Jfrog Mcp Server
Featuredby
Enables repository creation and management, build tracking, runtime monitoring, vulnerability analysis, and package curation for the JFrog Platform through the Model Context Protocol.
Jfrog Mcp Server Overview
What is Jfrog Mcp Server about?
Provides a set of MCP tools that interact with JFrog Artifactory, Xray, Distribution, and Runtime services, allowing automation of repository lifecycle, build inspection, artifact security summarisation, and open‑source package lookup.
How to use Jfrog Mcp Server?
- Install the server (npm, Docker, or via Smithery).
- Set the required environment variables
JFROG_ACCESS_TOKENandJFROG_URL. - Start the server (default STDIO transport or SSE mode by setting
TRANSPORT=sse). - Connect a client (e.g., Cursor, Claude Desktop) using the provided configuration and invoke tool methods via JSON‑RPC.
Key features
- Repository Management: create/list local, remote, and virtual repositories; set folder properties.
- Build Management: list builds and retrieve detailed build information.
- Runtime Management: enumerate runtime clusters, fetch cluster details, and list running container images.
- Access Control: list environments, projects, and create new projects.
- Catalog & Curation: fetch package metadata, versions, vulnerability data, and curation status for multiple package ecosystems.
- Xray Integration: obtain severity‑based artifact issue summaries.
- SSE Transport: stateful connection handling, reconnection logic, health endpoint, and performance metrics.
Use cases
- Automating CI/CD pipelines to provision repositories on‑the‑fly.
- Auditing builds and runtime images for known vulnerabilities before release.
- Building internal dashboards that display package health and curation status.
- Enabling IDE assistants (e.g., Claude Desktop) to query JFrog data directly from code editors.
- Centralising project and environment inventory for governance and compliance.
FAQ
Q: Which JFrog permissions are required? A: The access token must have repository‑admin, build‑read, runtime‑read, and Xray‑read scopes.
Q: Can I run the server in production? A: This repository is experimental. For production, use the officially managed JFrog MCP Server offered by JFrog.
Q: How do I enable SSE mode?
A: Set TRANSPORT=sse, expose a port (default 8080), and configure the client’s serverUrl to http://localhost:8080/sse.
Q: Is Docker required?
A: No. You can run the server directly with Node.js (npm run build && node dist/index.js) or via the npx command.
Q: Where can I find the full list of tool methods? A: All methods are documented in the README under the Tools sections.
Jfrog Mcp Server's README
JFrog MCP Server (🧪 Experimental)
Model Context Protocol (MCP) Server for the JFrog Platform API, enabling repository management, build tracking, release lifecycle management, and more.
https://github.com/user-attachments/assets/aca3af2b-f294-41c8-8727-799a019a55b5
Disclaimer
This is an experimental project intended to demonstrate JFrog's capabilities with MCP. It is not officially supported or verified by JFrog.
Update (2025):
JFrog now provides an official, secure, and remotely hosted MCP server for seamless integration with the JFrog Platform.
This managed MCP server is maintained by JFrog and is recommended for production use, offering enhanced security, reliability, and support.
Learn more and get started here:
👉 JFrog MCP Server Documentation
Features
- Repository Management: Create and manage local, remote, and virtual repositories
- Build Tracking: List and retrieve build information
- Runtime Monitoring: View runtime clusters and running container images
- Mission Control: View associated JFrog Platform instances
- Artifact Search: Execute powerful AQL queries to search for artifacts and builds
- Catalog and Curation: Access package information, versions, vulnerabilities, and check curation status
- Xray: Access scan artifacts summary, group by severity per artifact
Tools
-
check_jfrog_availability- Check if JFrog platform is ready and functioning
- Returns: Platform readiness status
-
create_local_repository- Create a new local repository in Artifactory
- Inputs:
key(string): Repository keyrclass(string): Repository class (must be "local")packageType(string): Package type of the repositorydescription(optional string): Repository descriptionprojectKey(optional string): Project key to assign the repository toenvironments(optional string[]): Environments to assign the repository to
- Returns: Created repository details
-
create_remote_repository- Create a new remote repository in Artifactory to proxy external package registries
- Inputs:
key(string): Repository keyrclass(string): Repository class (must be "remote")packageType(string): Package type of the repositoryurl(string): URL to the remote repositoryusername(optional string): Remote repository usernamepassword(optional string): Remote repository passworddescription(optional string): Repository descriptionprojectKey(optional string): Project key to assign the repository toenvironments(optional string[]): Environments to assign the repository to- Many other optional parameters for specific repository configurations
- Returns: Created repository details
-
create_virtual_repository- Create a new virtual repository in Artifactory that aggregates multiple repositories
- Inputs:
key(string): Repository keyrclass(string): Repository class (must be "virtual")packageType(string): Package type of the repositoryrepositories(string[]): List of repository keys to include in the virtual repositorydescription(optional string): Repository descriptionprojectKey(optional string): Project key to assign the repository toenvironments(optional string[]): Environments to assign the repository to- Other optional parameters for specific repository configurations
- Returns: Created repository details
-
list_repositories- List all repositories in Artifactory with optional filtering
- Inputs:
type(optional string): Filter repositories by type (local, remote, virtual, federated, distribution)packageType(optional string): Filter repositories by package typeproject(optional string): Filter repositories by project key
- Returns: List of repositories matching the filters
-
set_folder_property- Set properties on a folder in Artifactory, with optional recursive application
- Inputs:
folderPath(string): Path to the folder where properties should be setproperties(object): Key-value pairs of properties to setrecursive(optional boolean): Whether to apply properties recursively to sub-folders
- Returns: Operation result
-
execute_aql_query- Execute an Artifactory Query Language (AQL) query to search for artifacts, builds, or other entities in JFrog Artifactory
- Inputs:
query(string): The AQL query to execute. Must follow AQL syntax (e.g., items.find({"repo":"my-repo"}).include("name","path"))domain(optional string): The primary domain to search in (items, builds, archive.entries, build.promotions, releases)transitive(optional boolean): Whether to search in remote repositorieslimit(optional number): Maximum number of results to returnoffset(optional number): Number of results to skipinclude_fields(optional string[]): Fields to include in the resultssort_by(optional string): Field to sort results bysort_order(optional string): Sort order (asc or desc)
- Returns: Search results with metadata
-
list_jfrog_builds- Return a list of all builds in the JFrog platform
- Returns: List of builds
-
get_specific_build- Get details for a specific build by name
- Inputs:
buildName(string): Name of the build to retrieveproject(optional string): Project key to scope the build search
- Returns: Build details
-
list_jfrog_runtime_clusters- Return a list of all runtime clusters in the JFrog platform
- Inputs:
limit(optional integer): The maximum number of clusters to returnnext_key(optional string): The next key to use for pagination
- Returns: List of runtime clusters
-
get_jfrog_runtime_specific_cluster- Return a runtime cluster by ID
- Inputs:
clusterId(integer): The ID of the cluster to retrieve
- Returns: Cluster details
-
list_jfrog_running_images- List all running container images across runtime clusters with their security and operational status
- Inputs:
filters(optional string): Filters to applynum_of_rows(optional integer): Number of rows to returnpage_num(optional integer): Page numberstatistics(optional boolean): Whether to include statisticstimePeriod(optional string): Time period to query
- Returns: List of running images
-
list_jfrog_environments- Get a list of all environments types in the JFrog platform with their details
- Inputs:
- Returns: List of environments
-
list_jfrog_projects- Get a list of all projects in the JFrog platform with their details
- Inputs:
- Returns: List of projects
-
get_specific_project- Get detailed information about a specific project in the JFrog platform
- Inputs:
project_key(string): The unique key of the project to retrieve
- Returns: Project details
-
create_project- Create a new project in the JFrog platform
- Inputs:
project_key(string): Unique identifier for the projectdisplay_name(string): Display name of the projectdescription(string): Description of the projectadmin_privileges(object): Administrative privileges for the projectstorage_quota_bytes(number): Storage quota in bytes (-1 for unlimited)
- Returns: Created project details
-
jfrog_get_package_info- Get publicly available information about a software package
- Inputs:
type(string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)name(string): The name of the package, as it appears in the package repositoryversion(optional string): The version of the package (default: "latest")
- Returns: Package information including description, latest version, license, and URLs
-
jfrog_get_package_versions- Get a list of versions of a publicly available package with publication dates
- Inputs:
type(string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)name(string): The name of the package, as it appears in the package repository
- Returns: List of package versions with publication dates
-
jfrog_get_package_version_vulnerabilities- Get a list of known vulnerabilities affecting a specific version of an open source package
- Inputs:
type(string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)name(string): The name of the package, as it appears in the package repositoryversion(optional string): The version of the package (default: "latest")pageSize(optional number): Number of vulnerabilities to return per page (default: 10)pageCount(optional number): Number of pages to return (default: 1)
- Returns: List of vulnerabilities affecting the specified package version
-
jfrog_get_vulnerability_info- Get detailed information about a specific vulnerability, including affected packages and versions
- Inputs:
cve_id(string): The CVE ID or vulnerability identifier to look uppageSize(optional number): Number of vulnerabilities to return per page (default: 10)pageCount(optional number): Number of pages to return (default: 1)
- Returns: Detailed vulnerability information and affected packages
-
jfrog_get_package_curation_status- Check the curation status of a specific package version
- Inputs:
packageType(string): The type of package (pypi, npm, maven, golang, nuget, huggingface, rubygems)packageName(string): The name of the package, as it appears in the package repositorypackageVersion(string): The version of the package, as it appears in the package repository
- Returns: Curation status (approved, blocked, or inconclusive)
jfrog_get_artifacts_summary- Get artifacts issues summary in a repository or build, categorized and counted by severity (Low, Medium, High, Critical, Unkown)
- Inputs:
paths(string array): An array of paths to the artifacts from which to create the summary from
- Returns: A summary based on vulnerability count per severity for each artifact in the provided array plus the total issues
Setup
Installing via Smithery
To install mcp-jfrog for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @jfrog/mcp-jfrog --client claude
Prerequisites
- Node.js v18 or higher
- Docker (if using Docker deployment, See Docker Deployment )
- A valid JFrog platform instance with appropriate permissions
- Access to create and manage access tokens in your JFrog platform instance
Environment Variables
JFROG_ACCESS_TOKEN: Your JFrog access token (required)JFROG_URL: Base URL for your JFrog platform (required)TRANSPORT: Transport mode to use, set to 'sse' to enable SSE transport (default: stdio)PORT: Port number to use for SSE transport (default: 8080)CORS_ORIGIN: CORS origin allowed for SSE connections (default: '*')LOG_LEVEL: Logging level: DEBUG, INFO, WARN, ERROR (default: INFO)MAX_RECONNECT_ATTEMPTS: Maximum number of reconnection attempts for SSE server (default: 5)RECONNECT_DELAY_MS: Base delay in milliseconds between reconnection attempts (default: 2000)
JFrog Token (JFROG_ACCESS_TOKEN)
To use this MCP server, you need to create a JFrog Access Token or use an identity token with appropriate permissions:
For information on how to create a JFrog Token, please refer to the JFrog official documentations:
JFrog URL (JFROG_URL)
Your JFrog platform instance URL (e.g. https://acme.jfrog.io)
SSE Transport Features
The SSE transport mode includes the following features:
- Connection Management: Each SSE connection is tracked with a unique ID, allowing clients to maintain state across reconnection attempts.
- Structured Logging: Detailed logs with timestamps, severity levels, and relevant contextual information.
- Connection Resilience: Automatic reconnection attempts with exponential backoff if the server fails to start.
- Health Endpoint: A
/healthendpoint that returns server status information. - Connection Tracking: Real-time tracking of active connections with periodic statistics logging.
- Performance Metrics: Execution time tracking for tool operations and HTTP requests.
When using SSE mode:
- Clients should connect to the
/sseendpoint, optionally providing aconnectionIdquery parameter for session tracking. - Client requests should be sent to the
/messagesendpoint with the sameconnectionIdas a query parameter. - The server will respond with server-sent events through the established SSE connection.
Example client connection with connection ID:
GET /sse?connectionId=client123
Example client request:
POST /messages?connectionId=client123
Content-Type: application/json
{
"jsonrpc": "2.0",
"method": "listTools",
"id": 1
}
How to build
Clone the repo to your local machine using git clone and cd into the project directory:
git clone git@github.com:jfrog/mcp-jfrog.git
cd mcp-jfrog
Build as a Docker image:
docker build -t mcp/jfrog -f Dockerfile .
Build as an npm module:
npm i && npm run build
Usage
npm
{
"mcpServers": {
"MCP-JFrog": {
"command": "npm",
"args": [
"exec",
"-y",
"github:jfrog/mcp-jfrog"
],
"env": {
"JFROG_ACCESS_TOKEN": "ACCESS_TOKEN",
"JFROG_URL": "https://<YOUR_JFROG_INSTANCE_URL>"
}
}
},
"mcp-local-dev":{
"command": "node",
"args": [
"/<ABSOLUT_PATH_TO>/mcp-jfrog/dist/index.js"
],
"env": {
"JFROG_ACCESS_TOKEN": "<ACCESS_TOKEN>>",
"JFROG_URL": "<JFROG_URL>"
}
}
}
Docker
{
"mcpServers": {
"jfrog": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-e",
"JFROG_ACCESS_TOKEN",
"-e",
"JFROG_URL",
"mcp/jfrog"
],
"env": {
"JFROG_ACCESS_TOKEN": "<YOUR_TOKEN>",
"JFROG_URL": "https://your-instance.jfrog.io"
},
"serverUrl": "http://localhost:8080/sse"
}
}
}
SSE Transport Mode
To use the JFrog MCP Server with SSE transport mode (useful for web interfaces like Cursor's webview):
{
"mcpServers": {
"jfrog-sse": {
"command": "docker",
"args": [
"run",
"--rm",
"-p",
"8080:8080",
"-e",
"TRANSPORT=sse",
"-e",
"PORT=8080",
"-e",
"CORS_ORIGIN=*",
"-e",
"LOG_LEVEL=INFO",
"-e",
"MAX_RECONNECT_ATTEMPTS=5",
"-e",
"RECONNECT_DELAY_MS=2000",
"-e",
"JFROG_ACCESS_TOKEN",
"-e",
"JFROG_URL",
"mcp/jfrog"
],
"env": {
"JFROG_ACCESS_TOKEN": "<YOUR_TOKEN>",
"JFROG_URL": "https://your-instance.jfrog.io",
"serverUrl": "http://localhost:8080/sse"
}
}
}
}
Note: For SSE mode, you need to add the serverUrl parameter pointing to your SSE endpoint, and expose the port used by the server (-p 8080:8080).
Add the following to your claude_desktop_config.json:
Docker
{
"mcpServers": {
"jfrog": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-e",
"JFROG_ACCESS_TOKEN",
"-e",
"JFROG_URL",
"mcp/jfrog"
],
"env": {
"JFROG_ACCESS_TOKEN": "<YOUR_TOKEN>",
"JFROG_URL": "https://your-instance.jfrog.io" // Your JFrog platform URL
},
"serverUrl": "http://localhost:8080/sse"
}
}
}
npm
{
"mcpServers": {
"MCP-JFrog": {
"command": "npm",
"args": [
"exec",
"-y",
"github:jfrog/mcp-jfrog"
],
"env": {
"JFROG_ACCESS_TOKEN": "ACCESS_TOKEN",
"JFROG_URL": "https://<YOUR_JFROG_INSTANCE_URL>"
}
}
}
}
SSE Transport Mode
For Claude Desktop with SSE transport:
{
"mcpServers": {
"jfrog-sse": {
"command": "docker",
"args": [
"run",
"--rm",
"-p",
"8080:8080",
"-e",
"TRANSPORT=sse",
"-e",
"PORT=8080",
"-e",
"CORS_ORIGIN=*",
"-e",
"LOG_LEVEL=INFO",
"-e",
"MAX_RECONNECT_ATTEMPTS=5",
"-e",
"RECONNECT_DELAY_MS=2000",
"-e",
"JFROG_ACCESS_TOKEN",
"-e",
"JFROG_URL",
"mcp/jfrog"
],
"env": {
"JFROG_ACCESS_TOKEN": "<YOUR_TOKEN>",
"JFROG_URL": "https://your-instance.jfrog.io",
"serverUrl": "http://localhost:8080/sse"
}
}
}
}
</details>
## License
This MCP server is licensed under the Apache License 2.0. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the Apache License 2.0. For more details, please see the LICENSE.md file in the project repository.
Jfrog Mcp Server Reviews
Login Required
Please log in to share your review and rating for this MCP.
Actions
Jfrog Mcp Server's Information
- Author
- jfrog
- Category
- Development Tools
- Language
- TypeScript
- License
- Apache License 2.0
- Version
- v0.0.1
- Stars
- 106
- Updated
- about 1 month ago
Configuration
{
"mcpServers": {
"jfrog": {
"command": "npx",
"args": [
"-y",
"github:jfrog/mcp-jfrog"
],
"env": {
"JFROG_ACCESS_TOKEN": "<YOUR_ACCESS_TOKEN>",
"JFROG_URL": "<YOUR_JFROG_URL>"
}
}
}
}Configure Clients
Related MCP Servers
Discover more MCP servers with similar functionality and use cases
Zed
OfficialClientby zed-industries
Provides real-time collaborative editing powered by Rust, enabling developers to edit code instantly across machines with a responsive, GPU-accelerated UI.
Cline
Clientby cline
Provides autonomous coding assistance directly in the IDE, enabling file creation, editing, terminal command execution, browser interactions, and tool extension with user approval at each step.
Continue
Clientby continuedev
Provides continuous AI assistance across IDEs, terminals, and CI pipelines, offering agents, chat, inline editing, and autocomplete to accelerate software development.
GitHub MCP Server
by github
Enables AI agents, assistants, and chatbots to interact with GitHub via natural‑language commands, providing read‑write access to repositories, issues, pull requests, workflows, security data and team activity.
Goose
Clientby block
Automates engineering tasks by installing, executing, editing, and testing code using any large language model, providing end‑to‑end project building, debugging, workflow orchestration, and external API interaction.
Roo Code
OfficialClientby RooCodeInc
An autonomous coding agent that lives inside VS Code, capable of generating, refactoring, debugging code, managing files, running terminal commands, controlling a browser, and adapting its behavior through custom modes and instructions.
Mcp Agent
Clientby lastmile-ai
A lightweight, composable framework for building AI agents using Model Context Protocol and simple workflow patterns.
Firebase CLI
by firebase
Provides a command‑line interface to manage, test, and deploy Firebase projects, covering hosting, databases, authentication, cloud functions, extensions, and CI/CD workflows.
Gptme
Clientby gptme
Empowers large language models to act as personal AI assistants directly inside the terminal, providing capabilities such as code execution, file manipulation, web browsing, vision, and interactive tool usage.