JFrog Reference Access Token
Service Name: JFrog Artifactory
Service Description: JFrog Artifactory is a universal repository manager that supports all major packaging formats, build tools, and CI/CD servers. It provides secure, private, local repositories, proxies for remote resources, and virtual repositories that combine both.
Service Address: https://jfrog.com/artifactory/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to JFrog Artifactory resources based on the permissions assigned to the token. Can be used to access repositories, builds, and other Artifactory resources.
Secret Revokement URL: https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
Secret Example: cmVmdGtuX2FiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU2Nzg5MGFiY2RlZmdoaWprbG1ub3A=
Suspicious Activity Investigation Instructions:
- Check JFrog Artifactory audit logs for unusual download or upload activities
- Review access patterns for unusual IP addresses or times
- Check for unauthorized repository creation or modification
- Monitor for excessive downloads that could indicate data exfiltration
- Review user permission changes associated with the token
Mitigation Instructions:
- Log in to your JFrog Artifactory instance
- Navigate to the Administration section
- Select "Security" and then "Access Tokens"
- Locate the compromised token and click "Revoke"
- Create a new token with appropriate permissions if needed
- Review and update access control policies
- Consider implementing IP restrictions for token usage