The JFrog MCP Server is an experimental Model Context Protocol server that enables comprehensive interaction with the JFrog Platform API for managing your software supply chain:
Repository Management: Create and manage local, remote, and virtual repositories with various configurations
Build Tracking: List and retrieve detailed information about builds
Runtime Monitoring: View clusters, running container images, and their operational status
Artifact Search: Execute AQL queries to search for artifacts and builds
Catalog and Curation: Access package information, versions, vulnerabilities, and curation status
Xray Integration: View vulnerability summaries by severity level
Project Management: Create, list, and manage
Provides tools for monitoring running Docker container images across runtime clusters with their security and operational status through JFrog's runtime services.
Enables comprehensive interaction with the JFrog Platform API, including repository management (local, remote, virtual), build tracking, runtime monitoring, artifact searching via AQL queries, package information retrieval, vulnerability scanning, and project management.
Provides tools for querying package information, versions, and vulnerabilities from npm registry through JFrog's package service integration.
Supports querying NuGet package information, versions, and vulnerabilities through JFrog's package service integration.
Allows retrieval of package information, versions, and vulnerabilities from PyPI through JFrog's package service integration.
Enables access to RubyGems package information, versions, and vulnerabilities through JFrog's package service integration.
JFrog MCP Server (🧪 Experimental)
Model Context Protocol (MCP) Server for the JFrog Platform API, enabling repository management, build tracking, release lifecycle management, and more.
https://github.com/user-attachments/assets/aca3af2b-f294-41c8-8727-799a019a55b5
Disclaimer
This is an experimental project intended to demonstrate JFrog's capabilities with MCP. It is not officially supported or verified by JFrog.
Features
Repository Management: Create and manage local, remote, and virtual repositories
Build Tracking: List and retrieve build information
Runtime Monitoring: View runtime clusters and running container images
Mission Control: View associated JFrog Platform instances
Artifact Search: Execute powerful AQL queries to search for artifacts and builds
Catalog and Curation: Access package information, versions, vulnerabilities, and check curation status
Xray: Access scan artifacts summary, group by severity per artifact
Tools
check_jfrog_availability
Check if JFrog platform is ready and functioning
Returns: Platform readiness status
create_local_repository
Create a new local repository in Artifactory
Inputs:
key
(string): Repository keyrclass
(string): Repository class (must be "local")packageType
(string): Package type of the repositorydescription
(optional string): Repository descriptionprojectKey
(optional string): Project key to assign the repository toenvironments
(optional string[]): Environments to assign the repository to
Returns: Created repository details
create_remote_repository
Create a new remote repository in Artifactory to proxy external package registries
Inputs:
key
(string): Repository keyrclass
(string): Repository class (must be "remote")packageType
(string): Package type of the repositoryurl
(string): URL to the remote repositoryusername
(optional string): Remote repository usernamepassword
(optional string): Remote repository passworddescription
(optional string): Repository descriptionprojectKey
(optional string): Project key to assign the repository toenvironments
(optional string[]): Environments to assign the repository toMany other optional parameters for specific repository configurations
Returns: Created repository details
create_virtual_repository
Create a new virtual repository in Artifactory that aggregates multiple repositories
Inputs:
key
(string): Repository keyrclass
(string): Repository class (must be "virtual")packageType
(string): Package type of the repositoryrepositories
(string[]): List of repository keys to include in the virtual repositorydescription
(optional string): Repository descriptionprojectKey
(optional string): Project key to assign the repository toenvironments
(optional string[]): Environments to assign the repository toOther optional parameters for specific repository configurations
Returns: Created repository details
list_repositories
List all repositories in Artifactory with optional filtering
Inputs:
type
(optional string): Filter repositories by type (local, remote, virtual, federated, distribution)packageType
(optional string): Filter repositories by package typeproject
(optional string): Filter repositories by project key
Returns: List of repositories matching the filters
set_folder_property
Set properties on a folder in Artifactory, with optional recursive application
Inputs:
folderPath
(string): Path to the folder where properties should be setproperties
(object): Key-value pairs of properties to setrecursive
(optional boolean): Whether to apply properties recursively to sub-folders
Returns: Operation result
execute_aql_query
Execute an Artifactory Query Language (AQL) query to search for artifacts, builds, or other entities in JFrog Artifactory
Inputs:
query
(string): The AQL query to execute. Must follow AQL syntax (e.g., items.find({"repo":"my-repo"}).include("name","path"))domain
(optional string): The primary domain to search in (items, builds, archive.entries, build.promotions, releases)transitive
(optional boolean): Whether to search in remote repositorieslimit
(optional number): Maximum number of results to returnoffset
(optional number): Number of results to skipinclude_fields
(optional string[]): Fields to include in the resultssort_by
(optional string): Field to sort results bysort_order
(optional string): Sort order (asc or desc)
Returns: Search results with metadata
list_jfrog_builds
Return a list of all builds in the JFrog platform
Returns: List of builds
get_specific_build
Get details for a specific build by name
Inputs:
buildName
(string): Name of the build to retrieveproject
(optional string): Project key to scope the build search
Returns: Build details
list_jfrog_runtime_clusters
Return a list of all runtime clusters in the JFrog platform
Inputs:
limit
(optional integer): The maximum number of clusters to returnnext_key
(optional string): The next key to use for pagination
Returns: List of runtime clusters
get_jfrog_runtime_specific_cluster
Return a runtime cluster by ID
Inputs:
clusterId
(integer): The ID of the cluster to retrieve
Returns: Cluster details
list_jfrog_running_images
List all running container images across runtime clusters with their security and operational status
Inputs:
filters
(optional string): Filters to applynum_of_rows
(optional integer): Number of rows to returnpage_num
(optional integer): Page numberstatistics
(optional boolean): Whether to include statisticstimePeriod
(optional string): Time period to query
Returns: List of running images
list_jfrog_environments
Get a list of all environments types in the JFrog platform with their details
Inputs:
Returns: List of environments
list_jfrog_projects
Get a list of all projects in the JFrog platform with their details
Inputs:
Returns: List of projects
get_specific_project
Get detailed information about a specific project in the JFrog platform
Inputs:
project_key
(string): The unique key of the project to retrieve
Returns: Project details
create_project
Create a new project in the JFrog platform
Inputs:
project_key
(string): Unique identifier for the projectdisplay_name
(string): Display name of the projectdescription
(string): Description of the projectadmin_privileges
(object): Administrative privileges for the projectstorage_quota_bytes
(number): Storage quota in bytes (-1 for unlimited)
Returns: Created project details
jfrog_get_package_info
Get publicly available information about a software package
Inputs:
type
(string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)name
(string): The name of the package, as it appears in the package repositoryversion
(optional string): The version of the package (default: "latest")
Returns: Package information including description, latest version, license, and URLs
jfrog_get_package_versions
Get a list of versions of a publicly available package with publication dates
Inputs:
type
(string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)name
(string): The name of the package, as it appears in the package repository
Returns: List of package versions with publication dates
jfrog_get_package_version_vulnerabilities
Get a list of known vulnerabilities affecting a specific version of an open source package
Inputs:
type
(string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)name
(string): The name of the package, as it appears in the package repositoryversion
(optional string): The version of the package (default: "latest")pageSize
(optional number): Number of vulnerabilities to return per page (default: 10)pageCount
(optional number): Number of pages to return (default: 1)
Returns: List of vulnerabilities affecting the specified package version
jfrog_get_vulnerability_info
Get detailed information about a specific vulnerability, including affected packages and versions
Inputs:
cve_id
(string): The CVE ID or vulnerability identifier to look uppageSize
(optional number): Number of vulnerabilities to return per page (default: 10)pageCount
(optional number): Number of pages to return (default: 1)
Returns: Detailed vulnerability information and affected packages
jfrog_get_package_curation_status
Check the curation status of a specific package version
Inputs:
packageType
(string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)packageName
(string): The name of the package, as it appears in the package repositorypackageVersion
(string): The version of the package, as it appears in the package repository
Returns: Curation status (approved, blocked, or inconclusive)
jfrog_get_artifacts_summary
Get artifacts issues summary in a repository or build, categorized and counted by severity (Low, Medium, High, Critical, Unkown)
Inputs:
paths
(string array): An array of paths to the artifacts from which to create the summary from
Returns: A summary based on vulnerability count per severity for each artifact in the provided array plus the total issues
Setup
Installing via Smithery
To install mcp-jfrog for Claude Desktop automatically via Smithery:
Prerequisites
Node.js v18 or higher
Docker (if using Docker deployment, see )
A valid JFrog platform instance with appropriate permissions
Access to create and manage access tokens in your JFrog platform instance
Environment Variables
JFROG_ACCESS_TOKEN
: Your JFrog access token (required)JFROG_URL
: Base URL for your JFrog platform (required)TRANSPORT
: Transport mode to use, set to 'sse' to enable SSE transport (default: stdio)PORT
: Port number to use for SSE transport (default: 8080)CORS_ORIGIN
: CORS origin allowed for SSE connections (default: '*')LOG_LEVEL
: Logging level: DEBUG, INFO, WARN, ERROR (default: INFO)MAX_RECONNECT_ATTEMPTS
: Maximum number of reconnection attempts for SSE server (default: 5)RECONNECT_DELAY_MS
: Base delay in milliseconds between reconnection attempts (default: 2000)
JFrog Token (JFROG_ACCESS_TOKEN
)
To use this MCP server, you need to create a JFrog Access Token or use an Idenetity token with appropriate permissions:
For information on how to create a JFrog Token, please refer to the JFrog official documentations:
JFrog URL (JFROG_URL
)
Your JFrog platform instance URL (e.g. https://acme.jfrog.io)
SSE Transport Features
The SSE transport mode includes the following features:
Connection Management: Each SSE connection is tracked with a unique ID, allowing clients to maintain state across reconnections.
Structured Logging: Detailed logs with timestamps, severity levels, and relevant contextual information.
Connection Resilience: Automatic reconnection attempts with exponential backoff if the server fails to start.
Health Endpoint: A
/health
endpoint that returns server status information.Connection Tracking: Real-time tracking of active connections with periodic statistics logging.
Performance Metrics: Execution time tracking for tool operations and HTTP requests.
When using SSE mode:
Clients should connect to the
/sse
endpoint, optionally providing aconnectionId
query parameter for session tracking.Client requests should be sent to the
/messages
endpoint with the sameconnectionId
as a query parameter.The server will respond with server-sent events through the established SSE connection.
Example client connection with connection ID:
Example client request:
How to build
Clone the repo to your local machine using git clone
and cd
into the project directory:
Build as a Docker image:
Build as an npm module:
Usage
npm
Docker
SSE Transport Mode
To use the JFrog MCP Server with SSE transport mode (useful for web interfaces like Cursor's webview):
Note: For SSE mode, you need to add the serverUrl
parameter pointing to your SSE endpoint, and expose the port used by the server (-p 8080:8080).
Add the following to your claude_desktop_config.json
:
Docker
npm
SSE Transport Mode
For Claude Desktop with SSE transport:
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Tools
Experimental Model Context Protocol server that enables access to JFrog Platform API capabilities including repository management, build tracking, artifact searching, and package security analysis.
Related Resources
Related MCP Servers
- AsecurityFlicenseAqualityA Model Context Protocol server that integrates with Figma's API, allowing interaction with Figma files, comments, components, projects, and webhook management.Last updated -5411
- -securityAlicense-qualityA Model Context Protocol server that enables interaction with Foundry tools through natural language, allowing users to create projects, build contracts, run tests, and manage Ethereum development environments.Last updated -1MIT License
- AsecurityAlicenseAqualityA Model Context Protocol server that enables interaction with PostgreSQL databases for analyzing setups, debugging issues, managing schemas, migrating data, and monitoring performance.Last updated -101MIT License
MockLoop MCP Serverofficial
-securityAlicense-qualityA Model Context Protocol server that generates and runs mock API servers from API documentation like OpenAPI/Swagger specs, enabling developers and AI assistants to quickly spin up mock backends for development and testing.Last updated -13MIT License