Credential access
Reads JFrog tokens, server config, and repository credentials.
brew
Command-line interface for JFrog products. Version 2.113.0 via Homebrew; verified 2026-07-08.
agent safety
jfrog-cli manages Artifactory, packages, builds, and release artifacts.
Reads JFrog tokens, server config, and repository credentials.
Can upload, delete, promote, and configure artifacts or repositories.
Can publish build artifacts and release bundles.
Gate upload, delete, promote, config, and token commands.
Allow searches; require approval for artifact writes, deletes, and promotion.
install
brew install jfrog-clilocal Homebrew formula metadata
sudo apk add jfrog-cliAlpine Linux edge package indexes · jfrog-cli · source: dl-cdn.alpinelinux.org
sudo dnf install jfrog-cliFedora Rawhide package metadata · jfrog-cli · source: dl.fedoraproject.org
nix profile install nixpkgs#jfrog-clinixpkgs package indexes · pkgs/by-name/jf/jfrog-cli/package.nix · source: api.github.com
sudo zypper install jfrog-cliopenSUSE Tumbleweed package metadata · jfrog-cli · source: download.opensuse.org
choco install jfrog-cliChocolatey community package catalog · jfrog-cli · source: community.chocolatey.org
winget install --id JFrog.Cli -eWindows Package Manager source index · JFrog.Cli · source: cdn.winget.microsoft.com
scoop install main/jfrogScoop official bucket manifest trees · bucket/jfrog.json · source: api.github.com
overview
Command-line interface for JFrog products
history
JFrog CLI is the command-line client for automating JFrog platform workflows. Its role is to turn Artifactory, Xray, Distribution, Access, build-info, and package-manager operations into scriptable commands for CI systems and release pipelines.
The public jfrog/jfrog-cli repository was created in 2015, and the first GitHub release series appeared in 2016. The README describes the tool as a compact client for automating JFrog product access through REST APIs, with early emphasis on reliable artifact upload and download, checksum optimization, dry runs, and wildcard or regular-expression based file selection.
The release stream expanded from Artifactory-centered artifact operations into wider software-supply-chain work. The 2021 v2 line added and reorganized Xray scanning and audit commands, while later releases continued to add package ecosystem integrations, build-info handling, plugin support, and container-related workflows.
JFrog CLI became a natural package-manager target because it is a single executable used by build agents and developer laptops. Homebrew, Chocolatey, Scoop, winget, Linux distro packages, and JFrog's own install paths make it easy to pin in automation without embedding product-specific REST calls in every script.
Its adoption follows JFrog Artifactory's role as an artifact repository in CI/CD. Teams using Maven, Gradle, npm, Docker, NuGet, Python, and Go package flows can use one CLI surface to publish artifacts, collect build metadata, promote builds, and run security or compliance scans.
Typical use centers on configuring a JFrog server, uploading and downloading artifacts, resolving dependencies, publishing build-info, scanning builds or packages with Xray, and promoting or distributing release artifacts. The `jf` executable is the shorter command name used alongside the older `jfrog` command.
The package is especially common in CI jobs because it can replace hand-written REST calls with commands that understand checksums, retries, build metadata, and package-manager conventions.
For package people, JFrog CLI is interesting because it sits at the boundary between language package managers and an enterprise artifact repository. It packages a large amount of repository-specific behavior into a portable CLI that can be installed by the same package managers it automates.
It also shows how artifact-management CLIs evolved from simple upload/download helpers into supply-chain tools that collect provenance, drive scans, and coordinate release promotion.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.jfrog/jfrog-cli.conf.v6Credential-bearing paths to review before unattended agent runs.
~/.jfrog/jfrog-cli.conf.v6executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
jf | cli | global executable | |
jfrog | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/jfrog/jfrog-cli
install metadata
| Package key | brew:jfrog-cli |
|---|---|
| Version | 2.113.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/jfrog-cli |
| Homepage | https://docs.jfrog.com/integrations/docs/jfrog-cli |
| Repository | https://github.com/jfrog/jfrog-cli |
| Upstream docs | https://docs.jfrog.com/integrations/docs/jfrog-cli |
| License | Apache-2.0 |
| Source archive | https://github.com/jfrog/jfrog-cli/archive/refs/tags/v2.113.0.tar.gz |
| Last updated | 2026-07-08T16:32:03Z |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | jfrog-cli |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
jfrog-cli
nix profile install nixpkgs#jfrog-clijfrog-cli 2.45.0-r22
JFrog cli
sudo apk add jfrog-clijfrog-cli 2.104.1-1.fc45
CLI to automate access to JFrog products
https://github.com/jfrog/jfrog-cli
sudo dnf install jfrog-clijfrog-cli 2.107.0-1.1
A client that automates access to the JFrog products
https://github.com/jfrog/jfrog-cli
sudo zypper install jfrog-clijfrog-cli-bash-completion 2.107.0-1.1
Bash Completion for jfrog-cli
https://github.com/jfrog/jfrog-cli
sudo zypper install jfrog-cli-bash-completionjfrog-cli-fish-completion 2.107.0-1.1
Fish Completion for jfrog-cli
https://github.com/jfrog/jfrog-cli
sudo zypper install jfrog-cli-fish-completionjfrog-cli-zsh-completion 2.107.0-1.1
Zsh Completion for jfrog-cli
https://github.com/jfrog/jfrog-cli
sudo zypper install jfrog-cli-zsh-completionjfrog-cli
choco install jfrog-cliJFrog.Cli
winget install --id JFrog.Cli -ejf
nix profile install nixpkgs#jfmain/jfrog
scoop install main/jfrogsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.