System Architecture

JFrog Installation & Setup Documentation


This documentation includes information needed for installing and configuring your JFrog Platform. The documentation includes setup and installation documentation for:

  • Xray

  • Insight

  • Distribution

  • Pipelines

  • Private Distribution Network (PDN)

Each service should be installed separately according to the installation guide.

The following diagram represents a complete JPD containing all services in the JFrog Enterprise+ platform.


Each JFrog product can be deployed with 1 or more nodes. Each node has its microservices and a local router (service discovery and API gateway). All microservices of the same product are deployed on the same node/host.

The following components run outside the JPD.

  • Load Balancer - The entry point to the unit, should be set up by the customer and to communicate with Artifactory and Artifactory's Router service (as demonstrated in the diagram above).

  • Browser / JFrog CLI / Other Clients - External client(s) that interact with JFrog products in the JPD. Set up to only communicate with the LB.

JFrog Artifactory Service

The JFrog Artifactory service contains the following microservices.

  • Artifactory - The application server

  • Router - The central hub for communication between all the microservices, and cross-product.

  • Access - The authentication server and service registry. Used to manage Users, Groups, Permissions and Access Tokens for all products in the JPD

  • Event - The events distribution mechanism for JFrog products. Distributes Webhook events to external systems.

  • Integration - The microservice responsible for third-party systems authentication and event registration.

  • Frontend - The application user interface (UI for the entire JPD)

  • JFConnect - The microservice that fetches the entitlements from the subscription into a JPD

  • Metadata - The component's metadata server. Serves the Packages screen in the JPD UI.

  • Mission Control - The Mission Control microservice (available with an Enterprise+ license)

  • Observability - The microservice responsible for consolidating logs and metrics in the service.

  • Replicator - The replication engine (available with an Enterprise+ license)

JFrog Xray Service

The Xray service contains the following microservices:

  1. Indexer - Responsible for the indexing process, including:

    • Recursively extracting artifacts and builds

    • Collecting artifact metadata from accompanying files

    • Building an artifact components graph representation

  2. Persist - Responsibilities include:

    • Matching the given components graph with the public component information

    • Completing component naming

    • Storing graph data and component metadata in PostgreSQL

  3. Analysis - Responsible for enriching component metadata such as vulnerabilities, licenses and versions.

  4. Server - Responsibilities include:

    • Generating violations by matching analysis data with watches and policies

    • Hosting the API and UI endpoints

    • Running scheduled jobs such as the database synchronization process

  5. Router - Responsible for communication between all the microservices and cross-product.

JFrog Distribution Service

The Distribution service contains the following microservices:

  1. Distribution - Responsibilities include:

    • Hosting the API and UI endpoints

    • Sending distribution tasks via Redis to the Distributor

    • Syncing the other Distribution nodes with changes

    • Processing distribution tasks

    • Communicate with Artifactory edge nodes

    • Communicate with the source Artifactory

  2. Router - Responsible for communication between all the microservices and cross-product.

JFrog Insight Service

The Insight service contains the following microservices:

  1. Insight - Handles insight related data management and API functions

  2. Insight-Scheduler - Manages scheduling for different Insight tasks

  3. Router - Responsible for communication between all the microservices and cross-product.

JFrog Pipelines Service

The Pipelines service contains the following microservices:

  1. API - Responsible for hosting the API endpoints.

  2. Cron - Responsible for running internal jobs on intervals, including timing out steps and calculating statistics.

  3. HookHandler - Processes resource webhooks received by API.

  4. Logup - Transfers console logs from steps from the database to Artifactory as steps complete.

  5. Marshaller - Responsible for starting build nodes in dynamic node pools.

  6. Nexec - Responsible for running scripts on auto-initialized build nodes.

  7. PipelineSync - Reads the YML files in the pipeline source and updates the pipelines and resources with any changes.

  8. RunTrigger - Responsible for creating runs when a run is triggered manually or through a resource update.

  9. StepTrigger - Determines which waiting steps are able to run and queues them to be picked up by the build nodes.

  10. WWW - Hosts Pipelines UI pages that are supplemental to the JFrog Platform, including Pipeline History and Run Logs.

  11. Router - Responsible for communication between all the microservices and cross-product.

  12. extensionSync - Responsible for onboarding Pipelines extensions on to the JFrog Platform.

  13. templateSync - Responsible for onboarding Pipelines templates on to the JFrog Platform

  14. reqSealer - Responsible for finalizing the status of a run/step.

  15. Frontend - Serves static Pipelines micro frontend pages.

JFrog Private Distribution Network (PDN) Service

The PDN service contains the following microservices:

  1. Private Distribution Network (PDN) Server: An dedicated service responsible for advertising and tracking available artifacts located on the PDN Nodes, the PDN Server serves as the initial artifact seeder.

  2. PDN Node: A standalone application (or Docker image) that is interconnected with other PDN Nodes to resolve files, this application is used by the client to download content and is deployed on a dedicated host or client machine. The PDN Node communicates with its parent and sibling nodes to resolve files (Pull) and to distribute Release Bundles (Push). It also serves files to external clients from both cached artifacts and on-demand (Pull).