Overview
The single source of truth for governing MCP servers.
The JFrog MCP Registry is your system of record for managing, discovering, and governing Model Context Protocol (MCP) servers. By treating MCP servers as first-class artifacts within the JFrog Platform, it enables you to govern and secure your AI ecosystem with the same rigor as your software supply chain.
Why Use the JFrog MCP Registry?
Without centralized governance, developers pull unverified MCP servers from public repositories, granting AI agents ungoverned access to sensitive systems.
The JFrog MCP Registry mitigates this by providing:
- Central Governance: A single source of truth for MCP servers with granular tool policies.
- IDE-Native Setup: Install the JFrog IDE plugin for Cursor or VS Code and the MCP Gateway configures itself automatically.
- Active Security: Automated scanning for malicious MCP artifacts before they reach developer machines.
| If you don't use a Registry... | With JFrog, you get... |
|---|---|
| Shadow AI: Developers pull unverified MCPs from unknown public sources | A Trusted Supply Chain MCP servers are treated as artifacts in Artifactory, vetted and curated before they can be used |
| Unknown Risks Developers using unverified MCPs from unknown sources. | Active Security Automatic Xray scanning for maliciousness and license compliance |
| Manual Configuration: Fragmented setup across different IDEs and teams. | Unified DevEx: Install the JFrog IDE plugin and the MCP Gateway configures itself automatically. |
| Security Gaps Blindly executing third-party binaries inside your network. | Granular Control Regex-based tool policies to dynamically allow or block MCP tools. |
Core Concepts
- MCP server: An executable package (npm, Python) or remote endpoint that gives your AI agent new capabilities, such as querying databases or accessing internal systems. To guarantee a trusted supply chain, local MCPs are securely resolved and cached via Artifactory repositories.
- JFrog MCP Gateway: A local proxy binary that wraps each MCP server individually, enforcing tool policies on every call your AI agent makes. The Gateway is installed and managed automatically by the JFrog IDE plugin. It authenticates using your JFrog environment variables or the JFrog CLI.
- JFrog MCP Registry: The catalog of approved MCP servers your organization has made available. Developers can discover and add servers from the registry conversationally through their AI agent.
- Tool Policies: Granular, regex-based Allow/Deny rules for MCP tool usage. Since MCP tools are dynamic, pattern matching provides exact control over what an agent is allowed to execute — for instance, permitting read operations while blocking delete commands.
- Project Context: Policies tied to JFrog Projects, ensuring developers only access tools relevant to their specific scope.
Supported Capabilities
The JFrog MCP Registry is designed to secure the full lifecycle of agentic MCPs:
- Govern both local server and remote URL endpoints.
- Secure MCP usage for coding agents in Cursor and VS Code (Claude Code support coming soon).
- Pattern-based policies to allow or block specific tools within an MCP server.
- Register and distribute custom-built MCP servers using standard Artifactory repositories (npm and PyPI).
- Manage MCP servers conversationally — ask your AI agent to list, add, or remove servers without leaving your IDE.
Updated 17 days ago