Subsidiaries and Vendors

Subsidiaries and Vendors: Separate Sites

Organizations working with subsidiaries or vendors should isolate each group’s work on dedicated JFrog SaaS sites—separate from the main organization—to limit access, simplify permissions, and meet compliance, while allowing controlled artifact sharing when needed.

How?

  • A main JFrog Platform SaaS site for the parent organization only
  • One or more dedicated SaaS sites for subsidiary and vendor work, separate from the main site
  • A dedicated site is not necessarily one per entity. The parent organization chooses per site (separate site when a hard boundary is required) or per project on a shared dedicated site (each entity gets its own project for users, repositories, and permissions)
  • Subsidiary and vendor work stays off the main site unless sites are explicitly connected; approved artifacts can flow via repository federation, release bundles, or similar patterns—akin to CI - CD separation, but driven by organizational boundaries

Why?

  • Keeps external and semi-autonomous parties off the parent organization’s full platform site while scoping each relationship as the parent defines
  • Reduces operational complexity on the main site; the main site remains the system of record with selective outward sharing

Considerations

  • Choose site- vs. project-level separation per relationship; federation is subject to multi-site limitations
  • Not every repository on a dedicated site needs to connect to the main site

Architecture

The following is a schematic high level architecture of such a topology

Subsidiaries and Vendors Subsidiaries and Vendors