Artifactory JFrog Token
Service Name: JFrog Artifactory
Service Description: JFrog Artifactory is a universal repository manager that supports all major packaging formats, build tools, and CI/CD servers. It serves as a single source of truth for all packages, container images, and Helm charts.
Service Address: https://jfrog.com/artifactory/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to JFrog Artifactory repositories, allowing users to publish, download, and manage artifacts.
Secret Revokement URL: https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
Secret Example: AKCp5fU4FaDXNoP2hMJZpNgULwABcYiosDvhFmCMHBHRXQZTGYhiYXzBzPEwNfibKqALK7x
Suspicious Activity Investigation Instructions:
- Check the JFrog Artifactory audit logs for unusual download or upload patterns
- Review access logs for unauthorized IP addresses accessing repositories
- Check for unusual repository creation or permission changes
- Monitor for mass downloads or uploads that could indicate data exfiltration
- Review user activity logs for actions performed with the token
Mitigation Instructions:
- Log in to your JFrog Artifactory instance
- Navigate to Administration → Security → Access Tokens
- Locate the compromised token and click "Revoke"
- Create a new token with appropriate permissions if needed
- Update any CI/CD pipelines or applications using the old token
- Consider implementing token expiration policies
- Review and adjust token permissions to follow the Principle of Least Privilege