Overview
The single source of truth for governing MCP servers.
The JFrog MCP Registry is your system of record for managing, discovering, and governing Model Context Protocol (MCP) servers. By treating MCP servers as first-class artifacts within the JFrog Platform, it enables you to govern and secure your AI ecosystem with the same rigor as your software supply chain.
Why Use the JFrog MCP Registry?
Without centralized governance, developers pull unverified MCP servers from public repositories, granting AI agents ungoverned access to sensitive systems.
The JFrog MCP Registry mitigates this by providing:
- Central Governance: A single source of truth for the MCP servers with granular tool policies.
- Frictionless DevEx: A simple installation for AI-IDEs (Cursor, Claude Code, VS Code) with approved tools.
- Active Security: Automated scanning for malicious MCP artifacts before they reach developer machines.
| If you don't use a Registry... | With JFrog, you get... |
|---|---|
| Shadow AI: Developers pull unverified MCPs from unknown public sources | A Trusted Supply Chain MCP servers are treated as artifacts in Artifactory, vetted and curated before they can be used |
| Unknown Risks Developers using unverified MCPs from unknown sources. | Active Security Automatic Xray scanning for maliciousness and license compliance |
| Manual Configuration: Fragmented setup across different IDEs and teams.. | Unified DevEx: Single-command setup via jf cli for all major AI IDEs. |
| Security Gaps Blindly executing third-party binaries inside your network. | Granular Control Regex-based tool policies to dynamically allow MCP tools. |
Core Concepts
- MCP Server: An executable package (npm, Python) or remote endpoint that gives your AI agent new capabilities, such as querying databases or accessing internal systems. To guarantee a trusted supply chain, local MCPs are securely resolved and cached via Artifactory repositories.
- JFrog MCP Gateway: A lightweight JFrog CLI plugin that operates as a secure local proxy for your coding agents, routing requests to policy-approved MCP servers.
- Tool Policies: Granular, Regex-based Allow/Deny tool usage rules. Since MCP tools are dynamic, pattern matching provides exact control over what an agent is allowed to execute, for instance, permitting read operations while blocking delete commands.
- Project Context: Policies tied to JFrog Projects, ensuring developers only access tools relevant to their specific scope.
Supported Capabilities
The JFrog MCP Registry is designed to secure the full lifecycle of agentic MCPs:
- Govern both local server and remote URL endpoints.
- Secure MCP usage for Coding Agents such as Claude Code, Cursor and more.
- Patterns-based policies to allow or block specific tools within an MCP server.
- Register and distribute custom-built MCP servers using standard Artifactory repositories (npm and PyPI).
The JFrog MCP Registry governs and delivers trusted MCPs from Artifactory directly to your AI IDE via a secure, policy-enforced local gateway.
Updated about 19 hours ago