July 2021

JFrog Hosting Models Documentation

Content Type
User Guide





Additional Security Manager Role and Additional Scanning Capabilities in Project Functionality

The new security manager role enables a user to perform a wide range security-related project actions, as well as additional functionalities for Xray in Projects, such as generating Global Xray Reports for a Project scope and applying global watches to projects.

Docker Enhancements

  • Improved the Docker remote repository flow by reducing the number of requests to the remote repositories.

  • Added Docker Buildx support, allowing you to easily build and push multi-architecture images using the Docker buildx CLI.

  • Added support for promoting Docker images with a Docker manifest.list from one Docker local repository to another.

New Outbound Repository Request Log

Announcing a new Outbound Remote Repository Request log, which allows you to track every request initiated by a remote repository including requests related to replication.

Native Artifacts Browser Accessible from the UI

The Artifactory native artifacts browser, which allows browsing the contents of a repository in a plain HTML structured tree, is now available via the artifact URL or via the artifacts Actions menu, which means that authenticated users will not need to re-authenticate to access the native browser.

Support for Multiple HashiCorp Vault Connectors in the JFrog Platform UI

JFrog Subscriptions: Enterprise with Security Pack | Enterprise+

The JFrog Platform integration with HashiCorp Vault now enables you to configure multiple external vault connectors through the Platform UI.

Multiple GPG keys for Signing Release Bundles

Distribution now supports signing Release Bundles using multiple GPG signing keys and not one key pair for all Release Bundles. This enables you to use different keys according to your organizational requirements.

Managing Multiple Signing Keys

JFrog Subscriptions: Enterprise with Security Pack | Enterprise+

JFrog Platform now enables you to manage multiple RSA and GPG signing keys through the Keys Management UI and REST API.

Generating an Identity Token through the Profile UI

The user profile now enables users to generate identity tokens, which means that any user can create a user identity token for themselves via the UI (or via REST API).

Identity tokens are scoped tokens, providing limited and focused permissions, and when a user is deleted/disabled, their tokens are also revoked.

Security & Compliance

Dependencies Scan

The Dependencies Scan feature enables you to scan your source code dependencies to find security vulnerabilities and licenses violations, with the ability to scan against your Xray policies, using the JFrog CLI.

On-Demand Binary Scan

Xray now provides on-demand binary scanningto address your needs using the CLI for fast results. You can point to a binary in your local file system and receive a report that contains a list of vulnerabilities, licenses, and policy violations for that binary prior to uploading the binary or build to Artifactory.


Approval Gates

The Approval Gates feature enables you to insert a manual approval process for a step in a pipeline. Approvers can approve or reject steps, and receive Slack and e-mail notifications for steps that require approval.

Improved Logs for Signed Pipelines

Pipelines will now post logs to step consoles when steps are getting signed. This will help users to identify the cause of failures during the process of signing a pipeline.

Conditional Workflow

The Conditional Workflow feature enables users to choose if a step executes or skips based on certain conditions set for the previous upstream step, which provides more flexibility in the execution logic of a pipeline.