely host your Vagrant boxes in local repositories. |
VCS | Consume source files packaged as binaries. |
Inspecting Packages
The Packages page provides easy access to information about all the packages in your repositories.
You have quick access to the most important summary information about the latest package versions and you can easily drill down for more details about previous versions. Filters and sorting features are available for your convenience, as well as cross-reference links to the Builds and Artifacts pages.
For some package types, you can download packages and copy installation commands when drilling down into a package.
To view information about packages, from the Application module, go to Artifactory| Packages.
Filtering the Package List
Initially, by default, each panel contains information about the last version of the package. In the initial view, the list includes all the available package types, sorted by lexical order according to the package name by default, in descending order. The user can sort and filter the list. The user's new sort and filter setting become the new default.
To change the sort criteria, click the drop-down arrow and select one of the following sort options:
Name: Name of package
Downloads: Number of times package was downloaded
To toggle the sort order, click the arrow to the right of the sort option list.
Viewing Package Information
In the Packages list, the package summary information is displayed, with the package name and logo in the left top corner, and the creation date of the latest version and its version number. The following information is displayed in the upper right of the panel.
Field | Description |
---|---|
License | Name of the license covering the package |
Versions | Number of versions of the package |
Xray | Indicates the status of the Xray scan. For more information, see Xray Security and Compliance. Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license. |
Downloads | Total number of times the package (in its various versions) has been downloaded |
Tags | Metadata tags (available only for npm and NuGet) |
Click on a Package to view the Package versions.
In the Versions section, use the View By toggle to select one of the following views:
List: Displays information about the package versions.
Graph: Displays security and license violations informations from JFrog Xray with the number of downloads per version.
For more information, see Xray Security and Compliance.
Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license.
The List option displays the following information about the package versions:
Field | Description |
---|---|
Version | Package version numbers |
Repositories | Name of repositories that contain the package version |
Digest | The package's SHA 256 digest (available only for Docker) |
Last Modified | Date when the package version was last modified |
Downloads | Number of times package version was downloaded |
Xray Status | The following Xray status indicators are displayed:
For more information, see Xray Security and Compliance. Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license. |
NPM Packages Only
For npm package types, the appears to the right of the package name. For details, see Adding Packages to Projects.
Viewing Xray Data on Packages
Note
Required JFrog Subscriptions
FREE PRO TEAM ENTERPRISE ENTER.+
PRO PRO X ENTERPRISE ENTER.+
Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license.
In the Package list view, you can quickly and periodically review the status of your security and compliance for all your scanned packages on your indexed resources to gain information about the Xray scan status and assigned licences on the latest version of the package.
From the list view, you can toggle to the Graph tab to view a graph displaying a breakdown according of security or license violations according to severity.
Viewing Package Version Information
Click on the version number to view details about a particular package version, in the detailed table.
The information in the summary section, in the top panel, now displays summary information about the selected package version.
To download the package version to your computer, click Download, located on the right, below the summary information. For more information, see Downloading Package Versions.
The detailed table now appears with the following tabs and information:
Readme
Applies to npm packages. Contains readme documentation.
Builds
In the Build section, use the View toggle to select one of the following views:
Produced By: Displays information about the builds that produced the package versions.
Used By: Displays information about the builds that used the package versions as dependencies.
The information includes the name, number, and creation date of each build. Click on the build name to open the Build page with the full information about the build.
Xray Data
Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license.
For more information, see Viewing Xray data on Package Versions.
Docker Layers
Applies to Docker packages. Lists the layer related information.
Distribution
Requires an Enterprise+ license.
Displays the Release Bundles containing the package version, the Release Bundle Distribution status and when they were last updated. Click the Release Bundle Name to view the Bundle in the Distribution page.
Repositories
Displays where the package versions exist in Artifactory. The locations are indicated by the repository names and the full paths to the packages in Artifactory. Enter version numbers or repository names to filter the list.
Click on the path to open the Artifact Repository Browser, showing the location of the package in the Tree view.
Viewing Xray Data on Package Versions
Selecting a package version displays detailed Xray data information.
In the top pane, you can view the Xray severity and license assigned to the version.
Under the Xray Data tab, you can view these dedicated Xray related tabs with the option to run a set of actions on the version. For detailed information on each tab, see Analyzing Resource Scan Results.
Under the Xray Data tab, you can view these dedicated Xray related tabs with the option to run a set of actions on the version. For detailed information on each tab, see Analyzing Resource Scan Results.
Downloading Package Versions
To download a package to your computer from the version-level information page, select the version and click Download, located on the right below the summary information.
Adding Packages to Projects
Note
Only available for npm packages.
It is usually more convenient to use the copy command button than using the Download button.
To add the latest version of package to a project, click . The command displayed in the text box is copied to the clipboard. Paste the command into the command line on your terminal. Execute the command line to automatically add the latest version of the package to the package.json file.
When the version-level information is displayed, select a specific version and click to copy the command for the selected version to the clipboard. Continue as described above to add the version of the package to the package.json file.