April 2022

JFrog Hosting Models Documentation

Content Type
User Guide





Full JFrog Support for Terraform Packages

JFrog provides a fully-fledged Terraform repository solution, which gives you full control of your deployment and resolution process of Terraform Modules, Providers, and Backend packages. This solution includes both the Terraform Registry and the Terraform Backend Registry in the JFrog Platform.

Token Enhancements

Scoped Admin Access Tokens: From Artifactory release 7.38.4, JFrog enables companies to create their own admin-scoped access tokens without using the JFrog Platform UI or via another token.

New Identity Token Format and API Key Replacement: Artifactory release 7.38.4, includes a new Identity Token format, also called a Reference Token, which can also be used to replace the API Keys that will be deprecated in a future version.The new Reference Token includes an option to create a "shortened," 128-character key, thereby providing an alias for the Identity Token.

Added PKCE Support for OAuth Integrations

Artifactory now supports enabling the PKCE extension over Oauth to gain an additional level of security and serves as an alternative to the basic Secret mechanism. By selecting the Enabled PCKE field in the OAuth Provider dialog in the UI, you will enable this feature and the Secret option will be automatically disabled. Please note that backward compatibility for the authorization Code Flow without PKCE is retained.

Enforce Internal Dynamic Search of Attributes in LDAP Groups

Introducing the new functionality for the LDAP group dynamic strategy, which enforces a dynamic internal search of attributes in a group by setting the<forceAttributeSearch>true</forceAttributeSearch> in the Config descriptor.

Maven Non-Preemptive Authentication for Local, Remote, and Virtual Repositories

An enhanced Maven authentication mechanism has been implemented in Artifactory to eliminate the need to perform authentication prior to checking if a package is located in local, remote and virtual repositories. With the new authentication mechanism, when reaching Maven-local-three (which requires authentication), instead of first performing for authentication and next authorization, Artifactory will check if the requested item is located in the repository. If the requested package does exist, it will proceed to perform authentication and authorization. If not, a 404 error message will be triggered.

Anonymous Users can be Routed to Login Page by Default

To provide anonymous users in the JFrog Platform with an improved navigation experience, you can set all anonymous users to be routed to the Login page by enabling the new 'Set the Login page as the start page' on the Anon User page.

GAVC Search REST API Supported on Virtual and Remote Repositories

Maven users can now search by Maven Coordinates (GAVC: GroupID, ArtifactID, Version, Classifier), on remote and virtual repositories, in addition to the existing support for local repositories. For more information, see the new parameters added to the GAVC Search REST API.

Added Support for Custom Ports to be Exposed on the NGINX Pod

As part of the alignment of the JFrog Platform with the conventional Kubernetes YAML syntax for container ports, we have added support for comments in the values.yaml file. It is self-explanatory as it is traditional Kubernetes YAML syntax and allows you to pass additional ports other than HTTP and HTTPS port to Nginx deployment and service in the values.yaml file.

New Webhook to Support Pull Replication from Remote Repositories

The newly added 'Cache' webhook event is triggered for Pull Replication events occurring opposite remote repositories. Note that for push replication, you should use this 'Deployed' event.

Extended the Priority Resolution feature to Support RPM Packages

You can now declare local and remote repositories as ‘safe’ by enabling the ‘Priority Resolution’ field for local and remote repositories for RPM packages.

Security & Compliance

Support for Components Operational Risk

Xray can now provide information about the operational risk of using open-source software components.. These include the risk of using outdated versions or inactive open source software components in your projects. In the current version of this release, we provide operational risk information for Maven and npm packages.