JFrog MCP
Read-only MCP server for JFrog Artifactory repository intelligence, providing tools to list repositories, paths, fetch item metadata, properties, stats, and perform bounded file searches.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@JFrog MCPlist docker repositories"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
JFrog MCP
Read-only Model Context Protocol server for JFrog Artifactory repository intelligence.
This server is intentionally narrow. It lists repositories, lists explicit repository paths, fetches item metadata, fetches properties and stats, and performs bounded file searches. It does not deploy, delete, move, copy, mutate properties, run raw AQL, or download file content.
It is intended for MCP-compatible agents and clients that need safe Artifactory visibility without artifact download or repository mutation permissions.
Tools
jfrog_pingchecks URL and token access without returning secrets.jfrog_capabilitiesdescribes server limits, security settings, compatibility behavior, and optional live feature probes for a repo/path.jfrog_list_repositorieslists repositories with optionaltype,package_type, andprojectfilters.jfrog_list_pathlists one repository path with bounded depth and cursor pagination. If Artifactory rejects the Pro-only storage list mode, it falls back to basic metadata children.jfrog_get_item_inforeturns metadata for one file or folder.jfrog_get_item_propertiesreturns item properties as a separate storage query mode.jfrog_get_item_statsreturns download statistics as a separate storage query mode.jfrog_get_treereturns a bounded file/folder tree using metadata traversal.jfrog_find_filessearches files with generic filters and response shaping.jfrog_latest_filessearches files and sorts the bounded result set bymodifiedclient-side.
The safe search tools intentionally avoid non-portable AQL fields and default server-side sorting, because some Artifactory OSS/CE installations reject those features. Use name_pattern for artifact-specific needs, such as *.jar, *.war, or *.zip, instead of adding artifact-specific tools.
All tools are annotated as read-only and non-destructive for MCP clients that use tool safety metadata.
Related MCP server: FS Context MCP Server
Resources
jfrog://repositorieslists repositories.jfrog://repo/{repoKey}lists the root path of one repository.jfrog://repo/{repoKey}/path/{path}returns metadata for one repository path. Encode slashes inpathas%2F, for examplejfrog://repo/libs-release-local/path/com%2Facme.
Requirements
Python 3.11 or newer.
A JFrog Artifactory URL.
A least-privilege read-only JFrog access token.
Optional: Node.js 18 or newer if you use the
npxwrapper.
Configuration
Set credentials through a local .env file, environment variables, or a mounted token file. Do not pass the token as a tool argument.
For local use, copy the template and edit the values:
Copy-Item .env.example .env
notepad .envMinimal .env with a direct token:
JFROG_URL=https://example.jfrog.io
JFROG_ACCESS_TOKEN=REPLACE_MEOr use a token file:
New-Item -ItemType Directory -Force .secrets
Set-Content -NoNewline .secrets/jfrog-token "REPLACE_ME"JFROG_URL=https://example.jfrog.io
JFROG_ACCESS_TOKEN_FILE=.secrets/jfrog-tokenJFROG_ACCESS_TOKEN takes priority when both settings are present. Direct tokens are convenient for local agents and private runtime configuration. Token files are still useful for mounted secrets in containers, CI, Kubernetes, and OpenShift.
export JFROG_URL="https://example.jfrog.io"
export JFROG_ACCESS_TOKEN="REPLACE_ME"Optional settings:
export JFROG_MCP_TRANSPORT="stdio"
export JFROG_REQUEST_TIMEOUT_SECONDS="20"
export JFROG_DEFAULT_PAGE_SIZE="50"
export JFROG_MAX_PAGE_SIZE="200"
export JFROG_MAX_DEPTH="5"
export JFROG_MAX_AQL_LIMIT="500"
export JFROG_CACHE_TTL_SECONDS="60"
export JFROG_VERIFY_SSL="true"
export JFROG_CA_BUNDLE="/etc/ssl/certs/company-ca.pem"
export JFROG_TRUST_ENV="false"
export JFROG_LOG_LEVEL="INFO"JFROG_URL may be either the JFrog base URL, such as https://example.jfrog.io, or the Artifactory base URL, such as https://example.jfrog.io/artifactory.
Keep JFROG_VERIFY_SSL=true in production. If your Artifactory endpoint uses a private CA, set JFROG_CA_BUNDLE to the mounted PEM bundle instead of disabling verification.
JFROG_TRUST_ENV=false makes the HTTP client ignore proxy-related environment variables. Keep this default for internal Artifactory routes unless your deployment intentionally needs HTTP_PROXY or HTTPS_PROXY.
Install And Run
Clone the repository and install the Python package in a virtual environment:
git clone https://github.com/mSaeedS/jfrog-mcp.git
cd jfrog-mcp
python -m venv .venv
. .venv/bin/activate
pip install -e .
jfrog-mcpFor Windows PowerShell:
git clone https://github.com/mSaeedS/jfrog-mcp.git
Set-Location jfrog-mcp
python -m venv .venv
.\.venv\Scripts\Activate.ps1
pip install -e .
jfrog-mcpThe default transport is stdio. For Streamable HTTP:
JFROG_MCP_TRANSPORT=streamable-http jfrog-mcpMCP Client Examples
Installed Python Command
If jfrog-mcp is installed in the environment where your MCP client runs:
{
"mcpServers": {
"jfrog": {
"command": "jfrog-mcp",
"env": {
"JFROG_URL": "https://example.jfrog.io",
"JFROG_ACCESS_TOKEN": "REPLACE_ME"
}
}
}
}Local Clone
If your MCP client can start a command from a local clone:
{
"mcpServers": {
"jfrog": {
"command": "python",
"args": [
"-m",
"jfrog_mcp"
],
"cwd": "/path/to/jfrog-mcp",
"env": {
"JFROG_URL": "https://example.jfrog.io",
"JFROG_ACCESS_TOKEN": "REPLACE_ME",
"JFROG_TRUST_ENV": "false"
}
}
}
}On Windows, use a Windows path for cwd, for example C:\\Users\\you\\src\\jfrog-mcp.
npx From GitHub
For agents that expect an npx-style MCP command, use the included Node wrapper. The wrapper starts the Python MCP server, sets JFROG_ENV_FILE to the project .env when present, and preserves stdio for MCP protocol traffic.
Using this public GitHub repository:
{
"mcpServers": {
"jfrog": {
"command": "npx",
"args": [
"-y",
"github:mSaeedS/jfrog-mcp"
],
"env": {
"JFROG_URL": "https://example.jfrog.io",
"JFROG_ACCESS_TOKEN": "REPLACE_ME",
"JFROG_TRUST_ENV": "false"
}
}
}
}For GitHub npx usage, the wrapper bootstraps a small Python virtual environment in the user cache on first run and installs the bundled Python package there. If your environment uses an internal Python package index, pass PIP_INDEX_URL or PIP_EXTRA_INDEX_URL through the MCP env.
If Windows, OneDrive, or another synced folder blocks the default npm cache, set a cache outside synced folders before running npx:
$env:npm_config_cache = "$env:TEMP\npm-cache"
npx -y "github:mSaeedS/jfrog-mcp" --versionDocker
docker build -t jfrog-mcp:latest .
docker run --rm -i \
-e JFROG_URL="https://example.jfrog.io" \
-e JFROG_ACCESS_TOKEN="REPLACE_ME" \
jfrog-mcp:latestFor HTTP transport:
docker run --rm -p 8000:8000 \
-e JFROG_URL="https://example.jfrog.io" \
-e JFROG_ACCESS_TOKEN="REPLACE_ME" \
-e JFROG_MCP_TRANSPORT="streamable-http" \
jfrog-mcp:latestProduction Notes
Use a least-privilege read-only JFrog access token. Rotate it regularly and immediately after any accidental exposure.
Use
JFROG_ACCESS_TOKENwhen your agent/runtime can inject secrets securely as environment variables. UseJFROG_ACCESS_TOKEN_FILEwhen your platform mounts secrets as files.Set page, depth, and AQL limits for your environment with
JFROG_MAX_PAGE_SIZE,JFROG_MAX_DEPTH, andJFROG_MAX_AQL_LIMIT.Run
jfrog_capabilities(live_probe=true, repo_key="...", path="...")against a representative repo to discover whether that Artifactory instance supports Pro storage listing or server-side AQL sort.Restart the MCP client or server process after changing environment variables or code. Existing stdio MCP sessions keep their original process environment.
Treat
JFROG_VERIFY_SSL=falseas local troubleshooting only. UseJFROG_CA_BUNDLEfor private CA deployments.
Tests
Install the development dependencies before running tests:
pip install -e ".[dev]"python -m pytestThe tests use mocked HTTP transports and do not call a real JFrog instance.
Optional live tests run only when all of these are set:
export JFROG_TEST_URL="https://example.jfrog.io"
export JFROG_TEST_TOKEN="REPLACE_ME"
export JFROG_TEST_REPO="libs-release-local"
pytest tests/test_live_integration.pyThis server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mSaeedS/jfrog-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server