1 of 100

JFrog Applications

Welcome to the JFrog Applications Doc Hub

Shift Left with JFrog Security

JFrog Applications

JFrog CLI

JFrog CLI is a compact and smart client that provides a simple interface that automates access to JFrog products simplifying your automation scripts and making them more readable and easier to maintain. JFrog CLI works with JFrog Artifactory, Xray, Distribution and Pipelines (through their respective REST APIs) making your scripts more efficient and reliable in several ways:

Advanced upload and download capabilities

JFrog CLI allows you to upload and download artifacts concurrently by a configurable number of threads that help your automated builds run faster. For big artifacts, you can define a number of chunks to split files for parallel download.

JFrog CLI optimizes both upload and download operations by skipping artifacts that already exist in their target location. Before uploading an artifact, JFrog CLI queries Artifactory with the artifact's checksum. If it already exists in Artifactory's storage, the CLI skips sending the file, and if necessary, Artifactory only updates its database to reflect the artifact upload. Similarly, when downloading an artifact from Artifactory, if the artifact already exists in the same download path, it will be skipped. With checksum optimization, long upload and download operations can be paused in the middle, and then be continued later where they were left off.

JFrog CLI supports uploading files to Artifactory using wildcard patterns, regular expressions, and ANT patterns, giving you an easy way to collect all the files you wish to upload. You can also download files using wildcard patterns.

Support for popular package managers and build tools

JFrog CLI offers comprehensive support for popular package managers and builds tools. It seamlessly integrates with package managers like npm, Maven, NuGet, Docker, and more, allowing you to easily manage and publish packages.

Source code and binaries scanning

JFrog CLI empowers you with robust scanning capabilities to ensure the security and compliance of your source code and software artifacts, including containers. It integrates with JFrog Xray and , enabling you to scan and analyze your projects and packages, including containers, for vulnerabilities, license compliance, and quality issues. With JFrog CLI, you can proactively identify and mitigate potential risks, ensuring the integrity and safety of your software supply chain.

Support for Build-Info

Build-Info is a comprehensive metadata Software Bill of Materials (SBOM) that captures detailed information about the components used in a build. It serves as a vital source of information, containing version history, artifacts, project modules, dependencies, and other crucial data collected during the build process. By storing this metadata in Artifactory, developers gain traceability and analysis capabilities to improve the quality and security of their builds. The Build-Info encompasses project module details, artifacts, dependencies, environment variables, and more. It is collected and outputted in a JSON format, facilitating easy access to information about the build and its components. JFrog CLI can create build-info and store the build-info in Artifactory.

System Requirements

Contributing to JFrog CLI Documentation

We value your input in making the JFrog CLI documentation better. You can help us enhance and improve it by recommending changes and additions. To contribute, follow these steps:

Your contributions will be reviewed, and if accepted, they will be merged into the documentation to benefit the entire JFrog CLI community.

Download and Install

JFrog CLI v2

Overview

JFrog CLI v2 was launched in July 2021. It includes changes to the functionality and usage of some of the legacy JFrog CLI commands. The changes are the result of feedback we received from users over time through GitHub, making the usage and functionality easier and more intuitive. For example, some of the default values changed, and are now more consistent across different commands. We also took this opportunity for improving and restructuring the code, as well as replacing old and deprecated functionality.

Most of the changes included in v2 are breaking changes compared to the v1 releases. We therefore packaged and released these changes under JFrog CLI v2, allowing users to migrate to v2 only when they are ready.

New enhancements to JFrog CLI are planned to be introduced as part of V2 only. V1 receives very little development attention nowadays. We therefore encourage users who haven't yet migrated to V2, to do so.

List of changes in JFrog CLI v2

The default value of the --flat option is now set to false for the jfrog rt upload command.
The deprecated syntax of the jfrog rt mvn command is no longer supported. To use the new syntax, the project needs to be first configured using the jfrog rt mvnc command.
The deprecated syntax of the jfrog rt gradle command is no longer supported. To use the new syntax, the project needs to be first configured using the jfrog rt gradlec command.
The deprecated syntax of the jfrog rt npm and jfrog rt npm-ci commands is no longer supported. To use the new syntax, the project needs to be first configured using the jfrog rt npmc command.
The deprecated syntax of the jfrog rt go command is no longer supported. To use the new syntax, the project needs to be first configured using the jfrog rt go-config command.
The deprecated syntax of the jfrog rt nuget command is no longer supported. To use the new syntax, the project needs to be first configured using the jfrog rt nugetc command.
All Bintray commands are removed.
The jfrog rt config command is removed and replaced by the jfrog config add command.
The jfrog rt use command is removed and replaced with the jfrog config use.
The --props command option and props file spec property for the jfrog rt upload command are removed, and replaced with the --target-props command option and targetProps file spec property respectively.

The following commands are removed

jfrog rt release-bundle-create
jfrog rt release-bundle-delete
jfrog rt release-bundle-distribute
jfrog rt release-bundle-sign
jfrog rt release-bundle-update

and replaced with the following commands respectively

jfrog ds release-bundle-create
jfrog ds release-bundle-delete
jfrog ds release-bundle-distribute
jfrog ds release-bundle-sign
jfrog ds release-bundle-update

The jfrog rt go-publish command now only supports Artifactory version 6.10.0 and above. Also, the command no longer accepts the target repository as an argument. The target repository should be pre-configured using the jfrog rt go-config command.
The jfrog rt go command no longer falls back to the VCS when dependencies are not found in Artifactory.
The --deps, --publish-deps, --no-registry and --self options of the jfrog rt go-publish command are now removed.
The --apiKey option is now removed. The API key should now be passed as the value of the --password option.
The --exclude-patterns option is now removed, and replaced with the --exclusions option. The same is true for the excludePatterns file spec property, which is replaced with the exclusions property.
The JFROG_CLI_JCENTER_REMOTE_SERVER and JFROG_CLI_JCENTER_REMOTE_REPO environment variables are now removed and replaced with the JFROG_CLI_EXTRACTORS_REMOTE environment variable.
The JFROG_CLI_HOME environment variable is now removed and replaced with the JFROG_CLI_HOME_DIR environment variable.
The JFROG_CLI_OFFER_CONFIG environment variable is now removed and replaced with the CI environment variable. Setting CI to true disables all prompts.
The directory structure is now changed when the jfrog rt download command is used with placeholders and --flat=false (--flat=false is now the default). When placeholders are used, the value of the --flat option is ignored.
When the jfrog rt upload command now uploads symlinks to Artifactory, the target file referenced by the symlink is uploaded to Artifactory with the symlink name. If the --symlink options is used, the symlink itself (not the referenced file) is uploaded, with the referenced file as a property attached to the file.

Installation

The legacy name of JFrog CLI's executable is jfrog. In an effort to make the CLI usage easier and more convenient, we recently exposed a series of new installers, which install JFrog CLI with the new jf executable name. For backward compatibility, the old installers will remain available. We recommend however migrating to the newer jf executable name.

JFrog CLI v2 "jf" installers

The following installers are available for JFrog CLI v2. These installers make JFrog CLI available through the jf executable.

Debian

# Create the keyrings directory if it doesn't exist
sudo mkdir -p /usr/share/keyrings;

# Download and save the JFrog GPG key to a keyring file
wget -qO - https://releases.jfrog.io/artifactory/api/v2/repositories/jfrog-debs/keyPairs/primary/public | sudo gpg --dearmor -o /usr/share/keyrings/jfrog.gpg

# Add the JFrog repository to your APT sources with the signed-by option
echo "deb [signed-by=/usr/share/keyrings/jfrog.gpg] https://releases.jfrog.io/artifactory/jfrog-debs focal contrib" | sudo tee /etc/apt/sources.list.d/jfrog.list


# Update the package list
sudo apt update;

# Install the JFrog CLI
sudo apt install -y jfrog-cli-v2-jf;

# Run the JFrog CLI intro command
jf intro;

RPM

# Create and configure the JFrog CLI YUM repository
echo "[jfrog-cli]" > jfrog-cli.repo &&
echo "name=JFrog CLI" >> jfrog-cli.repo &&
echo "baseurl=https://releases.jfrog.io/artifactory/jfrog-rpms" >> jfrog-cli.repo &&
echo "enabled=1" >> jfrog-cli.repo &&
echo "gpgcheck=1" >> jfrog-cli.repo && 

# Import GPG keys for verifying packages
# Note: Two keys are imported for backward compatibility with older versions
rpm --import https://releases.jfrog.io/artifactory/api/v2/repositories/jfrog-rpms/keyPairs/primary/public &&
rpm --import https://releases.jfrog.io/artifactory/api/v2/repositories/jfrog-rpms/keyPairs/secondary/public &&

# Move the repository file to the YUM configuration directory
sudo mv jfrog-cli.repo /etc/yum.repos.d/ &&

# Install the JFrog CLI package
yum install -y jfrog-cli-v2-jf &&

# Display an introductory message for JFrog CLI
jf intro

Homebrew

brew install jfrog-cli

Install with cUrl

curl -fL https://install-cli.jfrog.io | sh

Download with cUrl

curl -fL https://getcli.jfrog.io/v2-jf | sh

NPM

npm install -g jfrog-cli-v2-jf

Docker

Slim: docker run releases-docker.jfrog.io/jfrog/jfrog-cli-v2-jf jf -v Full: docker run releases-docker.jfrog.io/jfrog/jfrog-cli-full-v2-jf jf -v

Powershell

powershell: "Start-Process -Wait -Verb RunAs powershell '-NoProfile iwr https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/\[RELEASE\]/jfrog-cli-windows-amd64/jf.exe -OutFile $env:SYSTEMROOT\\system32\\jf.exe'"

Chocolatey

choco install: jfrog-cli-v2-jf

JFrog CLI v2 "jfrog" installers

The following installers are available for JFrog CLI v2. These installers make JFrog CLI available through the jfrog executable.

Debian

wget -qO - https://releases.jfrog.io/artifactory/jfrog-gpg-public/jfrog\_public\_gpg.key | sudo apt-key add - echo "deb https://releases.jfrog.io/artifactory/jfrog-debs xenial contrib" | sudo tee -a /etc/apt/sources.list; apt update; apt install -y jfrog-cli-v2;

RPM

echo "\[jfrog-cli\]" > jfrog-cli.repo; echo "name=jfrog-cli" >> jfrog-cli.repo; echo "baseurl=https://releases.jfrog.io/artifactory/jfrog-rpms" >> jfrog-cli.repo; echo "enabled=1" >> jfrog-cli.repo; rpm --import https://releases.jfrog.io/artifactory/jfrog-gpg-public/jfrog\_public\_gpg.key sudo mv jfrog-cli.repo /etc/yum.repos.d/; yum install -y jfrog-cli-v2;

Homebrew

brew install jfrog-cli

Download with Curl

curl -fL https://getcli.jfrog.io/v2 | sh

NPM

npm install -g jfrog-cli-v2

Docker

Slim: docker run releases-docker.jfrog.io/jfrog/jfrog-cli-v2 jfrog -v Full: docker run releases-docker.jfrog.io/jfrog/jfrog-cli-full-v2 jfrog -v

Chocolatey

choco install jfrog-cli

JFrog CLI v1 (legacy) installers

The following installations are available for JFrog CLI v1. These installers make JFrog CLI available through the jfrog executable.

Debian

wget -qO - https://releases.jfrog.io/artifactory/api/v2/repositories/jfrog-debs/keyPairs/primary/public | sudo apt-key add - echo "deb https://releases.jfrog.io/artifactory/jfrog-debs xenial contrib" | sudo tee -a /etc/apt/sources.list; apt update; apt install -y jfrog-cli;

RPM

echo "\[jfrog-cli\]" > jfrog-cli.repo; echo "name=jfrog-cli" >> jfrog-cli.repo; echo "baseurl=https://releases.jfrog.io/artifactory/jfrog-rpms" >> jfrog-cli.repo; echo "enabled=1" >> jfrog-cli.repo; rpm --import https://releases.jfrog.io/artifactory/api/v2/repositories/jfrog-rpms/keyPairs/primary/public; rpm --import https://releases.jfrog.io/artifactory/api/v2/repositories/jfrog-rpms/keyPairs/secondary/public sudo mv jfrog-cli.repo /etc/yum.repos.d/; yum install -y jfrog-cli;

Download with cUrl

curl -fL https://getcli.jfrog.io | sh

NPM

npm install -g jfrog-cli-go

Docker

Slim: docker run releases-docker.jfrog.io/jfrog/jfrog-cli jfrog -v Full: docker run releases-docker.jfrog.io/jfrog/jfrog-cli-full jfrog -v

Go

GO111MODULE=on go get github.com/jfrog/jfrog-cli; if \[ -z "$GOPATH" \] then binPath="$HOME/go/bin"; else binPath="$GOPATH/bin"; fi; mv "$binPath/jfrog-cli" "$binPath/jfrog"; echo "$($binPath/jfrog -v) is installed at $binPath";

Authentication

When used with Xray, JFrog CLI offers several means of authentication: JFrog CLI does not support accessing Xray without authentication.

Authenticating with Username and Password

To authenticate yourself using your Xray login credentials, either configure your credentials once using the jf c add command or provide the following option to each command.

Command Option

Description

--url

JFrog Xray API endpoint URL. It usually ends with /xray

--user

JFrog username

--password

JFrog password

Authenticating with an Access Token

To authenticate yourself using an Xray Access Token, either configure your Access Token once using the jf c add command or provide the following option to each command.

Command Option

Description

--url

JFrog Xray API endpoint URL. It usually ends with /xray

--access-token

JFrog access token

Shell Auto Completion

If you're using JFrog CLI from a bash, zsh, or fish shells, you can install JFrog CLI's auto-completion scripts.

Install JFrog CLI with Homebrew?

Using Oh My Zsh?

With your favorite text editor, open $HOME/.zshrc and add jfrog to the plugin list. For example:

plugins=(git mvn npm sdk jfrog)

Other Installation Methods

To install auto-completion for bash, run the following command and follow the instructions to complete the installation:

jf completion bash --install

To install auto-completion for zsh, run the following command and follow the instructions to complete the installation:

jf completion zsh --install

To install auto-completion for fish, run the following command:

jf completion fish --install

Usage

Environment Variables

The jf options command displays all the supported environment variables.

JFrog CLI makes use of the following environment variables:

Configurations

JFrog Platform Configuration

You can use the jf login command to authenticate with the JFrog Platform through the web browser. This command is solely interactive, meaning it does not receive any options and cannot be used in a CI server.

Creating Access Tokens

Commands Params

Command name

access-token-create

Abbreviation

atc

Command arguments:

username

The username for which this token is created. If not specified, the token will be created for the current user.

Command options:

--audience

[Optional]

A space-separated list of the other instances or services that should accept this token identified by their Service-IDs.

--description

[Optional]

Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.

--expiry

[Optional]

The amount of time, in seconds, it would take for the token to expire. Must be non-negative. If not provided, the platform default will be used. To specify a token that never expires, set to zero. Non-admin may only set a value that is equal or lower than the platform default that was set by an administrator (1 year by default).

--grant-admin

[Default: false]

Set to true to provide admin privileges to the access token. This is only available for administrators.

--groups

[Optional]

A list of comma-separated(,) groups for the access token to be associated with. This is only available for administrators.

--project

[Optional]

The project for which this token is created. Enter the project name on which you want to apply this token.

--reference

[Default: false]

Generate a Reference Token (alias to Access Token) in addition to the full token (available from Artifactory 7.38.10).

--refreshable

[Default: false]

Set to true if you'd like the token to be refreshable. A refresh token will also be returned in order to be used to generate a new token once it expires.

--scope

[Optional]

The scope of access that the token provides. This is only available for administrators.

Examples

Example 1

jf atc

Example 2

Create an access token for the user with the toad username:

jf atc toad

Adding and Editing Configured Servers

The config add and config edit commands are used to add and edit JFrog Platform server configuration, stored in JFrog CLI's configuration storage. These configured servers can be used by the other commands. The configured servers' details can be overridden per command by passing in alternative values for the URL and login credentials. The values configured are saved in file under the JFrog CLI home directory.

Command Name

config add / config edit

Abbreviation

c add / c edit

Command options:

--access-token

[Optional]

Access token.

--artifactory-url

[Optional]

JFrog Artifactory URL. (example: https://acme.jfrog.io/artifactory)

--basic-auth-only

[Default: false]

Used for Artifactory authentication. Set to true to disable replacing username and password/API key with automatically created access token that's refreshed hourly. Username and password/API key will still be used with commands which use external tools or the JFrog Distribution service. Can only be passed along with username and password/API key options.

--client-cert-key-path

[Optional]

Private key file for the client certificate in PEM format.

--client-cert-path

[Optional]

Client certificate file in PEM format.

--dist-url

[Optional]

Distribution URL. (example: https://acme.jfrog.io/distribution)

--enc-password

--insecure-tls

[Default: false]

Set to true to skip TLS certificates verification, while encrypting the Artifactory password during the config process.

--interactive

[Default: true, unless $CI is true]

Set to false if you do not want the config command to be interactive.

--mission-control-url

[Optional]

JFrog Mission Control URL. (example: https://acme.jfrog.io/ms)

--password

[Optional]

JFrog Platform password.

--ssh-key-path

[Optional]

For authentication with Artifactory. SSH key file path.

--url

[Optional]

JFrog Platform URL. (example: https://acme.jfrog.io)

--user

[Optional]

JFrog Platform username.

--xray-url

[Optional] Xray URL. (example: https://acme.jfrog.io/xray)

--overwrite

[Available for config add only] [Default: false] Overwrites the instance configuration if an instance with the same ID already exists.

Command arguments:

server ID

A unique ID for the server configuration.

Removing Configured Servers

The config remove command is used to remove JFrog Platform server configuration, stored in JFrog CLI's configuration storage.

Command name

config remove

Abbreviation

c rm

Command options:

--quiet

[Default: $CI]

Set to true to skip the delete confirmation message.

Command arguments:

server ID

The server ID to remove. If no argument is sent, all configured servers are removed.

Showing the Configured Servers

The config show command shows the stored configuration. You may show a specific server's configuration by sending its ID as an argument to the command.

Command name

config show

Abbreviation

c s

Command arguments:

server ID

The ID of the server to show. If no argument is sent, all configured servers are shown.

Setting a Server as Default

The config use command sets a configured server as default. The following commands will use this server.

File-Based Encryption

Starting from version 1.37.0, JFrog CLI introduces support for encrypting sensitive data stored in its configuration using an encryption key stored in a file. Follow these steps to enable encryption:

Generate a random 32-character master key. Ensure that the key size is exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A
Create a file named security.yaml under ~/.jfrog/security.
If you've customized the default JFrog CLI home directory by setting the JFROG_CLI_HOME_DIR environment variable, create the security/security.yaml file under the configured home directory.
Add the generated master key to the security.yaml file:
```
version: 1
masterKey: "your master key"
```
Ensure that the security.yaml file has only read permissions for the user running JFrog CLI.

The configuration will be encrypted the next time JFrog CLI accesses the config. If you have existing configurations stored before creating the file, you'll need to reconfigure the servers stored in the config.

Warning: When upgrading JFrog CLI from a version prior to 1.37.0 to version 1.37.0 or above, automatic changes are made to the content of the ~/.jfrog directory to support the new functionality introduced. Before making these changes, the content of the ~/.jfrog directory is backed up inside the ~/.jfrog/backup directory. After enabling sensitive data encryption, it is recommended to remove the backup directory to ensure no sensitive data is left unencrypted.

Environment Variable-Based Encryption

Starting from version 2.36.0, JFrog CLI also supports encrypting sensitive data in its configuration using an encryption key stored in an environment variable. To enable encryption, follow these steps:

Generate a random 32-character master key. Ensure that the key size is exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A
Store the key in an environment variable named JFROG_CLI_ENCRYPTION_KEY.

The configuration will be encrypted the next time JFrog CLI attempts to access the config. If you have configurations already stored before setting the environment variable, you'll need to reconfigure the servers stored in the config.

Proxy Support

JFrog CLI supports using an HTTP/S proxy. All you need to do is set HTTP_PROXY or HTTPS_PROXY environment variable with the proxy URL.

HTTP_PROXY, HTTPS_PROXY and NO_PROXY are the industry standards for proxy usages.

CLI AI Assistant

ONLY ACTIVE JFROG CUSTOMERS ARE AUTHORIZED TO USE THE JFROG AI ASSISTANT. ALL OTHER USES ARE PROHIBITED.

Overview

The JFrog CLI AI Command Assistant streamlines your workflow by turning natural language inputs into JFrog CLI commands.

Simply describe your desired actions, and the assistant generates commands with all necessary parameters, whether you're uploading artifacts, managing repositories, scanning your code, or performing other actions using the JFrog CLI.

Each query is treated individually, and while the interface allows you to refine requests, it doesn’t maintain a chat history.

This tool helps users access the full power of JFrog CLI without needing to remember specific syntax, ensuring efficiency and accuracy.

Note, This is the first version of JFrog CLI AI, hence it is limited only to Artifactory and Xray commands.

How to Use the JFrog CLI AI Command Assistant

To use the JFrog CLI AI Command Assistant, follow these simple steps:

1. Open your terminal

Ensure that you are in a terminal session where JFrog CLI is installed and configured.

2. Supported Version Validation

This feature is available starting from CLI version 2.69 and above. To validate your version, run:

jf --version

3. Enter the command

Type the following command to initiate the AI assistant:

jf how

4. Provide your request

After entering the command, you will see a prompt:

Your request:

Describe in natural language what you would like the JFrog CLI to do. The AI assistant will generate the exact CLI command needed.

For example, you might type:

Your request: How to upload all files in the 'build' directory to the 'my-repo' repository?

5. Receive the generated command

The AI assistant will process your request and output the corresponding JFrog CLI command, including all necessary parameters. For the example above, it will generate:

jf rt u build/ my-repo/

6. Execute or modify

You can now copy the generated command and run it in your terminal.

If needed, you can refine your request and try again.

FAQ

How does JFrog CLI AI Command Assistant work?

When you make a request using the JFrog CLI AI Command Assistant, your input is sent to a model that generates the appropriate JFrog CLI command. This model has been fine-tuned to produce accurate responses based on various inputs. The fine-tuned model is hosted on Azure OpenAI.

On what data is the model trained?

The model was trained using a dataset built from two primary sources:

JFrog CLI Public Documentation: This includes detailed information and examples from JFrog’s publicly available resources.
Internal Questions and Answers dataset: The dataset also incorporates internally created questions and answers, which help to refine the model’s ability to provide precise and relevant commands.

Does JFrog send customer data to OpenAI’s platform to train its services?

The data you submit and the responses you receive via JFrog CLI AI are not used to fine-tune or improve our model or services. Each data request is sent to Azure OpenAI individually, over an SSL-encrypted service, to process and send back to JFrog.

Are you saving my inputs and outputs?

No, JFrog does not save users' input and output data.

Are you using my inputs and outputs to train the JFrog CLI AI model?

No, JFrog does not use your inputs and outputs to train the model.

Does JFrog use my data to serve other customers?

No, JFrog does not use your data to train the model or serve other customers.

AI Assistant Addendum

ONLY ACTIVE JFROG CUSTOMERS ARE AUTHORIZED TO USE THE JFROG AI ASSISTANT. ALL OTHER USES ARE PROHIBITED.

This JFrog AI Assistant Addendum (this “Addendum”) forms part of the JFrog Subscription Agreement or other agreement made by and between the JFrog and Customer (the “Agreement”). Capitalized terms not otherwise defined in the body of this Addendum shall have the respective meanings assigned to them in the Agreement. Your use of the JFrog Platform, as applicable, shall continue to be governed by the Agreement.

THIS ADDENDUM TAKES EFFECT WHEN CUSTOMER (1) CLICKS THE “I ACCEPT” OR SIMILAR BUTTON AND/OR (2) BY ACCESSING OR USING THE APPLICABLE JFROG AI ASSISTANT SERVICE (respectively, the “AI ASSISTANT SERVICE” and “ADDENDUM EFFECTIVE DATE”). BY DOING SO, CUSTOMER: (A) ACKNOWLEDGES THAT IT HAS READ AND UNDERSTANDS THIS ADDENDUM; (B) REPRESENTS AND WARRANTS THAT IT HAS THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS ADDENDUM AND, IF ENTERING INTO THIS ADDENDUM FOR AN ENTITY, THAT IT HAS THE LEGAL AUTHORITY TO BIND SUCH ENTITY TO THIS ADDENDUM; AND (C) ACCEPTS THIS ADDENDUM AND AGREES THAT IT IS LEGALLY BOUND BY ITS TERMS.

IF CUSTOMER DOES NOT AGREE TO THIS ADDENDUM OR IF CUSTOMER IS A COMPETITOR OF JFROG OR ITS AFFILIATES (OR A PERSON OR ENTITY ACTING ON BEHALF OF A COMPETITOR), PLEASE SELECT THE “I DECLINE” OR SIMILAR BUTTON AND/OR DO NOT UNDER ANY CIRCUMSTANCES ACCESS OR USE THE AI ASSISTANT SERVICE.

1. APPLICATION OF THIS ADDENDUM.

a. AI Assistant Service. JFrog offers the applicable AI Assistant Service which references this Addendum, that is designed to enable Customer to: (i) generate or receive Output, in response to Input, for use in connection with the AI Assistant Service; and, if applicable to the specific AI Assistant Service, (ii) view suggested shortcuts and commands, in response to use of the AI Assistant Service by Customer, for use in connection with the AI Assistant Service (collectively, together with any Content, other than Output, provided to Customer by the AI Assistant Service, and any documentation for the AI Assistant Service, the “Service”). This Agreement only applies to the Service provided by JFrog and not to a Service provided by a third party.

b. Relationship with Agreement. In the event of any conflict between this Addendum and the Agreement, this Addendum will control, solely to the extent of the conflict. The Service is part of the “JFrog Platform” and the “JFrog Materials”, in each case, as used in the Agreement. “Customer”, as used herein, means the person or entity other than JFrog, that is party to the Agreement or an Order Form thereunder. “JFrog”, as used herein, means the applicable JFrog Contracting Entity in the Agreement. “Customer Data”, as used in the Agreement, excludes AI Assistant Data.

2. LICENSE TO SERVICE.

The license to the JFrog Platform set forth in the Agreement includes the right and license, during the Agreement Term, for Customer to access and use the Service. Without limiting the restrictions on use of the JFrog Platform set forth in the Agreement, Customer You will not, directly or indirectly, permit, facilitate, or otherwise allow any other person or entity to: (a) access or use the Service, except for Customer Users; (b) access the source code or other underlying components of the Service, including the model, model parameters, or model weights; (c) access, copy, extract, scrape, crawl, or pull from the Service, through manual or automated means, any information, data, materials, text, prompts, images, or other content (“Content”) that has been, is used, or may be used by JFrog, to train, retrain, tune, validate, modify, update, or otherwise improve the Service (“Training Content”); (d) develop, build, train, or run a machine learning or artificial intelligence application, functionality, logic, model, software system, or process on or using the Service; (e) intentionally generate Output that is sensitive, confidential, or proprietary information of any third party without authorization, or collect personal data from the Service; (f) share, generate or prompt any content or engage in behavior that is unlawful, harmful, threatening, obscene, violent, abusive, tortious, defamatory, ridicule, libelous, vulgar, lewd, invasive of another’s privacy, hateful, or otherwise objectionable; (g) upload or transmit any personal data (except for Customer User Information), viruses or other malicious content or code into or through the Service; or (h) access or use the Service in a manner that does not comply with the JFrog Acceptable Use Policy available at https://jfrog.com/acceptable-use-policy/.

3. TERM; TERMINATION.

This Addendum commences on the Addendum Effective Date and will remain in effect until the Agreement expires or is terminated, or this Addendum is terminated by JFrog in accordance with this Section, whichever is the earlier (the “Term”). JFrog may terminate or suspend this Addendum, or the availability of the Service, at any time and for any reason by providing Customer with notice, without liability or other obligation to Customer. Termination of this Addendum will not impact the Agreement. Upon any termination or expiration of this Addendum, Customer will promptly cease access and use of the Service.

4. AI ASSISTANT CONTENT.

a. License to AI Assistant Content. Customer hereby grants JFrog and its Affiliates a non-exclusive, sublicensable, transferable, royalty-free, fully paid-up, worldwide right and license, to use, reproduce, distribute, perform, display, modify, create derivative works of, process, store, and disclose any Content or other: (i) input provided to the Service provided by or on behalf of Customer, which may include Customer Data (“Input”); and (ii) output provided to, or generated for Customer by the Service, in response to use of the AI Assistant Service by Customer or an Input (“Output”), in each case of the foregoing (i) and (ii), for the purposes of billing, capacity planning, compliance, security, integrity, availability, stability, providing the AI Assistant Service as generally available, and, in the event the Customer elects to provide any suggestions, enhancement requests, recommendations, corrections or other feedback, improving the AI Assistant Service and the JFrog Platform. The foregoing grant includes the right and license for JFrog and its Affiliates to use the AI Assistant Content to train, retrain, tune, validate, modify, update, or otherwise improve the Service or the JFrog Platform. “Input” and “Output” are collectively hereinafter referred to as “AI Assistant Content”. The AI Assistant Content is not the “Confidential Information” of Customer. Personal Data shall not be entered as an Input to the Service.

b. Ownership of AI Assistant Content. As between Customer and JFrog, and to the extent permitted by applicable law, Customer: (i) retains ownership rights in Input; and (ii) owns the Output, except to the extent such Output was provided to, or generated for, other JFrog customers by the Service. Customer acknowledges that the Output provided may not be new or unique or protectable under applicable laws and that similar Outputs may be provided to other customers and their users in response to their Inputs into the Service.

c. Processing of AI Assistant Content. You authorize JFrog and its third-party providers to process your AI Assistant Content to provide the Service. You agree that JFrog may use Sub-Processors to provide the Service.

5. REPRESENTATIONS; WARRANTIES; DISCLAIMERS.

Customer represents, warrants, and covenants that Customer owns or otherwise has and will have the necessary rights, licenses, and consents in and relating to the AI Assistant Content such that, as used by JFrog and its Affiliates in accordance with this Addendum, such AI Assistant Content does not and will not infringe, misappropriate, or otherwise violate any intellectual property rights, or other rights, of any third party or violate any applicable law. CUSTOMER ACCEPTS AND AGREES THAT ANY USE OF OR RELIANCE ON OUTPUTS IS AT CUSTOMER’S SOLE RISK AND CUSTOMER WILL NOT RELY ON OUTPUT AS A SOLE SOURCE OF TRUTH OR FACTUAL INFORMATION, OR AS A SUBSTITUTE FOR PROFESSIONAL ADVICE. JFROG DOES NOT ACCEPT LIABILITY OR RESPONSIBILITY FOR ANY INCORRECT, OFFENSIVE, UNLAWFUL, HARMFUL, OR OTHERWISE OBJECTIONABLE OUTPUT. THE OUTPUT DOES NOT REFLECT THE VIEWS, OPINIONS, POLICIES, OR POSITION OF JFROG OR ITS AFFILIATES.

6. INDEMNIFICATION.

Without limiting the scope of the obligations to indemnify and defend under the Agreement, the claims, demands, suits, or proceedings (each, a “Claim”) for which Customer indemnifies and defend JFrog and its Affiliates under the Agreement include Claims arising out of or related to: (a) the Service or Customer’s access and use thereof; (b) any acts or omissions by Customer that constitute a breach of this Addendum; (c) reliance, or use of, any AI Assistant Content; and (d) fraud, gross negligence, or willful misconduct by Customer.

7. MISCELLANEOUS.

Any notice required or permitted by this Addendum may, if sent by JFrog, be delivered electronically, including through the Service or AI Assistant Service. The following terms will survive any termination or expiration of this Addendum: Section 4(a) (License to AI Assistant Content) and Section 5 (Representations; Warranties; Disclaimers) through Section 7 (Miscellaneous), inclusive.

Binaries Management with JFrog Artifactory

JFrog CLI is a compact and smart client that provides a simple interface that automates access to JFrog products simplifying your automation scripts and making them more readable and easier to maintain. JFrog CLI works with JFrog Artifactory, making your scripts more efficient and reliable in several ways:

Advanced upload and download capabilities

Support for popular package managers and build tools

Support for Build-Info

Environment Variables

Some of the Artifactory commands make use of the following environment variable:

Variable Name

Description

JFROG_CLI_MIN_CHECKSUM_DEPLOY_SIZE_KB

[Default: 10] Minimum file size in KB for which JFrog CLI performs checksum deploy optimization.

JFROG_CLI_RELEASES_REPO

Configured Artifactory repository name to download the jar needed by the mvn/gradle command. This environment variable's value format should be server ID configured by the 'jf c add' command. The repository should proxy https://releases.jfrog.io. This environment variable is used by the 'jf mvn' and 'jf gradle' commands, and also by the 'jf audit' command, when used for maven or gradle projects.

JFROG_CLI_DEPENDENCIES_DIR

[Default: $JFROG_CLI_HOME_DIR/dependencies] Defines the directory to which JFrog CLI's internal dependencies are downloaded.

JFROG_CLI_REPORT_USAGE

[Default: true] Set to false to block JFrog CLI from sending usage statistics to Artifactory.

JFROG_CLI_SERVER_ID

Server ID configured using the 'jf config' command, unless sent as a command argument or option.

JFROG_CLI_BUILD_NAME

Build name to be used by commands which expect a build name, unless sent as a command argument or option.

JFROG_CLI_BUILD_NUMBER

Build number to be used by commands which expect a build number, unless sent as a command argument or option.

JFROG_CLI_BUILD_PROJECT

JFrog project key to be used by commands that expect build name and build number. Determines the project of the published build.

JFROG_CLI_BUILD_URL

Sets the CI server build URL in the build-info. The "jf rt build-publish" command uses the value of this environment variable unless the --build-url command option is sent.

JFROG_CLI_ENV_EXCLUDE

[Default: password;secret;key;token] List of semicolon-separated(;) case insensitive patterns in the form of "value1;value2;...". Environment variables match those patterns will be excluded. This environment variable is used by the "jf rt build-publish" command, in case the --env-exclude command option is not sent.

JFROG_CLI_TRANSITIVE_DOWNLOAD

[Default: false] Set this option to true to include remote repositories in artifact searches when using the 'rt download' command. The search will target the first five remote repositories within the virtual repository. This feature is available starting from Artifactory version 7.17.0. NOTE: Enabling this option may increase the load on Artifactory instances that are proxied by multiple remote repositories..

JFROG_CLI_UPLOAD_EMPTY_ARCHIVE

[Default: false] Used by the "jf rt upload" command. Set to true if you'd like to upload an empty archive when '--archive' is set but all files were excluded by exclusions pattern.

Note

Authentication

Overview

When used with Artifactory, JFrog CLI offers several means of authentication: JFrog CLI does not support accessing Artifactory without authentication.

Authenticating with Username and Password / API Key

To authenticate yourself using your JFrog login credentials, either configure your credentials once using the jf c add command or provide the following option to each command.

Command option

Description

--url

JFrog Artifactory API endpoint URL. It usually ends with /artifactory

--user

JFrog username

--password

JFrog password or API key

For enhanced security, when JFrog CLI is configured to use a username and password / API key, it automatically generates an access token to authenticate with Artifactory. The generated access token is valid for one hour only. JFrog CLI automatically refreshed the token before it expires. The jf c add command allows disabling this functionality. This feature is currently not supported by commands which use external tools or package managers or work with JFrog Distribution.

Authenticating with an Access Token

To authenticate yourself using an Artifactory Access Token, either configure your Access Token once using the jf c add command or provide the following option to each command.

Command option

Description

--url

JFrog Artifactory API endpoint URL. It usually ends with /artifactory

--access-token

JFrog access token

Authenticating with RSA Keys

Note

Currently, authentication with RSA keys is not supported when working with external package managers and build tools (Maven, Gradle, Npm, Docker, Go and NuGet) or with the cUrl integration.

From version 4.4, Artifactory supports SSH authentication using RSA public and private keys. To authenticate yourself to Artifactory using RSA keys, execute the following instructions:

Configure your Artifactory URL to have the following format: ssh://[host]:[port] There are two ways to do this:
- For each command, use the --url command option.
- Specify the Artifactory URL in the correct format using the jf c add command.
Warning Don't include your Artifactory context URL
Make sure that the [host] component of the URL only includes the hostname or the IP, but not your Artifactory context URL.
Configure the path to your SSH key file. There are two ways to do this:
- For each command, use the --ssh-key-path command option.
- Specify the path using the jf c add command.

Authenticating using Client Certificates (mTLS)

To authenticate with the proxy using a client certificate, either configure your certificate once using the jf c add command or use the --client-cert-path and--client-cert-ket-path command options with each command.

Note

Authentication using client certificates (mTLS) is not supported by commands which integrate with package managers.

Not Using a Public CA (Certificate Authority)?

This section is relevant for you if you're not using a public CA (Certificate Authority) to issue the SSL certificate used to connect to your Artifactory domain. You may not be using a public CA either because you're using self-signed certificates or you're running your own PKI services in-house (often by using a Microsoft CA).

In this case, you'll need to make those certificates available for JFrog CLI, by placing them inside the security/certs directory, which is under JFrog CLI's home directory. By default, the home directory is ~/.jfrog, but it can be also set using the JFROG_CLI_HOME_DIR environment variable.

Note

The supported certificate format is PEM. Make sure to have ONE file with the ending .pem. OR provide as many as you want and run the c_rehash command on the folder as follows :c_rehash ~/.jfrog/security/certs/.
Some commands support the --insecure-tls option, which skips the TLS certificates verification.
Before version 1.37.0, JFrog CLI expected the certificates to be located directly under the security directory. JFrog CLI will automatically move the certificates to the new directory when installing version 1.37.0 or above. Downgrading back to an older version requires replacing the configuration directory manually. You'll find a backup if the old configuration under .jfrog/backup

Verifying Artifactory's Accessibility

Overview

This command can be used to verify that Artifactory is accessible by sending an applicative ping to Artifactory.

Commands Params

Examples

Example 1

Ping the configured default Artifactory server.

Example 2

Ping the configured Artifactory server with ID rt-server-1.

Example 3

Ping the Artifactory server. accessible through the specified URL.

Generic Files

Uploading Files

This command is used to upload files to Artifactory.

Usage

jf rt u [command options] <Source path> <Target path> jf rt u --spec=<File Spec path> [command options]

Commands Params

Examples

Example 1

Upload a file called froggy.tgz to the root of the my-local-repo repository.

Example 2

Example 3

Collect all the zip files located under the build directory (including subdirectories), and upload them to the my-local-repo repository, under the zipFiles folder, while maintaining the original names of the files. Also delete all files in the my-local-repo repository, under the zipFiles folder, except for the files which were uploaded by this command.

Example 4

Collect all files located under the build directory (including subdirectories), and upload them to the my-release-local repository, under the files folder, while maintaining the original names of the artifacts. Exclude (do not upload) files, which include install as part of their path, and have the pack extension. This example uses a wildcard pattern. See Example 5, which uses regular expressions instead.

Example 5

Collect all files located under the build directory (including subdirectories), and upload them to the my-release-local repository, under the files folder, while maintaining the original names of the artifacts. Exclude (do not upload) files, which include install as part of their path, and have the pack extension. This example uses a regular expression. See Example 4, which uses a wildcard pattern instead.

Example 6

Collect all files located under the build directory and match the /*.zip ANT pattern, and upload them to the my-release-local repository, under the files folder, while maintaining the original names of the artifacts.

Example 7

Package all files located under the build directory (including subdirectories) into a zip archive named archive.zip , and upload the archive to the my-local-repo repository,

Downloading Files

This command is used to download files from Artifactory.

Download from Remote Repositories: By default, the command downloads only the files that are cached on the current Artifactory instance. It does not retrieve files from remote Artifactory instances accessed via remote or virtual repositories. To enable the command to download files from remote Artifactory instances (proxied through remote repositories), set the JFROG_CLI_TRANSITIVE_DOWNLOAD environment variable to true. This feature is available in Artifactory version 7.17 or later. Note that remote downloads are supported only for remote repositories that proxy other Artifactory instances. Downloads from remote repositories that proxy non-Artifactory repositories are not supported. IMPORTANT: Enabling the JFROG_CLI_TRANSITIVE_DOWNLOAD environment variable may increase the load on the remote Artifactory instance. It is advisable to use this setting cautiously.

Usage

jf rt dl [command options] <Source path> [Target path] jf rt dl --spec=<File Spec path> [command options]

Commands Params

Examples

Example 3

Remove the properties status, phase and stage from all deb files that start with DEV in the debian-repository.

Example 4

Delete the environment property from /tests/local/block.rpm in the centos-repo.

Example 5

Remove the properties component, layer and level from files in the docker-hub repository.

Using File Specs

Overview

To achieve complex file manipulations you may require several CLI commands. For example, you may need to upload several different sets of files to different repositories. To simplify the implementation of these complex manipulations, you can apply JFrog CLI download, upload, move, copy and delete commands with JFrog Artifactory using --spec option to replace the inline command arguments and options. Similarly, you can create and update release bundles by providing the --spec command option. Each command uses an array of file specifications in JSON format with a corresponding schema as described in the sections below. Note that if any of these commands are issued using both inline options and the file specs, then the inline options override their counterparts specified in the file specs.

File Spec Schemas

Copy and Move Commands Spec Schema

The file spec schema for the copy and move commands is as follows:

Download Command Spec Schema

The file spec schema for the download command is as follows:

Create and Update Release Bundle V1 Commands Spec Schema

The file spec schema for the create and update release bundle v1 commands is as follows:

Upload Command Spec Schema

The file spec schema for the upload command is as follows:

Search, Set-Props and Delete Commands Spec Schema

The file spec schema for the search and delete commands are as follows:

Examples

The following examples can help you get started using File Specs.

Example 1

Download all files located under the all-my-frogs directory in the my-local-repo repository to the froggy directory.

Example 2

Download all files located under the all-my-frogs directory in the my-local-repo repository to the froggy directory. Download only files which are artifacts of build number 5 of build my-build .

Example 3

Download all files retrieved by the AQL query to the froggy directory.

Example 4

All zip files located under the resources directory to the zip folder, under the all-my-frogs repository. AND
All TGZ files located under the resources directory to the **tgz folder, under the all-my-frogs repository.
Tag all zip files with type = zip and status = ready.
Tag all tgz files with type = tgz and status = ready.

Example 5

Upload all zip files located under the resources directory to the zip folder, under the all-my-frogs repository.

Example 6

Package all files located (including subdirectories) under the resources directory into a zip archive named archive.zip , and upload it into the root of the all-my-frogs repository.

Example 7

Download all files located under the all-my-frogs directory in the my-local-repo repository except for files with .txt extension and all files inside the all-my-frogs directory with the props. prefix.`

Notice that the exclude patterns do not include the repository.

Example 8

Download The latest file uploaded to the all-my-frogs directory in the my-local-repo repository.

Example 9

Search for the three largest files located under the all-my-frogs directory in the my-local-repo repository. If there are files with the same size, sort them "internally" by creation date.

Example 10

Download The second-latest file uploaded to the all-my-frogs directory in the my-local-repo repository.

Example 11

The following File Spec finds all the folders which match the following criteria:

They are under the my-repo repository.
They are inside a folder with a name that matches abc-*-xyz and is located at the root of the repository.
Their name matches ver*
They were created more than 7 days ago.

Example 12

Example 13

Example 14

Example 15

This example creates a release bundle v1 and applies "pathMapping" to the artifact paths after distributing the release bundle v1.

All occurrences of the "a1.in" file are fetched and mapped to the "froggy" repository at the edges.

Fetch all artifacts retrieved by the AQL query.
Create the release bundle v1 with the artifacts and apply the path mappings at the edges after distribution.

The "pathMapping" option is provided, allowing users to control the destination of the release bundle artifacts at the edges.

Schema Validation

Using Jetbrains IDEs (Intellij IDEA, Webstorm, Goland, etc...)?

The File Spec schema is automatically applied to the following file patterns:

**/filespecs/*.json

*filespec*.json

*.filespec

Using Visual Studio Code?

Alternatively, copy the following to your settings.json file:

settings.json

Using Placeholders

Overview

The JFrog CLI offers enormous flexibility in how you download, upload, copy, or move files through the use of wildcard or regular expressions with placeholders.

Any wildcard enclosed in parentheses in the source path can be matched with a corresponding placeholder in the target path to determine the name of the artifact once uploaded.

Examples

Example 1: Upload all files to the target repository

For each .tgz file in the source directory, create a corresponding directory with the same name in the target repository and upload it there. For example, a file named froggy.tgz should be uploaded to my-local-rep/froggy. froggy will be created in a folder in Artifactory).

Upload all files whose name begins with "frog" to folder frogfiles in the target repository, but append its name with the text "-up". For example, a file called froggy.tgz should be renamed froggy.tgz-up.

Example 3: Upload all files to corresponding directories according to extension type

Upload all files in the current directory to the my-local-repo repository and place them in directories that match their file extensions.

Example 4: Copy all zip files to target repository and append with an extension

Copy all zip files under /rabbit in the source-frog-repo repository into the same path in the target-frog-repo repository and append the copied files' names with ".cp".

cURL Integration

Overview

Execute a cURL command, using the configured Artifactory details. The command expects the cUrl client to be included in the PATH.

Note - This command supports only Artifactory REST APIs, which are accessible under https://<JFrog base URL>/artifactory/api/

Commands Params

Command name

rt curl

Abbreviation

rt cl

Command options:

--server-id

[Optional] Server ID configured using the jf c add command. If not specified, the default configured server is used.

Command arguments:

cUrl arguments and flags

The same list of arguments and flags passed to cUrl, except for the following changes: 1. The full Artifactory URL should not be passed. Instead, the REST endpoint URI should be sent. 2. The login credentials should not be passed. Instead, the --server-id should be used.

Currently only servers configured with username and password / API key are supported.

Examples

Example 1

Execute the cUrl client, to send a GET request to the /api/build endpoint to the default Artifactory server

jf rt curl -XGET /api/build

Example 2

Execute the cUrl client, to send a GET request to the /api/build endpoint to the configured my-rt-server server ID.

jf rt curl -XGET /api/build --server-id my-rt-server

CI & SDKs

CI Integrations

JFrog Platform Configuration

Creating Access Tokens

This command allows creating for users in the JFrog Platform. By default, a user-scoped token will be created. Administrators may provide the scope explicitly with '--scope', or implicitly with '--groups', '--grant-admin'.

Commands Params

Command name

access-token-create

Abbreviation

atc

Command arguments:

username

The username for which this token is created. If not specified, the token will be created for the current user.

Command options:

--audience

[Optional]

A space-separated list of the other instances or services that should accept this token identified by their Service-IDs.

--description

[Optional]

Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.

--expiry

[Optional]

--grant-admin

[Default: false]

Set to true to provide admin privileges to the access token. This is only available for administrators.

--groups

[Optional]

A list of comma-separated(,) groups for the access token to be associated with. This is only available for administrators.

--project

[Optional]

The project for which this token is created. Enter the project name on which you want to apply this token.

--reference

[Default: false]

Generate a Reference Token (alias to Access Token) in addition to the full token (available from Artifactory 7.38.10).

--refreshable

[Default: false]

Set to true if you'd like the token to be refreshable. A refresh token will also be returned in order to be used to generate a new token once it expires.

--scope

[Optional]

The scope of access that the token provides. This is only available for administrators.

Examples

Example 1

Create an access token for the user in the default server configured by the command:

jf atc

Example 2

Create an access token for the user with the toad username:

jf atc toad

Adding and Editing Configured Servers

Command Name

config add / config edit

Abbreviation

c add / c edit

Command options:

--access-token

[Optional]

Access token.

--artifactory-url

[Optional]

JFrog Artifactory URL. (example: https://acme.jfrog.io/artifactory)

--basic-auth-only

[Default: false]

--client-cert-key-path

[Optional]

Private key file for the client certificate in PEM format.

--client-cert-path

[Optional]

Client certificate file in PEM format.

--dist-url

[Optional]

Distribution URL. (example: https://acme.jfrog.io/distribution)

--enc-password

[Default: true] If true, the configured password will be encrypted using Artifactory's before being stored. If false, the configured password will not be encrypted.

--insecure-tls

[Default: false]

Set to true to skip TLS certificates verification, while encrypting the Artifactory password during the config process.

--interactive

[Default: true, unless $CI is true]

Set to false if you do not want the config command to be interactive.

--mission-control-url

[Optional]

JFrog Mission Control URL. (example: https://acme.jfrog.io/ms)

--password

[Optional]

JFrog Platform password.

--ssh-key-path

[Optional]

For authentication with Artifactory. SSH key file path.

--url

[Optional]

JFrog Platform URL. (example: https://acme.jfrog.io)

--user

[Optional]

JFrog Platform username.

--xray-url

[Optional] Xray URL. (example: https://acme.jfrog.io/xray)

--overwrite

[Available for config add only] [Default: false] Overwrites the instance configuration if an instance with the same ID already exists.

Command arguments:

server ID

A unique ID for the server configuration.

Removing Configured Servers

The config remove command is used to remove JFrog Platform server configuration, stored in JFrog CLI's configuration storage.

Command name

config remove

Abbreviation

c rm

Command options:

--quiet

[Default: $CI]

Set to true to skip the delete confirmation message.

Command arguments:

server ID

The server ID to remove. If no argument is sent, all configured servers are removed.

Showing the Configured Servers

The config show command shows the stored configuration. You may show a specific server's configuration by sending its ID as an argument to the command.

Command name

config show

Abbreviation

c s

Command arguments:

server ID

The ID of the server to show. If no argument is sent, all configured servers are shown.

Sensitive Data Encryption

File-Based Encryption

Starting from version 1.37.0, JFrog CLI introduces support for encrypting sensitive data stored in its configuration using an encryption key stored in a file. Follow these steps to enable encryption:

Generate a random 32-character master key. Ensure that the key size is exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A
Create a file named security.yaml under ~/.jfrog/security.
If you've customized the default JFrog CLI home directory by setting the JFROG_CLI_HOME_DIR environment variable, create the security/security.yaml file under the configured home directory.
Add the generated master key to the security.yaml file:
```
version: 1
masterKey: "your master key"
```
Ensure that the security.yaml file has only read permissions for the user running JFrog CLI.

Warning: When upgrading JFrog CLI from a version prior to 1.37.0 to version 1.37.0 or above, automatic changes are made to the content of the ~/.jfrog directory to support the new functionality introduced. Before making these changes, the content of the ~/.jfrog directory is backed up inside the ~/.jfrog/backup directory. After enabling sensitive data encryption, it is recommended to remove the backup directory to ensure no sensitive data is left unencrypted.

Environment Variable-Based Encryption

Generate a random 32-character master key. Ensure that the key size is exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A
Store the key in an environment variable named JFROG_CLI_ENCRYPTION_KEY.

Generic Files

Uploading Files

This command is used to upload files to Artifactory.

Usage

jf rt u [command options] <Source path> <Target path> jf rt u --spec=<File Spec path> [command options]

Commands Params

Examples

Example 1

Upload a file called froggy.tgz to the root of the my-local-repo repository.

jf rt u froggy.tgz my-local-repo

Example 2

jf rt u "build/*.zip" my-local-repo/zipFiles/

Example 3

jf rt u "build/*.zip" my-local-repo/zipFiles/ --sync-deletes="my-local-repo/zipFiles/"

Example 4

jf rt u "build/" my-release-local/files/ --exclusions="\*install\*pack*"

Example 5

Collect all files located under the build directory (including subdirectories), and upload them to the my-release-local repository, under the files folder, while maintaining the original names of the artifacts. Exclude (do not upload) files, which include install as part of their path, and have the pack extension. This example uses a regular expression. See Example 4, which uses a wildcard pattern instead.

jf rt u "build/" my-release-local/files/ --regexp --exclusions="(.*)install.*pack$"

Example 6

jf rt u "build/**/*.zip" my-release-local/files/ --ant

Example 7

Package all files located under the build directory (including subdirectories) into a zip archive named archive.zip , and upload the archive to the my-local-repo repository,

jf rt u "build/" my-local-repo/my-archive.zip --archive zip

Downloading Files

This command is used to download files from Artifactory.

Download from Remote Repositories: By default, the command downloads only the files that are cached on the current Artifactory instance. It does not retrieve files from remote Artifactory instances accessed via remote or virtual repositories. To enable the command to download files from remote Artifactory instances (proxied through remote repositories), set the JFROG_CLI_TRANSITIVE_DOWNLOAD environment variable to true. This feature is available in Artifactory version 7.17 or later. Note that remote downloads are supported only for remote repositories that proxy other Artifactory instances. Downloads from remote repositories that proxy non-Artifactory repositories are not supported. IMPORTANT: Enabling the JFROG_CLI_TRANSITIVE_DOWNLOAD environment variable may increase the load on the remote Artifactory instance. It is advisable to use this setting cautiously.

Usage

jf rt dl [command options] <Source path> [Target path] jf rt dl --spec=<File Spec path> [command options]

Commands Params

Examples

Example 1

Download an artifact called cool-froggy.zip located at the root of the my-local-repo repository to the current directory.

jf rt dl my-local-repo/cool-froggy.zip

Example 2

Download all artifacts located under the all-my-frogs directory in the my-local-repo repository to the all-my-frogs folder under the current directory.

jf rt dl my-local-repo/all-my-frogs/ all-my-frogs/

Example 3

Download all artifacts located in the **my-local-repo **repository with a jar extension to the all-my-frogs folder under the current directory.

jf rt dl "my-local-repo/*.jar" all-my-frogs/

Example 4

Download the latest file uploaded to the all-my-frogs folder in the my-local-repo repository.

jf rt dl  "my-local-repo/all-my-frogs/" --sort-by=created --sort-order=desc --limit=1

Copying Files

This command is used to copy files in Artifactory

Usage

jf rt cp [command options] <Source path> <Target path> jf rt cp --spec=<File Spec path> [command options]

Commands Params

Examples

Example 1

Copy all artifacts located under /rabbit in the source-frog-repo repository into the same path in the target-frog-repo repository.

jf rt cp source-frog-repo/rabbit/ target-frog-repo/rabbit/

Example 2

Copy all zip files located under /rabbit in the source-frog-repo repository into the same path in the target-frog-repo repository.

jf rt cp "source-frog-repo/rabbit/*.zip" target-frog-repo/rabbit/

Example 3

Copy all artifacts located under /rabbit in the source-frog-repo repository and with property "Version=1.0" into the same path in the target-frog-repo repository.

jf rt cp "source-frog-repo/rabbit/*" target-frog-repo/rabbit/ --props=Version=1.0

Example 4

Copy all artifacts located under /rabbit in the source-frog-repo repository into the same path in the target-frog-repo repository without maintaining the original subdirectory hierarchy.

jf rt cp "source-frog-repo/rabbit/*" target-frog-repo/rabbit/ --flat

Moving Files

This command is used to move files in Artifactory

Usage

jf rt mv [command options] <Source path> <Target path> jf rt mv --spec=<File Spec path> [command options]

Commands Params

Examples

Example 1

Move all artifacts located under /rabbit in the source-frog-repo repository into the same path in the target-frog-repo repository.

jf rt mv source-frog-repo/rabbit/ target-frog-repo/rabbit/

Example 2

Move all zip files located under /rabbit in the source-frog-repo repository into the same path in the target-frog-repo repository.

jf rt mv "source-frog-repo/rabbit/*.zip" target-frog-repo/rabbit/

Example 3

Move all artifacts located under /rabbit in the source-frog-repo repository and with property "Version=1.0" into the same path in the target-frog-repo repository .

jf rt mv "source-frog-repo/rabbit/*" target-frog-repo/rabbit/ --props=Version=1.0

Example 4

Move all artifacts located under /rabbit in the source-frog-repo repository into the same path in the target-frog-repo repository without maintaining the original subdirectory hierarchy.

jf rt mv "source-frog-repo/rabbit/*" target-frog-repo/rabbit/ --flat

Deleting Files

This command is used to delete files in Artifactory

Usage

jf rt del [command options] <Delete path> jf rt del --spec=<File Spec path> [command options]

Commands Params

Examples

Example 1

Delete all artifacts located under /rabbit in the frog-repo repository.

jf rt del frog-repo/rabbit/

Example 2

Delete all zip files located under /rabbit in the frog-repo repository.

jf rt del "frog-repo/rabbit/*.zip"

Searching Files

This command is used to search and display files in Artifactory.

Usage

jf rt s [command options] <Search path> jf rt s --spec=<File Spec path> [command options]

Commands Params

Examples

Example 1

Display a list of all artifacts located under /rabbit in the frog-repo repository.

jf rt s frog-repo/rabbit/

Example 2

Display a list of all zip files located under /rabbit in the frog-repo repository.

jf rt s "frog-repo/rabbit/*.zip"

Example 3

Display a list of the files under example-repo-local with the following fields: path, actual_md5, modified_b, updated and depth.

jf rt s example-repo-local --include="actual_md5;modified_by;updated;depth"

Setting Properties on Files

This command is used for setting properties on existing files in Artifactory.

Usage

jf rt sp [command options] <Files pattern> <Files properties> jf rt sp <artifact properties> --spec=<File Spec path> [command options]

Commands Params

Examples

Example 1

Set the properties on all the zip files in the generic-local repository. The command will set the property "a" with "1" value and the property "b" with two values: "2" and "3".

jf rt sp "generic-local/*.zip" "a=1;b=2,3"

Example 2

The command will set the property "a" with "1" value and the property "b" with two values: "2" and "3" on all files found by the File Spec my-spec.

jf rt sp "a=1;b=2,3" --spec my-spec

Example 3

Set the properties on all the jar files in the maven-local repository. The command will set the property "version" with "1.0.0" value and the property "release" with "stable" value.

jf rt sp "maven-local/*.jar" "version=1.0.0;release=stable"

Example 4

The command will set the property "environment" with "production" value and the property "team" with "devops" value on all files found by the File Spec prod-spec.

jf rt sp "environment=production;team=devops" --spec prod-spec

Example 5

Set the properties on all the tar.gz files in the devops-local repository. The command will set the property "build" with "102" value and the property "branch" with "main" value.

jf rt sp "devops-local/*.tar.gz" "build=102;branch=main"

Deleting Properties from Files

This command is used for deleting properties from existing files in Artifactory.

Usage

jf rt delp [command options] <Files pattern> <Properties list> jf rt delp <artifact properties> --spec=<File Spec path> [command options]

Commands Params

Examples

Example 1

Remove the properties version and release from all the jar files in the maven-local repository.

jf rt delp "maven-local/*.jar" "version,release"

Example 2

Delete the properties build and branch from all tar.gz files in the devops-local repo.

jf rt delp "devops-local/*.tar.gz" "build,branch"

Example 3

Remove the properties status, phase and stage from all deb files that start with DEV in the debian-repository.

jf rt delp "debian-repository/DEV*.deb" "status,phase,stage"

Example 4

Delete the environment property from /tests/local/block.rpm in the centos-repo.

jf rt delp "centos-repo/tests/local/block.rpm" "environment"

Example 5

Remove the properties component, layer and level from files in the docker-hub repository.

jf rt delp "docker-hub/*" "component,layer,level"

Package Managers Integration

Running Maven Builds

JFrog CLI includes integration with Maven, allowing you to resolve dependencies and deploy build artifacts from and to Artifactory, while collecting build-info and storing it in Artifactory.

Setting maven repositories

Before using the jf mvn command, the project needs to be pre-configured with the Artifactory server and repositories, to be used for building and publishing the project. The jf mvn-config command should be used once to add the configuration to the project. The command should run while inside the root directory of the project. The configuration is stored by the command in the .jfrog directory at the root directory of the project.

Command-name

mvn-config

Abbreviation

mvnc

Command options:

--global

[Optional] Set to true, if you'd like the configuration to be global (for all projects on the machine). Specific projects can override the global configuration.

--server-id-resolve

[Optional] Server ID for resolution. The server should configured using the 'jf rt c' command.

--server-id-deploy

[Optional] Server ID for deployment. The server should be configured using the 'jf rt c' command.

--repo-resolve-releases

[Optional] Resolution repository for release dependencies.

--repo-resolve-snapshots

[Optional] Resolution repository for snapshot dependencies.

--repo-deploy-releases

[Optional] Deployment repository for release artifacts.

--repo-deploy-snapshots

[Optional] Deployment repository for snapshot artifacts.

--include-patterns

[Optional] Filter deployed artifacts by setting a wildcard pattern that specifies which artifacts to include. You may provide multiple comma-separated(,) patterns followed by a white-space. For example artifact-.jar, artifact-.pom

--exclude-patterns

[Optional] Filter deployed artifacts by setting a wildcard pattern that specifies which artifacts to exclude. You may provide multiple comma-separated(,) followed by a white-space. For example artifact--test.jar, artifact--test.pom

--disable-snapshots

[Default:false] Set to true to disable snapshot resolution.

--snapshots-update-policy

[Optional] Set snapshot update policy. Defaults to daily.

Command arguments:

The command accepts no arguments

Running maven

The mvn command triggers the maven client, while resolving dependencies and deploying artifacts from and to Artifactory.

Note: Before running the mvn command on a project for the first time, the project should be configured with the jf mvn-config command.

Commands Params

The following table lists the command arguments and flags:

Command-name

mvn

Abbreviation

mvn

Command options:

--threads

[Default: 3] Number of threads for uploading build artifacts.

--build-name

--build-number

--project

[Optional] JFrog project key.

--insecure-tls

[Default: false] Set to true to skip TLS certificates verification.

--scan

[Default: false] Set if you'd like all files to be scanned by Xray on the local file system prior to the upload, and skip the upload if any of the files are found vulnerable.

--format

[Default: table] Should be used with the --scan option. Defines the scan output format. Accepts table or json as values.

Command arguments:

The command accepts the same arguments and options as the mvn client.

Deploying Maven Artifacts

The deployment to Artifacts is triggered both by the deployment and install phases. To disable artifacts deployment, add -Dartifactory.publish.artifacts=false to the list of goals and options. For example: "jf mvn clean install -Dartifactory.publish.artifacts=false"

Example

Run clean and install with maven.

jf mvn clean install -f /path/to/pom.xml

Running Gradle Builds

JFrog CLI includes integration with Gradle, allowing you to resolve dependencies and deploy build artifacts from and to Artifactory, while collecting build-info and storing it in Artifactory.

Setting gradle repositories

Before using the gradle command, the project needs to be pre-configured with the Artifactory server and repositories, to be used for building and publishing the project. The gradle-config command should be used once to add the configuration to the project. The command should run while inside the root directory of the project. The configuration is stored by the command in the**.jfrog** directory at the root directory of the project.

Command-name

gradle-config

Abbreviation

gradlec

Command options:

--global

[Optional] Set to true, if you'd like the configuration to be global (for all projects on the machine). Specific projects can override the global configuration.

--server-id-resolve

[Optional] Server ID for resolution. The server should configured using the 'jf c add' command.

--server-id-deploy

[Optional] Server ID for deployment. The server should be configured using the 'jf c add' command.

--repo-resolve

[Optional] Repository for dependencies resolution.

--repo-deploy

[Optional] Repository for artifacts deployment.

--uses-plugin

[Default: false] Set to true if the Gradle Artifactory Plugin is already applied in the build script.

--use-wrapper

[Default: false] Set to true if you'd like to use the Gradle wrapper.

--deploy-maven-desc

[Default: true] Set to false if you do not wish to deploy Maven descriptors.

--deploy-ivy-desc

[Default: true] Set to false if you do not wish to deploy Ivy descriptors.

--ivy-desc-pattern

[Default: '[organization]/[module]/ivy-[revision].xml' Set the deployed Ivy descriptor pattern.

--ivy-artifacts-pattern

Command arguments:

The command accepts no arguments

Running gradle

The jf gradle command triggers the gradle client, while resolving dependencies and deploying artifacts from and to Artifactory.

Note: Before running the jf gradle command on a project for the first time, the project should be configured with the jf gradle-config command.

Commands Params

The following table lists the command arguments and flags:

Command-name

gradle

Abbreviation

gradle

Command options:

--threads

[Default: 3] Number of threads for uploading build artifacts.

--build-name

--build-number

--project

[Optional] JFrog project key.

--scan

[Default: false] Set if you'd like all files to be scanned by Xray on the local file system prior to the upload, and skip the upload if any of the files are found vulnerable.

--format

[Default: table] Should be used with the --scan option. Defines the scan output format. Accepts table or json as values.

Command arguments:

The command accepts the same arguments and options as the gradle client.

Example

Build the project using the artifactoryPublish task, while resolving and deploying artifacts from and to Artifactory.

jf gradle clean artifactoryPublish -b path/to/build.gradle

Downloading the Maven and Gradle Extractor JARs

For integrating with Maven and Gradle, JFrog CLI uses the build-info-extractor jars files. These jar files are downloaded by JFrog CLI from jcenter the first time they are needed.

If you're using JFrog CLI on a machine which has no access to the internet, you can configure JFrog CLI to download these jar files from an Artifactory instance. Here's how to configure Artifactory and JFrog CLI to download the jars files.

Set the JFROG_CLI_EXTRACTORS_REMOTE environment variable with the server ID of the Artifactory server you configured, followed by a slash, and then the name of the repository you created. For example my-rt-server/extractors

Running Builds with MSBuild

JFrog CLI includes integration with MSBuild and Artifactory, allowing you to resolve dependencies and deploy build artifacts from and to Artifactory, while collecting build-info and storing it in Artifactory. This is done by having JFrog CLI in your search path and adding JFrog CLI commands to the MSBuild csproj file.

Managing Docker Images

JFrog CLI provides full support for pulling and publishing docker images from and to Artifactory using the docker client running on the same machine. This allows you to collect build-info for your docker build and then publish it to Artifactory. You can also promote the pushed docker images from one repository to another in Artifactory.

To build and push your docker images to Artifactory, follow these steps:

Make sure that the installed docker client has version 17.07.0-ce (2017-08-29) or above. To verify this, run docker -v**
To ensure that the docker client and your Artifactory docker registry are correctly configured to work together, run the following code snippet.

docker pull hello-world
docker tag hello-world:latest &lt;artifactoryDockerRegistry&gt;/hello-world:latest
docker login &lt;artifactoryDockerRegistry&gt;
docker push &lt;artifactoryDockerRegistry&gt;/hello-world:latest

If everything is configured correctly, pushing any image including the hello-world image should be successfully uploaded to Artifactory.

Note: When running the docker-pull and docker-push commands, the CLI will first attempt to log in to the docker registry. In case of a login failure, the command will not be executed.

Examples

Pulling Docker Images Using the Docker Client

Commands Params

The following table lists the command arguments and flags:

Command-name

docker pull

Abbreviation

dpl

Command options:

--server-id

[Optional] Server ID configured using the 'jf config' command. If not specified, the default configured Artifactory server is used.

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

--skip-login

[Default: false] Set to true if you'd like the command to skip performing docker login.

Command arguments:

The same arguments and options supported by the docker client/

Example

The subsequent command utilizes the docker client to pull the 'my-docker-registry.io/my-docker-image:latest' image from Artifactory. This operation logs the image layers as dependencies of the local build-info identified by the build name 'my-build-name' and build number '7'. This local build-info can subsequently be released to Artifactory using the command 'jf rt bp my-build-name 7'.

jf docker pull my-docker-registry.io/my-docker-image:latest --build-name=my-build-name --build-number=7

Pushing Docker Images Using the Docker Client

After building your image using the docker client, the jf docker push command pushes the image layers to Artifactory, while collecting the build-info and storing it locally, so that it can be later published to Artifactory, using the jf rt build-publish command.

Commands Params

The following table lists the command arguments and flags:

Command-name

docker push

Abbreviation

Command options:

--server-id

[Optional] Server ID configured using the 'jf config' command. If not specified, the default configured Artifactory server is used.

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

--skip-login

[Default: false] Set to true if you'd like the command to skip performing docker login.

--threads

[Default: 3] Number of working threads.

--detailed-summary

[Default: false] Set true to include a list of the affected files as part of the command output summary.

Command arguments:

The same arguments and options supported by the docker client/

Example

The subsequent command utilizes the docker client to push the 'my-docker-registry.io/my-docker-image:latest' image to Artifactory. This operation logs the image layers as artifacts of the local build-info identified by the build name 'my-build-name' and build number '7'. This local build-info can subsequently be released to Artifactory using the command 'jf rt bp my-build-name 7'.

jf docker push my-docker-registry.io/my-docker-image:latest --build-name=my-build-name --build-number=7

Pulling Docker Images Using Podman

Commands Params

The following table lists the command arguments and flags:

Command-name

rt podman-pull

Abbreviation

rt ppl

Command options:

--server-id

[Optional] Server ID configured using the 'jf config' command. If not specified, the default configured Artifactory server is used.

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

--skip-login

[Default: false] Set to true if you'd like the command to skip performing docker login.

Command argument

Image tag

The docker image tag to pull.

Source repository

Source repository in Artifactory.

Example

In this example, podman is employed to pull the local image 'my-docker-registry.io/my-docker-image:latest' from the docker-local Artifactory repository. During this process, it registers the image layers as dependencies within a build-info identified by the build name 'my-build-name' and build number '7'. This build-info is initially established locally and must be subsequently published to Artifactory using the command 'jf rt build-publish my-build-name 7'.

jf rt podman-pull my-docker-registry.io/my-docker-image:latest docker-local --build-name my-build-name --build-number 7

Pushing Docker Images Using Podman

Commands Params

The following table lists the command arguments and flags:

Command-name

rt podman-push

Abbreviation

rt pp

Command options:

--server-id

[Optional] Server ID configured using the 'jf config' command. If not specified, the default configured Artifactory server is used.

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

--skip-login

[Default: false] Set to true if you'd like the command to skip performing docker login.

--threads

[Default: 3] Number of working threads.

--detailed-summary

[Default: false] Set to true to include a list of the affected files as part of the command output summary.

Command argument

Image tag

The docker image tag to push.

Target repository

Target repository in Artifactory.

Example

In this illustration, podman is employed to push the local image 'my-docker-registry.io/my-docker-image:latest' to the docker-local Artifactory repository. During this process, it registers the image layers as artifacts within a build-info identified by the build name 'my-build-name' and build number '7'. This build-info is initially established locally and must be subsequently published to Artifactory using the command 'jf rt build-publish my-build-name 7'.

jf rt podman-push my-docker-registry.io/my-docker-image:latest docker-local --build-name=my-build-name --build-number=7

Pushing Docker Images Using Kaniko

Pushing Docker Images Using buildx

Pushing Docker Images Using the OpenShift CLI

Adding Published Docker Images to the Build-Info

The build-docker-create command allows adding a docker image, which is already published to Artifactory, into the build-info. This build-info can be later published to Artifactory, using the build-publish command.

Commands Params

Command-name

rt build-docker-create

Abbreviation

rt bdc

Command options:

--image-file

Path to a file which includes one line in the following format: IMAGE-TAG@sha256:MANIFEST-SHA256. For example: cat image-file-details superfrog-docker.jfrog.io/hello-frog@sha256:30f04e684493fb5ccc030969df6de0

--server-id

[Optional] Server ID configured using the 'jf config' command. If not specified, the default configured Artifactory server is used.

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

--threads

[Default: 3] Number of working threads.

Command argument

Target repository

The name of the repository to which the image was pushed.

Example

In this example, a Docker image that has already been deployed to Artifactory is incorporated into a locally created, unpublished build-info identified by the build name myBuild and build number '1'. This local build-info can subsequently be published to Artifactory using the command 'jf rt bp myBuild 1'.

jf rt bdc docker-local --image-file image-file-details --build-name myBuild --build-number 1

Promoting Docker Images

Promotion is the action of moving or copying a group of artifacts from one repository to another, to support the artifacts' lifecycle. When it comes to docker images, there are two ways to promote a docker image which was pushed to Artifactory:

Create build-info for the docker image, and then promote the build using the jf rt build-promote command.
Use the jf rt docker-promote command as described below.

Commands Params

The following table lists the command arguments and flags:

Command-name

rt docker-promote

Abbreviation

rt dpr

Command options:

--server-id

[Optional] Server ID configured using the 'jf config' command. If not specified, the default configured Artifactory server is used.

--copy

[Default: false] If set true, the Docker image is copied to the target repository, otherwise it is moved.

--source-tag

[Optional] The tag name to promote.

--target-docker-image

[Optional] Docker target image name.

--target-tag

[Optional] The target tag to assign the image after promotion.

Command argument

source docker image

The docker image name to promote.

source repository

Source repository in Artifactory.

target repository

Target repository in Artifactory.

Examples

Promote the hello-world docker image from the docker-dev-local repository to the docker-staging-local repository.

jf rt docker-promote hello-world docker-dev-local docker-staging-local

Building Npm Packages Using the Npm Client

JFrog CLI provides full support for building npm packages using the npm client. This allows you to resolve npm dependencies, and publish your npm packages from and to Artifactory, while collecting build-info and storing it in Artifactory.

Follow these guidelines when building npm packages:

When the npm-publish command runs, JFrog CLI runs the pack command in the background. The pack action is followed by an upload, which is not based on the npm client's publish command. Therefore, If your npm package includes the prepublish or postpublish scripts, rename them to prepack and postpack respectively.

Requirements

Npm client version 5.4.0 and above.

Artifactory version 5.5.2 and above.

Setting npm repositories

Before using the jf npm install, jf npm ci and jf npm publish commands, the project needs to be pre-configured with the Artifactory server and repositories, to be used for building and publishing the project. The jf npm-config command should be used once to add the configuration to the project. The command should run while inside the root directory of the project. The configuration is stored by the command in the .jfrog directory at the root directory of the project.

Command-name

npm-config

Abbreviation

npmc

Command options:

--global

[Optional] Set to true, if you'd like the configuration to be global (for all projects on the machine). Specific projects can override the global configuration.

--server-id-resolve

[Optional] Artifactory server ID for resolution. The server should configured using the 'jf c add' command.

--server-id-deploy

[Optional] Artifactory server ID for deployment. The server should be configured using the 'jf c add' command.

--repo-resolve

[Optional] Repository for dependencies resolution.

--repo-deploy

[Optional] Repository for artifacts deployment.

Command arguments:

The command accepts no arguments

Installing Npm Packages

The jf npm install and jf npm ci commands execute npm's install and ci commands respectively, to fetches the npm dependencies from the npm repositories.

Before running the jf npm install or jf npm ci command on a project for the first time, the project should be configured using the jf npm-config command.

Commands Params

The following table lists the command arguments and flags:

Command-name

npm

Abbreviation

Command options:

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

--threads

[Default: 3] Number of working threads for build-info collection.

Command arguments:

The command accepts the same arguments and options as the npm client.

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

Command arguments:

The command accepts the same arguments and options as the npm client.

Examples

Example 1

jf npm install --build-name=my-build-name --build-number=1

Example 2

The following example installs the dependencies. The dependencies are resolved from the Artifactory server and repository configured by npm-config command.

jf npm install

Example 3

The following example installs the dependencies using the npm-ci command. The dependencies are resolved from the Artifactory server and repository configured by npm-config command.

jf npm ci

Publishing the Npm Packages into Artifactory

The npm-publish command packs and deploys the npm package to the designated npm repository.

Before running the npm-publish command on a project for the first time, the project should be configured using the jf npm-config command. This configuration includes the Artifactory server and repository to which the package should deploy.

Warning: If your npm package includes the prepublish or postpublish scripts, please refer to the guidelines above.

Commands Params

The following table lists the command arguments and flags:

Command-name

npm publish

Abbreviation

Command options:

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

--detailed-summary

[Default: false] Set true to include a list of the affected files as part of the command output summary.

--scan

[Default: false] Set if you'd like all files to be scanned by Xray on the local file system prior to the upload, and skip the upload if any of the files are found vulnerable.

--format

[Default: table] Should be used with the --scan option. Defines the scan output format. Accepts table or JSON as values.

Command argument

The command accepts the same arguments and options that the npm pack command expects.

Example

jf npm publish --build-name=my-build-name --build-number=1

Building Npm Packages Using the Yarn Client

JFrog CLI provides full support for building npm packages using the yarn client. This allows you to resolve npm dependencies, while collecting build-info and storing it in Artifactory. You can download npm packages from any npm repository type - local, remote or virtual. Publishing the packages to a local npm repository is supported through the jf rt upload command.

Yarn version 2.4.0 and above is supported.

Setting npm repositories

Before using the jf yarn command, the project needs to be pre-configured with the Artifactory server and repositories, to be used for building the project. The yarn-config command should be used once to add the configuration to the project. The command should run while inside the root directory of the project. The configuration is stored by the command in the .jfrog directory at the root directory of the project.

Command-name

yarn-config

Abbreviation

yarnc

Command options:

--global

[Optional] Set to true, if you'd like the configuration to be global (for all projects on the machine). Specific projects can override the global configuration.

--server-id-resolve

[Optional] Artifactory server ID for resolution. The server should configured using the 'jf c add' command.

--repo-resolve

[Optional] Repository for dependencies resolution.

Command arguments:

The command accepts no arguments

Installing Npm Packages

The jf yarn command executes the yarn client, to fetch the npm dependencies from the npm repositories.

Note: Before running the command on a project for the first time, the project should be configured using the jf yarn-config command.

Commands Params

The following table lists the command arguments and flags:

Command-name

yarn

Command options:

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

--threads

[Default: 3] Number of working threads for build-info collection.

Command arguments:

The command accepts the same arguments and options as the yarn client.

Examples

Example 1

jf yarn install --build-name=my-build-name --build-number=1

Example 2

The following example installs the dependencies. The dependencies are resolved from the Artifactory server and repository configured by jf yarn-config command.

jf yarn install

Building Go Packages

General

JFrog CLI provides full support for building Go packages using the Go client. This allows resolving Go dependencies from and publish your Go packages to Artifactory, while collecting build-info and storing it in Artifactory.

Requirements

JFrog CLI client version 1.20.0 and above.

Artifactory version 6.1.0 and above.

Go client version 1.11.0 and above.

Example project

Setting Go repositories

Before you can use JFrog CLI to build your Go projects with Artifactory, you first need to set the resolutions and deployment repositories for the project.

Here's how you set the repositories.

'cd' into to the root of the Go project.
Run the jf go-config command.

Commands Params

Command-name

go-config

Abbreviation

Command options:

--global

[Default false] Set to true, if you'd like the configuration to be global (for all projects on the machine). Specific projects can override the global configuration.

--server-id-resolve

[Optional] Artifactory server ID for resolution. The server should configured using the 'jf c add' command.

--server-id-deploy

[Optional] Artifactory server ID for deployment. The server should be configured using the 'jf c add' command.

--repo-resolve

[Optional] Repository for dependencies resolution.

--repo-deploy

[Optional] Repository for artifacts deployment.

Examples

Example 1

Set repositories for this go project.

jf go-config

Example 2

Set repositories for all go projects on this machine.

jf go-config --global

Running Go commands

The go command triggers the go client.

Note: Before running the go command on a project for the first time, the project should be configured using the jf go-config command.

Commands Params

The following table lists the command arguments and flags:

Command-name

Abbreviation

Command options:

--build-name

--build-number

--project

[Optional] JFrog project key.

--no-fallback

[Default false] Set to avoid downloading packages from the VCS, if they are missing in Artifactory.

--module

[Optional] Optional module name for the build-info.

Command arguments:

Go command

The command accepts the same arguments and options as the go client.

Examples

Example 1

The following example runs Go build command. The dependencies resolved from Artifactory via the go-virtual repository.

Note: Before using this example, please make sure to set repositories for the Go project using the go-config command.

jf go build

Example 2

Note: Before using this example, please make sure to set repositories for the Go project using the go-config command.

jf rt go build --build-name=my-build --build-number=1

Publishing Go Packages to Artifactory

The jf go-publish command packs and deploys the Go package to the designated Go repository in Artifactory.

Note: Before running the jf go-publish command on a project for the first time, the project should be configured using the jf go-config command.

Commands Params

The following table lists the command arguments and flags:

Command-name

go-publish

Abbreviation

Command options:

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

--detailed-summary

[Default: false] Set true to include a list of the affected files as part of the command output summary.

Command argument

Version

The version of the Go project that is being published

Examples

Example 1

To pack and publish the Go package, run the following command. Before running this command on a project for the first time, the project should be configured using the jf go-config command.

jf gp v1.2.3

Example 2

jf gp v1.2.3 --build-name my-build-name --build-number 1

Building Python Packages

Pip, Pipenv and Twine

JFrog CLI provides full support for building Python packages using the pip and pipenv package managers, and deploying distributions using twine. This allows resolving python dependencies from Artifactory, using for pip and pipenv, while recording the downloaded packages. After installing and packaging the project, the distributions and wheels can be deployed to Artifactory using twine, while recording the uploaded packages. The downloaded packages are stored as dependencies in the build-info stored in Artifactory, while the uploaded ones are stored as artifacts.

Example projects

Setting Python repository

Before you can use JFrog CLI to build your Python projects with Artifactory, you first need to set the repository for the project.

Here's how you set the repositories.

'cd' into the root of the Python project.
Run the jf pip-config or jf pipenv-config commands, depending on whether you're using the pip or pipenv clients.

Commands Params

Command-name

pip-config / pipenv-config

Abbreviation

pipc / pipec

Command options:

--global

[Default false] Set to true, if you'd like the configuration to be global (for all projects on the machine). Specific projects can override the global configuration.

--server-id-resolve

[Optional] Artifactory server ID for resolution. The server should configured using the 'jf c add' command.

--repo-resolve

[Optional] Repository for dependencies resolution.

--server-id-deploy

[Optional] Artifactory server ID for deployment. The server should configured using the 'jf c add' command.

--repo-deploy

[Optional] Repository for artifacts deployment.

Examples

Example 1

Set repositories for this Python project when using the pip client (for pipenv: jf pipec).

jf pipc

Example 2

Set repositories for all Python projects using the pip client on this machine (for pipenv: jf pipec --global).

jf pipc --global

Installing Python packages

The jf pip install and jf pipenv install commands use the pip and pipenv clients respectively, to install the project dependencies from Artifactory. The jf pip install and jf pipenv install commands can also record these packages as build dependencies as part of the build-info published to Artifactory.

Note: Before running the pip install and pipenv install commands on a project for the first time, the project should be configured using the jf pip-config or jf pipenv-config commands respectively.

Recording all dependencies

JFrog CLI records the installed packages as build-info dependencies. The recorded dependencies are packages installed during the jf pip install and jf pipenv install command execution. When running the command inside a Python environment, which already has some of the packages installed, the installed packages will not be included as part of the build-info, because they were not originally installed by JFrog CLI. A warning message will be added to the log in this case.

How to include all packages in the build-info?

The details of all the installed packages are always cached by the jf pip install and jf pipenv install command in the .jfrog/projects/deps.cache.json file, located under the root of the project. JFrog CLI uses this cache for including previously installed packages in the build-info. If the Python environment had some packages installed prior to the first execution of the install command, those previously installed packages will be missing from the cache and therefore will not be included in the build-info.

Commands Params

Command-name

pip / pipenv

Abbreviation

Command options:

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

Command argument

The command accepts the same arguments and options as the pip / pipenv clients.

Examples

Example 1

The following command triggers pip install, while recording the build dependencies as part of build name my-build and build number 1 .

jf pip install . --build-name my-build --build-number 1

Example 2

The following command triggers pipenv install, while recording the build dependencies as part of build name my-build and build number 1 .

jf pipenv install . --build-name my-build --build-number 1

Publishing Python packages using Twine

The jf twine upload command uses the twine, to publish the project distributions to Artifactory. The jf twine upload command can also record these packages as build artifacts as part of the build-info published to Artifactory.

Note: Before running the twine upload command on a project for the first time, the project should be configured using the jf pip-config or jf pipenv-config commands, with deployer configuration.

Commands Params

Command-name

twine

Abbreviation

Command options:

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

Command argument

The command accepts the arguments and options supported by twine client, except for repository configuration and authentication options.

Examples

Example 1

The following command triggers twine upload, while recording the build artifacts as part of build name my-build and build number 1 .

jf twine upload "dist/*" --build-name my-build --build-number 1

Poetry

JFrog CLI provides partial support for building Python packages using the poetry package manager. This allows resolving python dependencies from Artifactory, but currently does NOT record downloaded packages as dependencies in the build-info.

Setting Python repository

Before you can use JFrog CLI to build your Python projects with Artifactory, you first need to set the repository for the project.

Here's how you set the repositories.

'cd' into the root of the Python project.
Run the jf poetry-config command as follows.

Commands Params

Command-name

poetry-config

Abbreviation

poc

Command options:

--global

[Default false] Set to true, if you'd like the configuration to be global (for all projects on the machine). Specific projects can override the global configuration.

--server-id-resolve

[Optional] Artifactory server ID for resolution. The server should configured using the 'jf c add' command.

--repo-resolve

[Optional] Repository for dependencies resolution.

Examples

Example 1

Set repositories for this Python project when using the poetry client.

jf poc

Example 2

Set repositories for all Python projects using the poetry client on this machine.

jf poc --global

Installing Python packages

The jf poetry install commands use the poetry client to install the project dependencies from Artifactory.

Note: Before running the poetry install command on a project for the first time, the project should be configured using the jf poetry-config command.

Commands Params

Command-name

poetry

Abbreviation

Command options:

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

Command argument

The command accepts the same arguments and options as the poetry clients.

Examples

Example 1

The following command triggers poetry install, while resolving dependencies from Artifactory.

jf poetry install .

Building NuGet Packages

JFrog CLI provides full support for restoring NuGet packages using the NuGet client or the .NET Core CLI. This allows you to resolve NuGet dependencies from and publish your NuGet packages to Artifactory, while collecting build-info and storing it in Artifactory.

NuGet dependencies resolution is supported by the jf nuget command, which uses the NuGet client or the jf dotnet command, which uses the .NET Core CLI.

Setting NuGet repositories

Before using thenuget or dotnet commands, the project needs to be pre-configured with the Artifactory server and repository, to be used for building the project.

Before using the nuget or dotnet commands, the nuget-config or dotnet-config commands should be used respectively. These commands configure the project with the details of the Artifactory server and repository, to be used for the build. The nuget-config or dotnet-config commands should be executed while inside the root directory of the project. The configuration is stored by the command in the .jfrog directory at the root directory of the project. You then have the option of storing the .jfrog directory with the project sources, or creating this configuration after the sources are checked out.

The following table lists the commands' options:

Command-name

nuget-config / dotnet-config

Abbreviation

nugetc / dotnetc

Command options:

--global

[Optional] Set to true, if you'd like the configuration to be global (for all projects on the machine). Specific projects can override the global configuration.

--server-id-resolve

[Optional] Artifactory server ID for resolution. The server should configured using the 'jf c add' command.

--repo-resolve

[Optional] Repository for dependencies resolution.

--nuget-v2

[Default: false] Set to true if you'd like to use the NuGet V2 protocol when restoring packages from Artifactory (instead of NuGet V3).

Command arguments:

The command accepts no arguments

Running Nuget and Dotnet commands

The nuget command runs the NuGet client and the dotnet command runs the **.NET Core CLI.

Before running the nuget command on a project for the first time, the project should be configured using the nuget-config command.

Before running the dotnet command on a project for the first time, the project should be configured using the dotnet-config command.

Commands Params

The following table lists the commands arguments and options:

Command-name

nuget / dotnet

Abbreviation

Command options:

--build-name

--build-number

--project

[Optional] JFrog project key.

--module

[Optional] Optional module name for the build-info.

Command argument

The command accepts the same arguments and options as the NuGet client / .NET Core CLI.

Examples

Example 1

Run nuget restore for the solution at the current directory, while resolving the NuGet dependencies from the pre-configured Artifactory repository. Use the NuGet client for this command

jf nuget restore

Example 2

Run dotnet restore for the solution at the current directory, while resolving the NuGet dependencies from the pre-configured Artifactory repository. Use the .NET Core CLI for this command

jf dotnet restore

Example 3

Run dotnet restore for the solution at the current directory, while resolving the NuGet dependencies from the pre-configured Artifactory repository.

jf dotnet restore --build-name=my-build-name --build-number=1

Packaging and Publishing Terraform Modules

JFrog CLI supports packaging Terraform modules and publishing them to a Terraform repository in Artifactory using the jf terraform publish command.

Before using the jf terraform publish command for the first time, you first need to configure the Terraform repository for your Terraform project. To do this, follow these steps:

'cd' into the root directory for your Terraform project.
Run the interactive jf terraform-config command and set deployment repository name.

terraform-config

The jf terraform-config command will store the repository name inside the .jfrog directory located in the current directory. You can also add the --global command option, if you prefer the repository configuration applies to all projects on the machine. In that case, the configuration will be saved in JFrog CLI's home directory.

Commands Params

The following table lists the command options:

Command-name

terraform-config

Abbreviation

tfc

Command options:

--global

[Optional] Set to true, if you'd like the configuration to be global (for all projects on the machine). Specific projects can override the global configuration.

--server-id-deploy

[Optional] Artifactory server ID for deployment. The server should configured using the 'jf c add' command.

--repo-deploy

[Optional] Repository for artifacts deployment.

Command arguments:

The command accepts no arguments

Examples

Example 1

Configuring the Terraform repository for a project, while inside the root directory of the project

jf tfc

Example 2

Configuring the Terraform repository for all projects on the machine

jf tfc --global

terraform publish

The terraform publish command creates a terraform package for the module in the current directory, and publishes it to the configured Terraform repository in Artifactory.

Commands Params

The following table lists the commands arguments and options:

Command-name

terraform publish

Abbreviation

tf p

Command options:

--namespace

[Mandatory] Terraform module namespace

--provider

[Mandatory] Terraform module provider

--tag

[Mandatory] Terraform module tag

--exclusions

[Optional] A list of semicolon-separated(;) exclude patterns wildcards. Paths inside the module matching one of the patterns are excluded from the deployed package.

--build-name

--build-number

--project

Command argument

The command accepts no arguments

Examples

Example 1

jf tf p --namespace example --provider aws --tag v0.0.1

Example 2

The command creates a package for the Terraform module in the current directory, and publishes it to the Terraform repository (configured by the jf tfc command) with the provides namespace, provider and tag. The published package will not include the module paths which include either test or ignore .

jf tf p --namespace example --provider aws --tag v0.0.1 --exclusions "\*test\*;\*ignore\*"

Example 3

The command creates a package for the Terraform module in the current directory, and publishes it to the Terraform repository (configured by the jf tfc command) with the provides namespace, provider and tag. The published module will be recorded as an artifact of a build named my-build with build number 1. The jf rt bp command publishes the build to Artifactory.

jf tf p --namespace example --provider aws --tag v0.0.1 --build-name my-build --build-number 1
jf rt bp my-build 1

CLI for JFrog Distribution

Overview

Syntax

When used with JFrog Distribution, JFrog CLI uses the following syntax:

$ jf ds command-name global-options command-options arguments

Managing Access Keys

Commands

The following sections describe the commands available in the JFrog CLI for use with JFrog Distribution.

Creating or updating an unsigned Release Bundle

This commands creates and updates an unsigned Release Bundle on JFrog Distribution.

Note

Commands Params

Command-name

release-bundle-create / release-bundle-update

Abbreviation

rbc / rbu

Command options:

--server-id

[Optional] Artifactory Server ID configured using the 'jf config' command.

--spec

--spec-vars

[Optional] List of semicolon-separated(;) variables in the form of "key1=value1;key2=value2;..." to be replaced in the File Spec. In the File Spec, the variables should be used as follows: ${key1}.

--target-props

[Optional] The list of properties, in the form of key1=value1;key2=value2,..., to be added to the artifacts after distribution of the release bundle.

--target

--dry-run

[Default: false] Set to true to disable communication with JFrog Distribution.

--sign

[Default: false] If set to true, automatically signs the release bundle version.

--passphrase

[Optional] The passphrase for the signing key.

--desc

[Optional] Description of the release bundle.

--release-notes-path

[Optional] Path to a file describes the release notes for the release bundle version.

--release-notes-syntax

[Default: plain_text] The syntax for the release notes. Can be one of markdown, asciidoc, or plain_text.

--exclusions

[Optional] A list of semicolon-separated(;) exclude path patterns, to be excluded from the Release Bundle. Allows using wildcards.

--repo

[Optional] A repository name at source Artifactory to store release bundle artifacts in. If not provided, Artifactory will use the default one.

--insecure-tls

[Default: false] Set to true to skip TLS certificates verification.

--detailed-summary

[Default: false] Set to true to return the SHA256 value of the release bundle manifest.

Command arguments:

release bundle name

The name of the release bundle.

release bundle version

The release bundle version.

pattern

Specifies the source path in Artifactory, from which the artifacts should be bundled, in the following format: <repository name>/<repository path>. You can use wildcards to specify multiple artifacts. This argument should not be sent along with the --spec option.

Example 1

Create a release bundle with name myApp and version 1.0.0. The release bundle will include the files defined in the File Spec specified by the --spec option.

jf ds rbc --spec=/path/to/rb-spec.json myApp 1.0.0

Example 2

Create a release bundle with name myApp and version 1.0.0. The release bundle will include the files defined in the File Spec specified by the --spec option. GPG sign the release bundle after it is created.

jf ds rbc --spec=/path/to/rb-spec.json --sign myApp 1.0.0

Example 3

Update the release bundle with name myApp and version 1.0.0. The release bundle will include the files defined in the File Spec specified by the --spec option.

jf ds rbu --spec=/path/to/rb-spec.json myApp 1.0.0

Example 4

Update the release bundle with name myApp and version 1.0.0. The release bundle will include all the zip files inside the zip folder, located at the root of the my-local-repo repository.

jf ds rbu myApp 1.0.0 "my-local-repo/zips/*.zip"

Example 5

Update the release bundle with name myApp and version 1.0.0. The release bundle will include all the zip files inside the zip folder, located at the root of the my-local-repo repository. The files will be distributed on the Edge Node to the target-zips folder, under the root of the my-target-repo repository.

jf ds rbu myApp 1.0.0 "my-local-repo/zips/*.zip" --target my-target-repo/target-zips/

Example 6

jf ds rbc myApp 1.0.0 "my-local-repo/zips/(*).zip" --target "my-target-repo/target-zips/{1}-target.zip"

Example 7

This example creates a release bundle and applies "pathMapping" to the artifact paths after distributing the release bundle.

All occurrences of the "a1.in" file are fetched and mapped to the "froggy" repository at the edges.

Fetch all artifacts retrieved by the AQL query.
Create the release bundle with the artifacts and apply the path mappings at the edges after distribution.

The "pathMapping" option is provided, allowing users to control the destination of the release bundle artifacts at the edges.

Note: The "target" option is designed to work for most use cases. The "pathMapping" option is intended for specific use cases, such as including a list.manifest.json file inside the release bundle.

In that scenario, the distribution server dynamically includes all the manifest.json and their layers and assigns the given path mapping, whereas "target" doesn't achieve this.

jf ds rbc --spec=/path/to/rb-spec.json myApp 1.0.0

Spec file content:

{
  "files": [
    {
      "aql": {
        "items.find": {
          "repo": "my-local-repo",
          "$and": [
            {
              "name": {
                "$match": "a1.in"
              }
            },
            {
              "$or": [
                {
                  "path": {
                    "$match": "."
                  }
                },
                {
                  "path": {
                    "$match": "*"
                  }
                }
              ]
            }
          ]
        }
      },
      "pathMapping": {
        "input": "my-local-repo/(.*)",
        "output": "froggy/$1"
      }
    }
  ]
}

Signing an Existing Release Bundle

This command GPG signs an existing Release Bundle on JFrog Distribution.

Note

Commands Params

Command-name

release-bundle-sign

Abbreviation

rbs

Command options:

--server-id

[Optional] Artifactory Server ID configured using the 'jf config' command.

--passphrase

[Optional] The passphrase for the signing key.

--repo

[Optional] A repository name at source Artifactory to store release bundle artifacts in. If not provided, Artifactory will use the default one.

--insecure-tls

[Default: false] Set to true to skip TLS certificates verification.

--detailed-summary

[Default: false] Set to true to return the SHA256 value of the release bundle manifest.

Command arguments:

release bundle name

The name of the release bundle.

release bundle version

The release bundle version.

Example

GPG sign the release bundle with name myApp and version 1.0.0.

jf ds rbs --passphrase="&lt;passphrase&gt;" myApp 1.0.0

Distributing a Release Bundle

This command distributes a release bundle to the Edge Nodes.

Note

Commands Params

Command-name

release-bundle-distribute

Abbreviation

rbd

Command options:

--server-id

[Optional] Artifactory Server ID configured using the 'jf config' command.

--sync

[Default: false] Set to true to enable sync distribution (the command execution will end when the distribution process ends).

--max-wait-minutes

[Default: 60] Max minutes to wait for sync distribution.

--create-repo

[Default: false] Set to true to create the repository on the edge if it does not exist.

--dry-run

[Default: false] Set to true to disable communication with JFrog Distribution.

--dist-rules

[Optional] Path to a file, which includes the Distribution Rules in a JSON format. Distribution Rules JSON structure { "distribution_rules": [ { "site_name": "DC-1", "city_name": "New-York", "country_codes": ["1"] }, { "site_name": "DC-2", "city_name": "Tel-Aviv", "country_codes": ["972"] } ] } The Distribution Rules format also supports wildcards. For example: { "distribution_rules": [ { "site_name": "", "city_name": "", "country_codes": ["*"] } ] }

--site

[Default: *] Wildcard filter for site name.

--city

[Default: *] Wildcard filter for site city name.

--country-codes

[Default: *] semicolon-separated(;) list of wildcard filters for site country codes.

--insecure-tls

[Default: false] Set to true to skip TLS certificates verification.

Command arguments:

release bundle name

The name of the release bundle.

release bundle version

The release bundle version.

Example 1

Distribute the release bundle with name myApp and version 1.0.0. Use the distribution rules defined in the specified file.

jf ds rbd --dist-rules=/path/to/dist-rules.json myApp 1.0.0

Deleting a Release Bundle

This command deletes a Release Bundle from the Edge Nodes and optionally from Distribution as well.

Note

Commands Params

Command-name

release-bundle-delete

Abbreviation

rbdel

Command options:

--server-id

[Optional] Artifactory Server ID configured using the 'jf config' command.

--sync

[Default: false] Set to true to enable sync deletion (the command execution will end when the deletion process ends).

--max-wait-minutes

[Default: 60] Max minutes to wait for sync deletion.

--dry-run

[Default: false] Set to true to disable communication with JFrog Distribution.

--dist-rules

[Optional] Path to a file, which includes the distribution rules in a JSON format.

--site

[Default: *] Wildcard filter for site name.

--city

[Default: *] Wildcard filter for site city name.

--country-codes

[Default: *] semicolon-separated(;) list of wildcard filters for site country codes.

--delete-from-dist

[Default: false] Set to true to delete release bundle version in JFrog Distribution itself after deletion is complete in the specified Edge nodes.

--quiet

[Default: false] Set to true to skip the delete confirmation message.

--insecure-tls

[Default: false] Set to true to skip TLS certificates verification.

Command arguments:

release bundle name

The name of the release bundle.

release bundle version

The release bundle version.

Example 1

Delete the release bundle with name myApp and version 1.0.0 from the Edge Nodes only, according to the definition in the distribution rules file.

jf ds rbdel --dist-rules=/path/to/dist-rules.json myApp 1.0.0

Example 2

Delete the release bundle with name myApp and version 1.0.0 from the Edge Nodes, according to the definition in the distribution rules file. The release bundle will also be deleted from the Distribution service itself.

jf ds rbdel --delete-from-dist --dist-rules=/path/to/dist-rules.json myApp 1.0.0

CLI for JFrog Cloud Transfer

Transfer Artifactory Configuration and Files from Self-Hosted to JFrog Cloud

General

JFrog provides you the ability to migrate from a self-hosted JFrog Platform installation to JFrog Cloud so that you can seamlessly transition into JFrog Cloud. You can use the JFrog CLI to transfer the Artifactory configuration settings and binaries to JFrog Cloud.

JFrog Cloud provides the same cutting-edge functionalities of a self-hosted JFrog Platform Deployment (JPD), without the overhead of managing the databases and systems. If you are an existing JFrog self-hosted customer, you might want to move to JFrog Cloud to ease operations. JFrog provides a solution that allows you to replicate your self-hosted JPD to a JFrog Cloud JPD painlessly.

The Artifactory Transfer solution currently transfers the config and data of JFrog Artifactory only. Other products such as JFrog Xray, and Distribution are currently not supported by this solution.

In this page, we refer to the source self-hosted instance as the source instance, and the target JFrog Cloud instance as the target instance.

Noteworthy Details

Artifactory Version Support: The Artifactory Transfer solution is supported for any version of Artifactory 7.x and Artifactory version 6.23.21 and above. If your current Artifactory version is not of compatible version, please consider upgrading the Artifactory instance.
Supported OS Platforms: The transfer tool can help transfer the files and configuration from operating systems of all types, including Windows and Container environments.

Limitations

The following limitations need to be kept in mind before you start the migration process

The Archive Search Enabled feature is not supported on JFrog Cloud.
Artifactory System Properties are not transferred and JFrog Cloud defaults are applied after the transfer.
User plugins are not supported on JFrog Cloud.
Artifact Cold Storage is not supported in JFrog Cloud.
Artifacts in remote repositories caches are not transferred.
Federated repositories are transferred without their federation members. After the transfer, you'll need to reconfigure the federation as described in the Federated Repositories documentation. Federated Repositories
Docker repositories with names that include dots or underscores aren't allowed in JFrog Cloud.
Artifact properties with a value longer than 2.4K characters are not supported in JFrog Cloud. Such properties are generally seen in Conan artifacts. The artifacts will be transferred without the properties in this case. A report with these artifacts will become available to you at the end of the transfer.
The files transfer process allows transferring files that were created or modified on the source instance after the process started. However:
- Files that were deleted on the source instance after the process started, are not deleted on the target instance by the process.
- The custom properties of those files are also updated on the target instance. However, if only the custom properties of those files were modified on the source, but not the files' content, the properties are not modified on the target instance by the process.
When transferring files in build-info repositories, JFrog CLI limits the total of working threads to 8. This is done to limit the load on the target instance while transferring build-info.

Transfer phases

The transfer process includes two phases, that you must perform in the following order:

Configuration Transfer: Transfers the configuration entities like users, permissions, and repositories from the source instance to the target instance.
File Transfer: Transfers the files (binaries) stored in the source instance repositories to the target instance repositories.

Note

Files that are cached by remote repositories aren't transferred.
The content of Artifactory's Trash Can isn't transferred.

You can do both steps while the source instance is in use. No downtime on the source instance is required while the transfer is in progress.

Before you begin

Ensure that you can log in to the UI of both the source and target instances with users that have admin permissions.
Ensure that the target instance license does not support fewer features than the source instance license.
Ensure that all the remote repositories on the source Artifactory instance have network access to their destination URL once they are created in the target instance. Even if one remote or federated repository does not have access, the configuration transfer operation will be cancelled. You do have the option of excluding specific repositories from being transferred.
Ensure that all the replications configured on the source Artifactory instance have network access to their destination URL once they are created in the target instance.
Ensure that you can log in to the primary node of your source instance through a terminal.

Running the transfer process

Perform the following steps to transfer configuration and artifacts from the source to the target instance. You must run the steps in the exact sequence and do not run any of the commands in parallel.

Step 1: Enabling configuration transfer on the target instance

Warning

Enabling configuration transfer will trigger a shutdown of JFrog Xray, Distribution, Insights and Pipelines in the cloud and these services will therefore become unavailable. Once you disable the configuration transfer later on in the process, these services will be started up again.
Enabling configuration transfer will scale down JFrog Artifactory, which will reduce its available resources. Once you disable the configuration transfer later on in the process, Artifactory will be scaled up again.

Follow the below steps to enable the configuration transfer.

Click on Settings.
If you have an Enterprise+ subscription with more than one Artifactory instance, select the target instance from the drop-down menu.
The configuration transfer is now enabled, and you can continue with the transfer process.

Step 2: Set up the source instance for pushing files to the target instance

To set up the source instance, you must install the data-transfer user plugin in the primary node of the source instance. This section guides you through the installation steps.

Configure the connection details of the source Artifactory instance with your admin credentials by running the following command from the terminal.
```
jf c add source-server
```
Ensure that the JFROG_HOME environment variable is set and holds the value of the JFrog installation directory. It usually points to the /opt/jfrog directory. In case the variable isn't set, set its value to point to the correct directory as described in the JFrog Product Directory Structure article.System Directories

If the source instance has internet access, follow this single step:

Download and install the data-transfer user plugin by running the following command from the terminal

jf rt transfer-plugin-install source-server

If the source instance has no internet access, follow these steps instead.

Create a new directory on the primary node machine of the source instance and place the two files you downloaded inside this directory.
Install the data-transfer user plugin by running the following command from the terminal. Replace the <plugin files dir> token with the full path to the directory which includes the plugin files you downloaded.

jf rt transfer-plugin-install source-server --dir "<plugin files dir>"

If the above is not an option, you may also load the transfer plugin manually into the on-premise plugins directory to continue with the transfer process.

Step-1: Download the dataTransfer JAR file from here (https://releases.jfrog.io/artifactory/jfrog-releases/data-transfer/[RELEASE]/lib/data-transfer.jar) and add it under $JFROG_HOME/artifactory/var/etc/artifactory/plugins/lib/. If the "lib" directory is not present, create one.

Step-2: Download the dataTransfer.groovy file from here (https://releases.jfrog.io/artifactory/jfrog-releases/data-transfer/[RELEASE]/dataTransfer.groovy) and add it under $JFROG_HOME/artifactory/var/etc/artifactory/plugins/.

Step-3: Reload the plugin using the following command. curl -u admin -X POST http://localhost:8082/artifactory/api/plugins/reload

If the plugin is loaded successfully, source instance is all set to proceed with the configuration transfer.

Step 3: Transfer configuration from the source instance to the target instance

Warning

The following process will wipe out the entire configuration of the target instance, and replace it with the configuration of the source instance. This includes repositories and users.

Configure the connection details of the source Artifactory instance with your admin credentials by running the following command from the terminal.
```
jf c add source-server
```
Configure the connection details of the target Artifactory server with your admin credentials by running the following command from the terminal.
```
jf c add target-server
```
Run the following command to verify that the target URLs of all the remote repositories are accessible from the target.
```
jf rt transfer-config source-server target-server --prechecks
```

If the command output shows that a target URL isn't accessible for any of the repositories, you'll need to make the URL accessible before proceeding to transfer the config. You can then rerun the command to ensure that the URLs are accessible.

If the command execution fails with an error indicating that the configuration import failed against the target server due to some existing data, before using the --force flag to override it, consider reviewing the configuration present in the cloud instance to ensure if it's safe to override. If you would like to preserve the existing configuration in cloud instance whilst transferring the additional data from on-premise, refer to the link here (https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/cli-for-jfrog-cloud-transfer#transferring-projects-and-repositories-from-multiple-source-instances). This section describes a merge task instead of transfer, to sync the data between the instances.

NOTE: Users will not be transferred while executing merge. Only Repositories and Projects will be merged with the cloud instance.

Note

The following process will wipe out the entire configuration of the target instance, and replace it with the configuration of the source instance. This includes repositories and users.

Transfer the configuration from the source to the target by running the following command.
```
jf rt transfer-config source-server target-server
```

This command might take up to two minutes to run.

Note

By default, the command will not transfer the configuration if it finds that the target instance isn't empty. This can happen for example if you ran the transfer-config command before. If you'd like to force the command run anyway, and overwrite the existing configuration on the target, run the command with the --force option.
In case you do not wish to transfer all repositories, you can use the --include-repos and --exclude-repos command options. Run the following command to see the usage of these options. jf rt transfer-config -h

Troubleshooting

Did you encounter the following error when running the command?

Error: Creating temp export directory: /export/jfrog-cli/tmp/jfrog.cli.temp.-1728658888-1442707797/20241011.110128.tmp
500 : Failed to create backup dir: /export/jfrog-cli/tmp/jfrog.cli.temp.-1728658888-1442707797/20241011.110128.tmp

This error commonly occurs on Red Hat Enterprise Linux (RHEL) and CentOS platforms. The issue arises because the CLI process expects the temporary directory (/tmp) to be owned by the artifactory user, even when the process is run by root. To resolve this issue, follow these steps:

Create a new directory named tmp in your home directory:

mkdir ~/tmp

Assign ownership of the new tmp directory to the artifactory user and group:

sudo chown -R artifactory:artifactory ~/tmp

Inform JFrog CLI to use the new temporary directory by setting the JFROG_CLI_TEMP_DIR environment variable:

export JFROG_CLI_TEMP_DIR=~/tmp

Execute the transfer-config command again

View the command output in the terminal to verify that there are no errors. The command output is divided into the following four phases:

========== Phase 1/4 - Preparations ==========
========== Phase 2/4 - Export configuration from the source Artifactory ==========
========== Phase 3/4 - Download and modify configuration ==========
========== Phase 4/4 - Import configuration to the target Artifactory ==========

The target instance should now be accessible with the admin credentials of the source instance. Log into the target instance UI. The target instance must have the same repositories as the source.

Step 4: Disabling configuration transfer on the target instance

Once the configuration transfer is successful, you need to disable the configuration transfer on the target instance. This is important both for security reasons and the target server is set to be low on resources while configuration transfer is enabled.

Under the Actions menu, choose Enable Configuration Transfer.
Toggle Enable Configuration Transfer to off to disable configuration transfer.

Disabling the configuration transfer might take some time.

Step 5: Push the files from the source to the target instance

Running pre-checks before initiating the file transfer process

Before initiating the file transfer process, we highly recommend running pre-checks, to identify issues that can affect the transfer. You trigger the pre-checks by running a JFrog CLI command on your terminal. The pre-checks will verify the following:

There's network connectivity between the source and target instances.
The source instance does not include artifacts with properties with values longer than 2.4K characters. This is important, because values longer than 2.4K characters are not supported in JFrog Cloud, and those properties are skipped during the transfer process.

To run the pre-checks, follow these steps:

Run the following command:

jf rt transfer-files source-server target-server --prechecks

Initiating File Transfer: Run the following command to start pushing the files from all the repositories in the source instance to the target instance.

```sh
jf rt transfer-files source-server target-server
```

If you're running the command in the background, you use the following command to view the transfer progress.

jf rt transfer-files --status

Note

In case you do not wish to transfer the files from all repositories, or wish to run the transfer in phases, you can use the --include-repos and --exclude-repos command options. Run the following command to see the usage of these options.

jf rt transfer-files -h

You can stop the transfer process by hitting on CTRL+C if the process is running in the foreground, or by running the following command if you're running the process in the background.

jf rt transfer-files --stop

The process will continue from the point it stopped when you re-run the command.

A path to an errors summary file will be printed at the end of the run, referring to a generated CSV file. Each line on the summary CSV represents an error log of a file that failed to be transferred. On subsequent executions of the jf rt transfer-filescommand, JFrog CLI will attempt to transfer these files again.
Once thejf rt transfer-filescommand finishes transferring the files, you can run it again to transfer files that were created or modified during the transfer. You can run the command as many times as needed. Subsequent executions of the command will also attempt to transfer files that failed to be transferred during previous executions of the command.

Note

Step 6: Sync the configuration between the source and the target

You have the option to sync the configuration between the source and target after the file transfer process is complete. You may want to so this if new config entities, such as projects, repositories, or users were created or modified on the source, while the files transfer process has been running. To do this, simply repeat steps 1-3 above.

Running the transfer process - Exceptional cases

Transferring files larger than 25GB: By default, files that are larger than 25 GB will be blocked by the JFrog Cloud infrastructure during the file transfer. To check whether your source Artifactory instance hosts files larger than that size, do the following. Run the following curl command from your terminal, after replacing the <source instance URL>, <username> and <password> tokens with your source instance details. The command execution may take a few minutes, depending on the number of files hosted by Artifactory.
```
curl -X POST <source instance URL>/artifactory/api/search/aql -H "Content-Type: text/plain" -d 'items.find({"name" : {"$match":"*"}}).include("size","name","repo").sort({"$desc" : ["size"]}).limit(1)' -u "<USERNAME>:<PASSWORD>"
```
You should get a result that looks like the following.
```
 {
   "results":[
       {
         "size":132359021
       }
   ],
   "range":{
       "start_pos":0,
       "end_pos":1,
       "total":1,
       "limit":1
   }
 }
```
The value of size represents the largest file size hosted by your source Artifactory instance.
Routing the traffic from the source to the target through an HTTPS proxy: The jf rt transfer-files command pushes the files directly from the source to the target instance over the network. In case the traffic from the source instance needs to be routed through an HTTPS proxy, follow these steps.
a. Define the proxy details in the source instance UI as described in the Managing ProxiesManaging Proxies documentation. b. When running the jf rt transfer-files command, add the --proxy-key option to the command, with Proxy Key you configured in the UI as the option value. For example, if the Proxy Key you configured is my-proxy-key, run the command as follows:

jf rt transfer-files my-source my-target --proxy-key my-proxy-key

Transferring projects and repositories from multiple source instances

The jf rt transfer-config command transfers all the config entities (users, groups, projects, repositories, and more) from the source to the target instance. While doing so, the existing configuration on the target is deleted and replaced with the new configuration from the source. If you'd like to transfer the projects and repositories from multiple source instances to a single target instance, while preserving the existing configuration on the target, follow the below steps.

Note

These steps trigger the transfer of the projects and repositories only. Other configuration entities like users are currently not supported.

Ensure that you have admin access tokens for both the source and target instances. You'll have to use an admin access token and not an Admin username and password.
Run the following command to merge all the projects and repositories from the source to the target instance.

jf rt transfer-config-merge source-server target-server

Note

In case you do not wish to transfer the files from all projects or the repositories, or wish to run the transfer in phases, you can use the --include-projects, --exclude-projects, --include-repos and --exclude-repos command options. Run the following command to see the usage of these options.

jf rt transfer-config-merge -h

How does file transfer work?

Files transfer phases

The jf rt transfer-files command pushes the files from the source instance to the target instance as follows:

The files are pushed for each repository, one by one in sequence.
For each repository, the process includes the following three phases:
Phase 1 pushes all the files in the repository to the target.
Phase 2 pushes files that have been created or modified after phase 1 started running (diffs).
Phase 3 attempts to push files that failed to be transferred in earlier phases (Phase 1 or Phase 2) or in previous executions of the command.
If Phase 1 finished running for a specific repository, and you run the jf rt transfer-files command again, only Phase 2 and Phase 3 will be triggered. You can run the jf rt transfer-files as many times as needed, till you are ready to move your traffic to the target instance permanently. In any subsequent run of the command, Phase 2 will transfer the newly created and modified files, and Phase 3 will retry transferring files that failed to be transferred in previous phases and also in previous runs of the command.

To achieve this, JFrog CLI stores the current state of the file transfer process in a directory named transfer under the JFrog CLI home directory. You can usually find this directory at this location ~/.jfrog/transfer.

JFrog CLI uses the state stored in this directory to avoid repeating transfer actions performed in previous executions of the command. For example, once Phase 1 is completed for a specific repository, subsequent executions of the command will skip Phase 1 and run Phase 2 and Phase 3 only.

In case you'd like to ignore the stored state, and restart the file transfer from scratch, you can add the --ignore-state option to the jf rt transfer-files command.

Installing JFrog CLI on a machine with network access to the source and target machines

Unlike the transfer-config command, which should be run from the primary node machines of Artifactory, it is recommended to run the transfer-files command from a machine that has network access to the source Artifactory URL. This allows the spreading the transfer load on all the Artifactory cluster nodes. This machine should also have network access to the target Artifactory URL.

Follow these steps to install JFrog CLI on that machine.

curl -fL https://install-cli.jfrog.io | sh

Configure the connection details of the source Artifactory instance with your admin credentials. Run the following command and follow the instructions.

jf c add source-server

Configure the connection details of the target Artifactory instance.

jf c add target-server

Installing JFrog CLI on the source instance machine

curl -fL https://install-cli.jfrog.io | sh

Note

If the source instance is running as a docker container, and you're not able to install JFrog CLI while inside the container, follow these steps.

Connect to the host machine through the terminal.
Download the JFrog CLI executable into the correct directory by running this command.

curl -fL https://getcli.jfrog.io/v2-jf | sh

Copy the JFrog CLI executable you've just downloaded to the container, by running the following docker command. Make sure to replace<the container name>it with the name of the container.

docker cp jf <the container name>:/usr/bin/jf

Connect to the container and run the following command to ensure JFrog CLI is installed

jf -v

Controlling the file transfer speed

The jf rt transfer-files command pushes the binaries from the source instance to the target instance. This transfer can take days, depending on the size of the total data transferred, the network bandwidth between the source and the target instance, and additional factors.

Since the process is expected to run while the source instance is still being used, monitor the instance to ensure that the transfer does not add too much load to it. Also, you might decide to increase the load for faster transfer while you monitor the transfer. This section describes how to control the file transfer speed.

By default, the jf rt transfer-files command uses 8 working threads to push files from the source instance to the target instance. Reducing this value will cause slower transfer speed and lower load on the source instance, and increasing it will do the opposite. We therefore recommend increasing it gradually. This value can be changed while the jf rt transfer-files command is running. There's no need to stop the process to change the total of working threads. The new value set will be cached by JFrog CLI and also used for subsequent runs from the same machine. To set the value, simply run the following interactive command from a new terminal window on the same machine that runs the jf rt transfer-files command.

jf rt transfer-settings

Manually copying the filestore to reduce the transfer time

When your self-hosted Artifactory hosts hundreds of terabytes of binaries, you may consult with your JFrog account manager about the option of reducing the file transfer time by manually copying the entire filestore to the JFrog Cloud storage. This reduces the transfer time because the binaries' content does not need to be transferred over the network.

The jf rt transfer-files command transfers the metadata of the binaries to the database (file paths, file names, properties, and statistics). The command also transfers the binaries that have been created and modified after you copy the filestore.

To run the file transfer after you copy the filestore, add the --filestore command option to the jf rt transfer-files command.

Using Replication

To help reduce the time it takes for Phase 2 to run, you may configure Event-Based Push Replication for some or all of the local repositories on the source instance. With Replication configured, when files are created or updated on the source repository, they are immediately replicated to the corresponding repository on the target instance. Repository Replication

The replication can be configured at any time. Before, during, or after the file transfer process.

Frequently asked questions

Why is the total file count on my source and target instances different after the files transfer finishes?

It is expected to see sometimes significant differences between the files count on the source and target instances after the transfer ends. These differences can be caused by many reasons, and in most cases are not an indication of an issue. For example, Artifactory may include file cleanup policies that are triggered by the file deployment. This can cause some files to be cleaned up from the target repository after they are transferred.

How can I validate that all files were transferred from the source to the target instance?

There's actually no need to validate that all files were transferred at the end of the transfer process. JFrog CLI performs this validation for you while the process is running. It does that as follows.

JFrog CLI traverses the repositories on the source instance and pushes all files to the target instance.
If a file fails to reach the target instance or isn't deployed there successfully, the source instance logs this error with the file details.
At the end of the transfer process, JFrog CLI provides you with a summary of all files that failed to be pushed.
The failures are also logged inside the transfer directory under the JFrog CLI home directory. This directory is usually located at ~/.jfrog/transfer. Subsequent runs of the jf rt transfer-files command use this information for attempting another transfer of the files.

Does JFrog CLI validate the integrity of files, after they are transferred to the target instance?

Yes. The source Artifactory instance stores a checksum for every file it hosts. When files are transferred to the target instance, they are transferred with the checksums as HTTP headers. The target instance calculates the checksum for each file it receives and then compares it to the received checksum. If the checksums don't match, the target reports this to the source, which will attempt to transfer the file again at a later stage of the process.

Can I stop the jf rt transfer-files command and then start it again? Would that cause any issues?

You can stop the command at any time by hitting CTRL+C and then run it again. JFrog CLI stores the state of the transfer process in the "transfer" directory under the JFrog CLI home directory. This directory is usually located at ~/.jfrog/transfer. Subsequent executions of the command use the data stored in that directory to try and avoid transferring files that have already been transferred in previous command executions.

JFrog Applications

JFrog Applications

Welcome to the JFrog Applications Doc Hub

Shift Left with JFrog Security

JFrog Applications

JFrog CLI

System Requirements

Contributing to JFrog CLI Documentation

Download and Install

JFrog CLI v2

Overview

List of changes in JFrog CLI v2

Installation

JFrog CLI v2 "jf" installers

Debian

RPM

Homebrew

Install with cUrl

Download with cUrl

NPM

Docker

Powershell

Chocolatey

JFrog CLI v2 "jfrog" installers

Debian

RPM

Homebrew

Download with Curl

NPM

Docker

Chocolatey

JFrog CLI v1 (legacy) installers

Debian

RPM

Download with cUrl

NPM

Docker

Go

Authentication

Authenticating with Username and Password

Authenticating with an Access Token

Shell Auto Completion

Install JFrog CLI with Homebrew?

Using Oh My Zsh?

Other Installation Methods

Usage

Configurations

JFrog Platform Configuration

Web Login to the JFrog Platform

Creating Access Tokens

Commands Params

Examples

Example 1

Example 2

Adding and Editing Configured Servers

Removing Configured Servers

Showing the Configured Servers

Setting a Server as Default

Exporting and Importing Configuration

Export

Import

Sensitive Data Encryption

File-Based Encryption

Environment Variable-Based Encryption

Proxy Support

CLI AI Assistant

Overview

How to Use the JFrog CLI AI Command Assistant

1. Open your terminal

2. Supported Version Validation

3. Enter the command

4. Provide your request

5. Receive the generated command

6. Execute or modify

FAQ

AI Assistant Addendum

1. APPLICATION OF THIS ADDENDUM.

2. LICENSE TO SERVICE.

3. TERM; TERMINATION.

4. AI ASSISTANT CONTENT.