Skip to main content

Artifactory Token

Description

General

  • Documentation: https://jfrog.com/help/r/jfrog-rest-apis/jfrog-rest-apis
  • Summary: JFrog is a Software Supply Chain company, developing products including Artifactory. This detector aims at detecting JFrog API keys.
  • IPs allowlist: This feature is not available, however, two-factor authentication can be enabled.
  • Scopes: Keys have the same permissions as the user they are related too. Permissions can be managed from the dashboard at a user/group level. Access tokens can have the same permissions or a subset of the permissions of the user it belong to.

Revoke the secret

The key can be revoked from the user profile or through the API.

Check for suspicious activity

All access logs are stored and accessible through the administration module under Artifactory|System Logs. More information on this can be found in the documentation.

Details for Artifactory token

  • Family: token

  • Category: package_registry

  • Company: JFrog

  • High recall: True

  • Validity check available: False

  • Analyzer available: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.98

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- akcp[0-9]

Examples

- text: |
export ARTIFACTORY_TOKEN=AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM
apikey: AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 0
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively. No HTTP calls for this analyzer.

Other Calls

No other calls for this analyzer.