Onboard JFrog Artifactory - Administrator Guide - Cortex Cloud Posture Management - Cortex CLOUD

Cortex Cloud Application Security
Product
Cortex Cloud Posture Management
Cortex Cloud Application Security > Cortex CLOUD
Creation date
2025-01-22
Last date published
2026-05-31
Category
Administrator Guide

Follow the steps below to configure the connection to your JFrog Artifactory instance.

Prerequisite

  • JFrog permissions:

    • The permissions associated with the user configured during the onboarding process determine the scope of scan results. Only repositories and artifacts the user can access are included

      Repository access: The Artifactory user must have Read access to the specific repositories you want to scan

Onboarding steps

  2. Hover over JFrog Artifactory and click Add or Add Another Instance if an instance is already onboarded.

  3. Select Package resolution for code scanning as the integration type.

  4. Provide an instance nameEnable access by IPs (optional)Next.

    Note

    To authorize the scanner to connect through your firewall, select Enable access by IPs, and copy the displayed source IPs to your organization's allowlist.

  5. Fill in the provided fields and click Next.

    • Registry URL: Enter your JFrog Artifactory URL.

      Example 2. Examples

      • For JFrog SaaS integrations: https://example.jfrog.io

      • For JFrog on-premises integrations: https://artifactory.example.com, where <artifactory.example.com> is your server domain or IP address


    • Username (required): Your JFrog user name

    • Password (required): Your JFrog password

  6. Select a package manager to configure a registry as private instead of the default public registry.

    Note

    • For Maven:

      • Select Mirror Registry if this repository mirrors an external repository

      • Use the Mirror Of value to define the duplication scope:

        • * mirrors all requests

        • Type a request [value]: Mirrors only specific requests (such as central).

    • Package managers not listed will default to the public registry

    • You can only proceed after selecting at least one package manager.

  7. (Optional): Select Add a package manager to set up an additional package manager.

  8. Click Save.

  9. Verify integration: Verify integration and confirm that the your integrated JFrog Artifactory instance is Connected.

    1. Navigate to SettingsData Sources & Integrations.

    2. Filter the table by Provider=JFrog.

    3. Select the resulting displayed instance.

    4. On the Data Source side panel, verify that the Status displays Connected.

Manage data source integrations

Manage integrations to align with evolving requirements and ensure they remain current.

  1. Navigate to SettingsData Sources & Integrations and use the Vendor filter to located the required integration.

  2. Select your vendor from the list.

    The integrated instances for the selected vendor are displayed.

  3. Right-click on an instance and select an option:

    • Edit instance: Redirects to the Select Repositories step of the integration wizard, where you can modify configurations for the selected instance. For more details, refer to the relevant integration guide

    • Delete instance: When confirmed, deletes the instance, including data from previous scans

    • Copy entire row – Copies all column values for the selected row to the clipboard.