# JFrog Artifactory ### Overview JFrog Artifactory is a universal artifact repository manager for storing, organizing, and managing binary artifacts throughout the software development lifecycle. The Veza integration enables: * Discovery and analysis of users, groups, and their access permissions * Visibility into repository access controls and permission mappings * Project-level access management insights * Role-based access control (RBAC) assessment * Identification of admin privileges and effective permissions * Mapping repository permissions to canonical access types * Tracking shared repository access across projects ### Prerequisites * JFrog Artifactory instance (validated with Trial License 7.98.9 Rev 79809900) * Admin access to generate API tokens * Network connectivity between your Veza platform or Insight Point and your Artifactory instance * The integration currently supports only **self-hosted** Artifactory instances. ### Artifactory Configuration #### Generating an Access Token 1. Log in to JFrog Artifactory as an administrator 2. Under "User Management," select "Access Tokens" ![Navigate to Access Tokens](/files/pUZ2rCRsnK5YB8q4FnG3) 3. Click the "Generate Token" button ![Create a token](/files/dzJB027Y41ABk2YaKR02) 4. Fill out the following fields: * Token scope: Admin (token with admin permission) * Description: Brief description of the token's purpose * Expires time: Use "Never" or choose a shorter lifespan. The token will need to be regenerated when it expires. * Service: Choose which product the token should have access to (Artifactory) ![Token details](/files/7dwzUaSQfO26JS2E99Ak) 5. Click the "Generate" button 6. Copy the full token for configuring the integration in Veza **Note:** Only users with Admin privileges can generate Access Tokens. See the [official Artifactory API documentation](https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API) for more details. ### Veza Platform Configuration #### Adding the Integration 1. In Veza, go to the **Integrations** page 2. Click *Add Integration* and search for Artifactory 3. Click on it and click **Next** to add an integration 4. Configure the integration settings (see Configuration Fields below) 5. Click *Create Integration* to save the configuration #### Configuration Fields | Field | Description | Example | | ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | | Hostname | The fully qualified hostname of your Artifactory instance, including the port number. This is the same URL you use to access the Artifactory web interface. | artifactory.company.com:443 | | Token | The authentication token generated from Artifactory. Must be an admin token or a token with sufficient permissions to read users, groups, permissions, and metadata. | eyJ2ZXIiOiIyIiwidH... | | Gather User Details | When enabled, Veza will collect extended user attributes. | | ### Supported Entities #### Users | Attribute | Description | | ---------------------------- | ---------------------------------------------------------------------------------------------------------------- | | `name` | Name of the user | | `id` | Unique identifier for the user | | `email` | User's email address | | `last_login_at` | Last login timestamp | | `admin` | Boolean flag indicating admin status. True if user is admin, false by default | | `realm` | String value representing the authentication realm for the user (e.g., internal, SAML, OAuth, LDAP, crowd, SCIM) | | `disable_ui_access` | Boolean flag indicating whether the user has access to the UI | | `effective_admin` | Boolean flag indicating whether the user has effective admin privileges | | `profile_updatable` | Whether the user can update their profile | | `internal_password_disabled` | Whether internal password authentication is disabled | | `status` | Current user status (invited, enabled, disabled, locked) | Note: The attributes `disable_ui_access`, `effective_admin`, `profile_updatable`, `internal_password_disabled`, `email`, and `last_login_at` are only populated when **Gather User Details** is enabled for the integration. #### Groups | Attribute | Description | | ------------------ | ------------------------------------------------------------------------------------ | | `name` | Name of the group | | `id` | Unique identifier for the group | | `auto_join` | Boolean flag indicating if new users automatically join this group. False by default | | `admin_privileges` | Boolean flag indicating if the group has admin privileges. False by default | | `realm` | Authentication realm for the group (e.g., internal, SAML, LDAP, crowd, SCIM) | | `description` | Descriptive text about the group's purpose | #### Roles | Attribute | Description | | ------------- | ------------------------------------------------------------------------- | | `name` | Name of the role | | `id` | Unique identifier for the role | | `description` | Descriptive text about the role's purpose | | `type` | Classification of the role (PREDEFINED, CUSTOM, CUSTOM\_GLOBAL and ADMIN) | #### Repositories | Attribute | Description | | -------------------------- | -------------------------------------------------------------------------------------------------------------------- | | `name` | Name of the repository | | `id` | Unique identifier for the repository | | `description` | Repository description. | | `type` | Classification of repository type ("LOCAL", "REMOTE", or "DISTRIBUTION") | | `package_type` | Artifact format type (e.g., Maven, npm, Docker) used for optimized storage, management, and handling of dependencies | | `repository_owner` | The project key that owns the repository. | | `shared_with_all_projects` | Boolean flag indicating if the repository is shared across all projects | | `shared_read_only` | Boolean flag indicating if the repository is shared in read-only mode | #### Projects | Attribute | Description | | ------------------ | --------------------------------------------------------------------- | | `name` | Name of the project | | `id` | Unique identifier for the project | | `manage_members` | Boolean flag indicating if project has member management privileges | | `manage_resources` | Boolean flag indicating if project has resource management privileges | | `index_resources` | Boolean flag indicating if project has resource indexing privileges | | `soft_limit` | Boolean flag indicating if project has soft limit privileges | ### Permission Mappings #### Repository-Level Permissions | Artifactory Permission | Veza Mapped Permissions | | ---------------------- | -------------------------------------------------------------------------------------------------------- | | DELETE | DataDelete, MetadataDelete | | DEPLOY/CACHE | NonData | | MANAGE | DataRead, MetadataRead, DataWrite, MetadataWrite, DataCreate, MetadataCreate, DataDelete, MetadataDelete | | READ | DataRead, MetadataRead | | SCAN | DataRead, MetadataRead | | ANNOTATE | DataRead, MetadataRead, DataWrite, MetadataWrite | | WRITE | DataWrite, MetadataWrite | #### Project-Level Permissions | Artifactory Permission | Veza Mapped Permissions | | ----------------------------- | -------------------------------------------------------------------------------------------------------- | | READ\_REPOSITORY | DataRead, MetadataRead | | ANNOTATE\_REPOSITORY | DataRead, MetadataRead, DataWrite, MetadataWrite | | DEPLOY\_CACHE\_REPOSITORY | DataWrite, MetadataWrite | | DELETE\_OVERWRITE\_REPOSITORY | DataDelete, MetadataDelete | | MANAGE\_XRAY\_MD\_REPOSITORY | DataRead, MetadataRead, DataWrite, MetadataWrite, DataCreate, MetadataCreate, DataDelete, MetadataDelete | #### Permission Categories | Permission Category | Description | | ------------------------- | -------------------------------------------------------------------------------------------------- | | Release Bundle Management | Permissions for managing release bundles including read, create, distribute, and delete operations | | Build Management | Permissions for build operations including read, deploy, and delete capabilities | | Pipeline Operations | Permissions for managing pipeline sources, integrations, and triggers | | Security Controls | Permissions for managing security settings, policies, and watches | | Member Management | Permissions for managing project membership and access control | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/artifactory.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.