Credential-Zugriff
Reads JFrog tokens, server config, and repository credentials.
brew
Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für jfrog-cli in AI-Agent-Workflows.
Agent-Sicherheit
jfrog-cli manages Artifactory, packages, builds, and release artifacts.
Reads JFrog tokens, server config, and repository credentials.
Can upload, delete, promote, and configure artifacts or repositories.
Can publish build artifacts and release bundles.
Gate upload, delete, promote, config, and token commands.
Allow searches; require approval for artifact writes, deletes, and promotion.
Installation
brew install jfrog-clilocal Homebrew formula metadata
sudo apk add jfrog-cliAlpine Linux edge package indexes · jfrog-cli · Quelle: dl-cdn.alpinelinux.org
sudo dnf install jfrog-cliFedora Rawhide package metadata · jfrog-cli · Quelle: dl.fedoraproject.org
nix profile install nixpkgs#jfrog-clinixpkgs package indexes · pkgs/by-name/jf/jfrog-cli/package.nix · Quelle: api.github.com
sudo zypper install jfrog-cliopenSUSE Tumbleweed package metadata · jfrog-cli · Quelle: download.opensuse.org
choco install jfrog-cliChocolatey community package catalog · jfrog-cli · Quelle: community.chocolatey.org
winget install --id JFrog.Cli -eWindows Package Manager source index · JFrog.Cli · Quelle: cdn.winget.microsoft.com
scoop install main/jfrogScoop official bucket manifest trees · bucket/jfrog.json · Quelle: api.github.com
Überblick
Command-line interface for JFrog products
Verlauf
JFrog CLI is the command-line client for automating JFrog platform workflows. Its role is to turn Artifactory, Xray, Distribution, Access, build-info, and package-manager operations into scriptable commands for CI systems and release pipelines.
The public jfrog/jfrog-cli repository was created in 2015, and the first GitHub release series appeared in 2016. The README describes the tool as a compact client for automating JFrog product access through REST APIs, with early emphasis on reliable artifact upload and download, checksum optimization, dry runs, and wildcard or regular-expression based file selection.
The release stream expanded from Artifactory-centered artifact operations into wider software-supply-chain work. The 2021 v2 line added and reorganized Xray scanning and audit commands, while later releases continued to add package ecosystem integrations, build-info handling, plugin support, and container-related workflows.
JFrog CLI became a natural package-manager target because it is a single executable used by build agents and developer laptops. Homebrew, Chocolatey, Scoop, winget, Linux distro packages, and JFrog's own install paths make it easy to pin in automation without embedding product-specific REST calls in every script.
Its adoption follows JFrog Artifactory's role as an artifact repository in CI/CD. Teams using Maven, Gradle, npm, Docker, NuGet, Python, and Go package flows can use one CLI surface to publish artifacts, collect build metadata, promote builds, and run security or compliance scans.
Typical use centers on configuring a JFrog server, uploading and downloading artifacts, resolving dependencies, publishing build-info, scanning builds or packages with Xray, and promoting or distributing release artifacts. The `jf` executable is the shorter command name used alongside the older `jfrog` command.
The package is especially common in CI jobs because it can replace hand-written REST calls with commands that understand checksums, retries, build metadata, and package-manager conventions.
For package people, JFrog CLI is interesting because it sits at the boundary between language package managers and an enterprise artifact repository. It packages a large amount of repository-specific behavior into a portable CLI that can be installed by the same package managers it automates.
It also shows how artifact-management CLIs evolved from simple upload/download helpers into supply-chain tools that collect provenance, drive scans, and coordinate release promotion.
Sicherheitslage
narrow executable package without higher-risk signals.
grün Risiko · niedrig Konfidenz · appliance
Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.jfrog/jfrog-cli.conf.v6Credential-bearing paths to review before unattended agent runs.
~/.jfrog/jfrog-cli.conf.v6Executables
| Befehl | Art | Sichtbarkeit | Hinweis |
|---|---|---|---|
jf | cli | globales Executable | |
jfrog | cli | globales Executable |
Aktualität
Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.
https://github.com/jfrog/jfrog-cli
Installationsmetadaten
| Paketschlüssel | brew:jfrog-cli |
|---|---|
| Version | 2.113.0 |
| Paketmanager | Homebrew |
| Paketmanager-Seite | https://formulae.brew.sh/formula/jfrog-cli |
| Homepage | https://docs.jfrog.com/integrations/docs/jfrog-cli |
| Repository | https://github.com/jfrog/jfrog-cli |
| Upstream-Dokumentation | https://docs.jfrog.com/integrations/docs/jfrog-cli |
| Lizenz | Apache-2.0 |
| Quellarchiv | https://github.com/jfrog/jfrog-cli/archive/refs/tags/v2.113.0.tar.gz |
| Zuletzt aktualisiert | 2026-07-08T16:32:03Z |
| Pulse | updated |
| Build-Abhängigkeiten | go |
| Bottle | verfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | nicht definiert |
| Dienst | keiner deklariert |
Registry-Fakten
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | jfrog-cli |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
Source-Datenbank-Treffer
Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.
jfrog-cli
nix profile install nixpkgs#jfrog-clijfrog-cli 2.45.0-r22
JFrog cli
sudo apk add jfrog-clijfrog-cli 2.104.1-1.fc45
CLI to automate access to JFrog products
https://github.com/jfrog/jfrog-cli
sudo dnf install jfrog-clijfrog-cli 2.107.0-1.1
A client that automates access to the JFrog products
https://github.com/jfrog/jfrog-cli
sudo zypper install jfrog-clijfrog-cli-bash-completion 2.107.0-1.1
Bash Completion for jfrog-cli
https://github.com/jfrog/jfrog-cli
sudo zypper install jfrog-cli-bash-completionjfrog-cli-fish-completion 2.107.0-1.1
Fish Completion for jfrog-cli
https://github.com/jfrog/jfrog-cli
sudo zypper install jfrog-cli-fish-completionjfrog-cli-zsh-completion 2.107.0-1.1
Zsh Completion for jfrog-cli
https://github.com/jfrog/jfrog-cli
sudo zypper install jfrog-cli-zsh-completionjfrog-cli
choco install jfrog-cliJFrog.Cli
winget install --id JFrog.Cli -ejf
nix profile install nixpkgs#jfmain/jfrog
scoop install main/jfrogQuellspur
Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.
View the package source record on GitHub.