Skip to content

JFrog URL

Service Name: JFrog Artifactory

Service Description: JFrog Artifactory is a universal repository manager that supports all major packaging formats, build tools, and CI servers. It serves as a single source of truth for all your binary artifacts.

Service Address: https://jfrog.com/artifactory/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to the JFrog Artifactory instance, which may contain repositories, builds, and artifacts.

Secret Revokement URL: Does not exist

Secret Example: company-name.jfrog.io

Suspicious Activity Investigation Instructions:

  • Check access logs in the JFrog Artifactory admin console for unusual download patterns
  • Review artifact deployment history for unauthorized uploads
  • Check for creation of new repositories or changes to existing repository permissions
  • Monitor for unusual API calls or authentication attempts
  • Examine user activity logs for suspicious behavior

Mitigation Instructions:

  • Rotate any associated API keys or tokens that might be used with this URL
  • Review and update access permissions for all users and integrations
  • Enable IP restrictions if available in your JFrog plan
  • Consider implementing webhook notifications for critical operations
  • Update any CI/CD pipelines that might be using the exposed URL with new credentials