Artifactory Token
Description
General
- Documentation: https://jfrog.com/help/r/jfrog-rest-apis/jfrog-rest-apis
- Summary: JFrog is a Software Supply Chain company, developing products including Artifactory. This detector aims at detecting JFrog API keys.
- IPs allowlist: This feature is not available, however, two-factor authentication can be enabled.
- Scopes: Keys have the same permissions as the user they are related too. Permissions can be managed from the dashboard at a user/group level. Access tokens can have the same permissions or a subset of the permissions of the user it belong to.
Revoke the secret
The key can be revoked from the user profile or through the API.
Check for suspicious activity
All access logs are stored and accessible through the administration module under Artifactory|System Logs. More information on this can be found in the documentation.
Details for Artifactory token
-
Family: token
-
Category: package_registry
-
Company: JFrog
-
High recall: True
-
Validity check available: False
-
Analyzer available: True
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 0.98
-
Prefixed: True
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- akcp[0-9]
Examples
- text: |
export ARTIFACTORY_TOKEN=AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM
apikey: AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: True
- Total network call count: 0
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively. No HTTP calls for this analyzer.
Other Calls
No other calls for this analyzer.