Skip to content

Artifactory JFrog Token

Service Name: JFrog Artifactory

Service Description: JFrog Artifactory is a universal repository manager that supports all major packaging formats, build tools, and CI/CD servers. It serves as a single source of truth for all packages, container images, and Helm charts.

Service Address: https://jfrog.com/artifactory/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to JFrog Artifactory repositories, allowing users to publish, download, and manage artifacts.

Secret Revokement URL: https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens

Secret Example: AKCp5fU4FaDXNoP2hMJZpNgULwABcYiosDvhFmCMHBHRXQZTGYhiYXzBzPEwNfibKqALK7x

Suspicious Activity Investigation Instructions:

  • Check the JFrog Artifactory audit logs for unusual download or upload patterns
  • Review access logs for unauthorized IP addresses accessing repositories
  • Check for unusual repository creation or permission changes
  • Monitor for mass downloads or uploads that could indicate data exfiltration
  • Review user activity logs for actions performed with the token

Mitigation Instructions:

  • Log in to your JFrog Artifactory instance
  • Navigate to Administration → Security → Access Tokens
  • Locate the compromised token and click "Revoke"
  • Create a new token with appropriate permissions if needed
  • Update any CI/CD pipelines or applications using the old token
  • Consider implementing token expiration policies
  • Review and adjust token permissions to follow the Principle of Least Privilege