JFrog MCP Server (🧪 Experimental)

Model Context Protocol (MCP) Server for the JFrog Platform API, enabling repository management, build tracking, release lifecycle management, and more.

mcp_demo_min.mp4

Disclaimer

This is an experimental project intended to demonstrate JFrog's capabilities with MCP. It is not officially supported or verified by JFrog.

Features

• Repository Management: Create and manage local, remote, and virtual repositories
• Build Tracking: List and retrieve build information
• Runtime Monitoring: View runtime clusters and running container images
• Mission Control: View associated JFrog Platform instances
• Artifact Search: Execute powerful AQL queries to search for artifacts and builds
• Catalog and Curation: Access package information, versions, vulnerabilities, and check curation status

Tools

Repository Management

1. check_jfrog_availability

   • Check if JFrog platform is ready and functioning
   • Returns: Platform readiness status

2. create_local_repository

   • Create a new local repository in Artifactory
   • Inputs:
     • key (string): Repository key
     • rclass (string): Repository class (must be "local")
     • packageType (string): Package type of the repository
     • description (optional string): Repository description
     • projectKey (optional string): Project key to assign the repository to
     • environments (optional string[]): Environments to assign the repository to
   • Returns: Created repository details

3. create_remote_repository

   • Create a new remote repository in Artifactory to proxy external package registries
   • Inputs:
     • key (string): Repository key
     • rclass (string): Repository class (must be "remote")
     • packageType (string): Package type of the repository
     • url (string): URL to the remote repository
     • username (optional string): Remote repository username
     • password (optional string): Remote repository password
     • description (optional string): Repository description
     • projectKey (optional string): Project key to assign the repository to
     • environments (optional string[]): Environments to assign the repository to
     • Many other optional parameters for specific repository configurations
   • Returns: Created repository details

4. create_virtual_repository

   • Create a new virtual repository in Artifactory that aggregates multiple repositories
   • Inputs:
     • key (string): Repository key
     • rclass (string): Repository class (must be "virtual")
     • packageType (string): Package type of the repository
     • repositories (string[]): List of repository keys to include in the virtual repository
     • description (optional string): Repository description
     • projectKey (optional string): Project key to assign the repository to
     • environments (optional string[]): Environments to assign the repository to
     • Other optional parameters for specific repository configurations
   • Returns: Created repository details

5. list_repositories

   • List all repositories in Artifactory with optional filtering
   • Inputs:
     • type (optional string): Filter repositories by type (local, remote, virtual, federated, distribution)
     • packageType (optional string): Filter repositories by package type
     • project (optional string): Filter repositories by project key
   • Returns: List of repositories matching the filters

6. set_folder_property

   • Set properties on a folder in Artifactory, with optional recursive application
   • Inputs:
     • folderPath (string): Path to the folder where properties should be set
     • properties (object): Key-value pairs of properties to set
     • recursive (optional boolean): Whether to apply properties recursively to sub-folders
   • Returns: Operation result

7. execute_aql_query

   • Execute an Artifactory Query Language (AQL) query to search for artifacts, builds, or other entities in JFrog Artifactory
   • Inputs:
     • query (string): The AQL query to execute. Must follow AQL syntax (e.g., items.find({"repo":"my-repo"}).include("name","path"))
     • domain (optional string): The primary domain to search in (items, builds, archive.entries, build.promotions, releases)
     • transitive (optional boolean): Whether to search in remote repositories
     • limit (optional number): Maximum number of results to return
     • offset (optional number): Number of results to skip
     • include_fields (optional string[]): Fields to include in the results
     • sort_by (optional string): Field to sort results by
     • sort_order (optional string): Sort order (asc or desc)
   • Returns: Search results with metadata

Build Management

8. list_jfrog_builds

   • Return a list of all builds in the JFrog platform
   • Returns: List of builds

9. get_specific_build

   • Get details for a specific build by name
   • Inputs:
     • buildName (string): Name of the build to retrieve
     • project (optional string): Project key to scope the build search
   • Returns: Build details

Runtime Management

10. list_jfrog_runtime_clusters

    • Return a list of all runtime clusters in the JFrog platform
    • Inputs:
      • limit (optional integer): The maximum number of clusters to return
      • next_key (optional string): The next key to use for pagination
    • Returns: List of runtime clusters

11. get_jfrog_runtime_specific_cluster

    • Return a runtime cluster by ID
    • Inputs:
      • clusterId (integer): The ID of the cluster to retrieve
    • Returns: Cluster details

12. list_jfrog_running_images

    • List all running container images across runtime clusters with their security and operational status
    • Inputs:
      • filters (optional string): Filters to apply
      • num_of_rows (optional integer): Number of rows to return
      • page_num (optional integer): Page number
      • statistics (optional boolean): Whether to include statistics
      • timePeriod (optional string): Time period to query
    • Returns: List of running images

Access Control

13. list_jfrog_environments

    • Get a list of all environments types in the JFrog platform with their details
    • Inputs:
    • Returns: List of environments

14. list_jfrog_projects

    • Get a list of all projects in the JFrog platform with their details
    • Inputs:
    • Returns: List of projects

15. get_specific_project

    • Get detailed information about a specific project in the JFrog platform
    • Inputs:
      • project_key (string): The unique key of the project to retrieve
    • Returns: Project details

16. create_project

    • Create a new project in the JFrog platform
    • Inputs:
      • project_key (string): Unique identifier for the project
      • display_name (string): Display name of the project
      • description (string): Description of the project
      • admin_privileges (object): Administrative privileges for the project
      • storage_quota_bytes (number): Storage quota in bytes (-1 for unlimited)
    • Returns: Created project details

Catalog and Curation

17. jfrog_get_package_info

    • Get publicly available information about a software package
    • Inputs:
      • type (string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)
      • name (string): The name of the package, as it appears in the package repository
      • version (optional string): The version of the package (default: "latest")
    • Returns: Package information including description, latest version, license, and URLs

18. jfrog_get_package_versions

    • Get a list of versions of a publicly available package with publication dates
    • Inputs:
      • type (string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)
      • name (string): The name of the package, as it appears in the package repository
    • Returns: List of package versions with publication dates

19. jfrog_get_package_version_vulnerabilities

    • Get a list of known vulnerabilities affecting a specific version of an open source package
    • Inputs:
      • type (string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)
      • name (string): The name of the package, as it appears in the package repository
      • version (optional string): The version of the package (default: "latest")
      • pageSize (optional number): Number of vulnerabilities to return per page (default: 10)
      • pageCount (optional number): Number of pages to return (default: 1)
    • Returns: List of vulnerabilities affecting the specified package version

20. jfrog_get_vulnerability_info

    • Get detailed information about a specific vulnerability, including affected packages and versions
    • Inputs:
      • cve_id (string): The CVE ID or vulnerability identifier to look up
      • pageSize (optional number): Number of vulnerabilities to return per page (default: 10)
      • pageCount (optional number): Number of pages to return (default: 1)
    • Returns: Detailed vulnerability information and affected packages

21. jfrog_get_package_curation_status

    • Check the curation status of a specific package version
    • Inputs:
      • packageType (string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)
      • packageName (string): The name of the package, as it appears in the package repository
      • packageVersion (string): The version of the package, as it appears in the package repository
    • Returns: Curation status (approved, blocked, or inconclusive)

Setup

Installing via Smithery

To install mcp-jfrog for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @jfrog/mcp-jfrog --client claude

Prerequisites

• Node.js v18 or higher
• Docker (if using Docker deployment, see )
• A valid JFrog platform instance with appropriate permissions
• Access to create and manage access tokens in your JFrog platform instance

Environment Variables

• JFROG_ACCESS_TOKEN: Your JFrog access token (required)
• JFROG_URL: Base URL for your JFrog platform (required)

JFrog Token (JFROG_ACCESS_TOKEN)

To use this MCP server, you need to create a JFrog Access Token or use an Idenetity token with appropriate permissions:

For information on how to create a JFrog Token, please refer to the JFrog official documentations:

• Identity Tokens

• Access Tokens

JFrog URL (JFROG_URL)

Your JFrog platform instance URL (e.g. https://acme.jfrog.io)

How to build

Clone the repo to your local machine using git clone and cd into the project directory:

git clone git@github.com:jfrog/mcp-jfrog.git

cd mcp-jfrog

Build as a Docker image:

docker build -t mcp/jfrog -f Dockerfile .

Build as an npm module:

npm i && npm run build

Usage

Use with Cursor

Add the following to your `~/.cursor/mcp.json`:

npm

{
  "mcpServers": {
    "MCP-JFrog": { 
      "command": "npm",
      "args": [
        "exec",
        "-y",
        "github:jfrog/mcp-jfrog"
      ],
      "env": {
        "JFROG_ACCESS_TOKEN": "ACCESS_TOKEN",
        "JFROG_URL": "https://<YOUR_JFROG_INSTANCE_URL>"
      }
    }
  },
  "mcp-local-dev":{
      "command": "node",
      "args": [
        "/<ABSOLUT_PATH_TO>/mcp-jfrog/dist/index.js"
      ],
      "env": {
        "JFROG_ACCESS_TOKEN": "<ACCESS_TOKEN>>",
        "JFROG_URL": "<JFROG_URL>"
      }
    }
}

Docker

{
  "mcpServers": { 
    "jfrog": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "JFROG_ACCESS_TOKEN",
        "-e",
        "JFROG_URL",
        "mcp/jfrog"
      ],
      "env": {
        "JFROG_ACCESS_TOKEN": "<YOUR_TOKEN>",
        "JFROG_URL": "https://your-instance.jfrog.io" // Your JFrog platform URL
      }
    }
  }
}

Use with Claude Desktop

Add the following to your claude_desktop_config.json:

Docker

{
  "mcpServers": { 
    "jfrog": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "JFROG_ACCESS_TOKEN",
        "-e",
        "JFROG_URL",
        "mcp/jfrog"
      ],
      "env": {
        "JFROG_ACCESS_TOKEN": "<YOUR_TOKEN>",
        "JFROG_URL": "https://your-instance.jfrog.io" // Your JFrog platform URL
      }
    }
  }
}

npm

{
"mcpServers": {
    "MCP-JFrog": { 
      "command": "npm",
      "args": [
        "exec",
        "-y",
        "github:jfrog/mcp-jfrog"
      ],
      "env": {
        "JFROG_ACCESS_TOKEN": "ACCESS_TOKEN",
        "JFROG_URL": "https://<YOUR_JFROG_INSTANCE_URL>"
      }
    }
  }
}

License

This MCP server is licensed under the Apache License 2.0. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the Apache License 2.0. For more details, please see the LICENSE.md file in the project repository.