JFrog MCP Server

Official

Overview Schema Related Servers Score Discussions

jfrog_list_running_images

Identify all active container images across runtime clusters, displaying their security and operational status with configurable filters, statistics, and time-based queries for streamlined management.

Instructions

List all running container images across runtime clusters with their security and operational status

Input Schema

TableJSON Schema

Name	Required	Description	Default
`filters`	No	Filters to apply
`num_of_rows`	No	Number of rows to return
`page_num`	No	Page number
`statistics`	No	Whether to include statistics
`timePeriod`	No	Time period to query	now

Implementation Reference

tools/runtime.ts:36-50 (handler)

Core handler function that builds the query parameters and performs the API request to list running JFrog Runtime images, parsing the response with the output schema.

export async function getRunningImages(params: z.infer<typeof ListRunningImagesSchema>) {
  const queryString = new URLSearchParams({
    num_of_rows: params.num_of_rows.toString(),
    statistics: params.statistics.toString(),
    timePeriod: params.timePeriod,
    filters: params.filters,
    page_num: params.page_num.toString()
  }).toString();

  const response = await jfrogRequest(`/runtime/api/v1/live/images?${queryString}`, {
    method: "GET"
  });
   
  return JFrogRuntimeImagesResponseSchema.parse(response);
}

schemas/runtime.ts:108-114 (schema)

Zod input schema defining parameters for listing running images: num_of_rows, statistics, timePeriod, filters, page_num.

export const ListRunningImagesSchema = z.object({
  num_of_rows: z.number().int().default(100).describe("Number of rows to return"),
  statistics: z.boolean().default(true).describe("Whether to include statistics"),
  timePeriod: z.string().default("now").describe("Time period to query"),
  filters: z.string().default("").describe("Filters to apply"),
  page_num: z.number().int().default(1).describe("Page number")
});

tools/runtime.ts:77-86 (registration)

Tool registration object specifying the name, description, input schema, and a thin handler that parses args and delegates to getRunningImages.

const listRunningImagesTool = {
  name: "jfrog_list_running_images",
  description: "List all running container images across runtime clusters with their security and operational status",
  inputSchema: zodToJsonSchema(ListRunningImagesSchema),
  //outputSchema: zodToJsonSchema(JFrogRuntimeImagesResponseSchema),
  handler: async (args: any) => {
    const parsedArgs = ListRunningImagesSchema.parse(args);
    return await getRunningImages(parsedArgs);
  }
};

tools/runtime.ts:90-94 (registration)
Exports the array of runtime tools, registering jfrog_list_running_images alongside others.
```
export const RuntimeTools = [
  getAllRuntimeClustersTool,
  getRuntimeClusterTool,
  listRunningImagesTool
];
```

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It mentions 'security and operational status' as part of the output, which adds some context beyond a basic list. However, it doesn't cover critical aspects like whether this is a read-only operation (implied but not stated), potential performance impact, authentication requirements, rate limits, or error handling. For a tool with 5 parameters and no annotations, this leaves significant gaps.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, well-structured sentence that efficiently conveys the core action, scope, and key output details. Every word earns its place with no redundancy or fluff, making it easy to parse and understand quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (5 parameters, no annotations, no output schema), the description is insufficiently complete. It lacks details on behavioral traits like safety, performance, or error handling, doesn't explain the relationship between parameters and the described 'security and operational status', and provides no output format guidance. For a runtime monitoring tool with multiple configuration options, more context is needed to use it effectively.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so all parameters are documented in the schema. The description doesn't add any parameter-specific semantics beyond implying filtering and pagination through 'list all' and the mention of 'security and operational status' which loosely relates to the 'statistics' parameter. It doesn't explain how filters work, what timePeriod values are valid, or how statistics integrate with security status. Baseline 3 is appropriate given the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb 'List' and the resource 'all running container images across runtime clusters', specifying scope and including 'security and operational status' as additional output details. It distinguishes from siblings like jfrog_list_repositories or jfrog_list_builds by focusing on runtime images rather than static artifacts or builds, though it doesn't explicitly contrast with jfrog_list_runtime_clusters which lists clusters themselves.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites, ideal scenarios, or exclusions, nor does it reference sibling tools like jfrog_get_runtime_specific_cluster for detailed cluster info or jfrog_get_package_version_vulnerabilities for deeper security insights. Usage is implied by the action but not explicitly framed.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

list_image_vulnerabilities
@rad-security/mcp-server
list_images
@rad-security/mcp-server
list_containers
@rad-security/mcp-server
get_top_vulnerable_images
@rad-security/mcp-server
get_containers_process_trees
@rad-security/mcp-server
list_containers
@suvarchal/docker-mcp

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jfrog/mcp-jfrog'

If you have feedback or need assistance with the MCP directory API, please join our Discord server