JFrog URL
Service Name: JFrog Artifactory
Service Description: JFrog Artifactory is a universal repository manager that supports all major packaging formats, build tools, and CI servers. It serves as a single source of truth for all your binary artifacts.
Service Address: https://jfrog.com/artifactory/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to the JFrog Artifactory instance, which may contain repositories, builds, and artifacts.
Secret Revokement URL: Does not exist
Secret Example: company-name.jfrog.io
Suspicious Activity Investigation Instructions:
- Check access logs in the JFrog Artifactory admin console for unusual download patterns
- Review artifact deployment history for unauthorized uploads
- Check for creation of new repositories or changes to existing repository permissions
- Monitor for unusual API calls or authentication attempts
- Examine user activity logs for suspicious behavior
Mitigation Instructions:
- Rotate any associated API keys or tokens that might be used with this URL
- Review and update access permissions for all users and integrations
- Enable IP restrictions if available in your JFrog plan
- Consider implementing webhook notifications for critical operations
- Update any CI/CD pipelines that might be using the exposed URL with new credentials