Build-Info Integration

JFrog CLI integrates with any development ecosystem, allowing you to collect build-info and then publish it to Artifactory. By publishing build-info to Artifactory, JFrog CLI empowers Artifactory to provide visibility into deployed artifacts, used dependencies, and extensive information on the build environment to allow fully traceable builds. For more information about build-info and build integration with Artifactory, see the JFrog Integrations Documentation.

When to Use Build-Info

Scenario	Target Audience	Why Use Build-Info
CI/CD pipelines publishing artifacts	DevOps Engineers	Full traceability from source to deployed artifact
Security scanning with JFrog Xray	Security Teams	Xray scans build-info to identify vulnerable dependencies
Compliance and audit requirements	Platform Admins	Immutable record of what was built, with what, and when
Release management	Release Engineers	Promote builds between repositories with full metadata
Debugging production issues	Developers	Trace any artifact back to its exact build environment

📘
What is Build-Info?
Build-info is a JSON record that captures everything about a build: which dependencies were resolved, which artifacts were produced, environment variables, Git information, and more. It provides full traceability from source to artifact and integrates with JFrog Xray for security scanning.

📘
Coming from the REST API?
If you have been using POST /api/build to publish build-info directly, the CLI automates the entire collection process. Instead of manually constructing the build-info JSON, use --build-name and --build-number on your upload/download/build commands, then jf rt build-publish to send it all at once.

Many JFrog CLI commands accept the optional --build-name and --build-number options. When you add these options, JFrog CLI collects and records the build info locally for these commands. When running multiple commands with the same build name and build number, JFrog CLI aggregates the collected build info into one build. The recorded build-info can be published to Artifactory later using the build-publish command.

📘
You can optionally collect
You can optionally collect environment variables and Git metadata at publish time with jf rt bp using --collect-env and --collect-git-info, reducing the need for separate bce / bag steps (details below). Legacy commands remain supported.

Collecting Build-Info

Build-info is collected by adding the --build-name and --build-number options to different CLI commands. The CLI commands can be run multiple times to cumulatively collect build-info for the specified build name and number until it is published to Artifactory. For example, running the jf rt download command several times with the same build name and number will accumulate each downloaded file in the corresponding build-info.

📘
Where is local build-info stored?
Until published, collected build-info (env vars, git metadata, file dependencies) is stored in a temporary directory on the local machine: $TMPDIR/jfrog-<username>/builds/<hash>/partials/. Use jf rt bp --dry-run to preview the accumulated build-info JSON at any time without publishing to Artifactory. Use jf rt bc <build-name> <build-number> to clear locally accumulated data.

Collecting Dependencies

Dependencies are collected by adding the --build-name and --build-number options to the jf rt download command.

To record downloaded artifacts as build dependencies:

Run jf rt dl with a repository path, artifact path, and matching --build-name and --build-number values.
```
jf rt dl <repository>/<artifact-path> --build-name=<build-name> --build-number=<build-number>
```
Where:
- <repository> — Artifactory repository key and path prefix for the artifact.
- <artifact-path> — Path to the artifact under that repository.
- <build-name> — Build name to associate with the download.
- <build-number> — Build number to associate with the download.
Example:
```
jf rt dl my-local-repo/cool-froggy.zip --build-name=my-build-name --build-number=18
```

Collecting Build Artifacts

Build artifacts are collected by adding the --build-name and --build-number options to the jf rt upload command.

To record uploaded files as build artifacts:

Run jf rt u (upload) with local source path, target repository, and matching --build-name and --build-number values.
```
jf rt u <local-path> <repository> --build-name=<build-name> --build-number=<build-number>
```
Where:
- <local-path> — Path to the file or pattern on your machine.
- <repository> — Target Artifactory repository (and optional path).
- <build-name> — Build name to associate with the upload.
- <build-number> — Build number to associate with the upload.
Example:
```
jf rt u froggy.tgz my-local-repo --build-name=my-build-name --build-number=18
```

Collecting Environment Variables

Option A (recommended): Collect at publish time

Use jf rt bp with:

--collect-env – include environment variables in the build-info.
Combine with --env-include / --env-exclude to control what's sent.

Example

jf rt bp my-build-name 18 \
  --collect-env \
  --env-exclude "*password*;*secret*;*key*;*token*;*auth*"

Option B (legacy): build-collect-env (bce)

🚧
Deprecated
bce is retained for backward compatibility. Prefer --collect-env on jf rt bp (Option A), which collects environment variables at publish time and eliminates an extra pipeline step.

The build-collect-env (bce) command collects environment variables and attaches them to a build.

To collect environment variables with bce (legacy):

Run jf rt bce with the target build name and number (see Usage below).

Usage

jf rt bce <build-name> <build-number>

Where:

<build-name> — Build name to attach environment variables to.
<build-number> — Build number for that build.

Commands Params

Command name	Abbreviation
`rt build-collect-env`	`rt bce`

Command arguments: The command accepts two arguments.

Argument	Description
build name	Build name.
build number	Build number.

Command options:

Option	Description
`--project`	(Optional) JFrog project key.

Collecting Environment Examples

Collecting Environment Variable Example 1

Collect all currently known environment variables and attach them to the build-info for build my-build-name with build number 18:

jf rt bce my-build-name 18

Expected output:

[Info] Collecting environment variables...
[Info] Collected environment variables for my-build-name/18.

Collecting Environment Variable Example 2

Collect environment variables for build name frogger-build and build number 17:

jf rt bce frogger-build 17

Expected output:

[Info] Collecting environment variables...
[Info] Collected environment variables for frogger-build/17.

Recommendation: Prefer jf rt bp ... --collect-env to capture environment variables at publish time and reduce pipeline steps. bce remains supported for backward compatibility.

Collect Information from Git

Option A (recommended): Collect at publish time

Use jf rt bp with:

--collect-git-info: read Git revision and remote URL.
--dot-git-path: path to the directory containing .git, if not at project root.
--git-config-file-path: path to a Git config file for advanced layouts.

Example

jf rt bp my-build-name 18 \
  --collect-git-info \
  --dot-git-path .

📘
Note
--dot-git-path expects the directory that contains the .git folder, not the .git directory itself. For example, if your project root is at /path/to/project and contains /path/to/project/.git, pass --dot-git-path /path/to/project. If .git is in the current working directory, pass --dot-git-path . or omit the flag entirely. If the path is incorrect, the CLI will silently skip VCS collection (exit 0) and log a [Warn] message — verify VCS fields in the published build-info when traceability is required.

Option B (legacy): build-add-git (bag)

The build-add-git (bag) command collects the Git revision and URL from the local .git directory and adds it to the build-info. The command also collects the list of tracked project issues (for example, issues stored in JIRA or other bug tracking systems) and adds them to the build-info. The issues are collected by reading the git commit messages from the local git log. Each commit message is matched against a pre-configured regular expression, which retrieves the issue ID and issue summary. The information required for collecting the issues is retrieved from a YAML configuration file provided to the command.

To add Git metadata with bag (legacy):

Run jf rt bag with build name and number, and optionally the path to the directory that contains .git (see Usage and Command options below).

Usage

jf rt bag [command options] <build-name> <build-number>

Where:

<build-name> — Build name to add Git metadata to.
<build-number> — Build number for that build.

To point at a specific project directory, append a third argument after <build-number>: <path-to-git-parent> (the directory that contains .git). If you omit it, the CLI searches upward from the current directory.

Commands Params

Command name	Abbreviation
`rt build-add-git`	`rt bag`

Command arguments: The command accepts three arguments.

Argument	Description
build name	Build name.
build number	Build number.
`.git` path	(Optional) Path to a directory containing the `.git` directory. If not specified, the `.git` directory is assumed to be in the current directory or in one of the parent directories.

Command options:

Option	Description
`--config`	(Optional) Path to a yaml configuration file, used for collecting tracked project issues and adding them to the build-info.
`--server-id`	(Optional) Server ID configured using the `jf config` command. This is the server to which the build-info will be later published, using the `jf rt build-publish` command. This option, if provided, overrides the `serverID` value in this command's yaml configuration. If both values are not provided, the default server is used.
`--project`	(Optional) JFrog project key.

Configuration file properties

Property name	Description
`Version`	The schema version is intended for internal use. Do not change!
`serverID`	Artifactory server ID configured by the `jf config` command. The command uses this server for fetching details about previous published builds. The `--server-id` command option, if provided, overrides the `serverID` value. If both the `serverID` property and the `--server-id` command options are not provided, the default server, configured by the `jf config` command is used.
`trackerName`	The name (type) of the issue tracking system. For example, JIRA. This property can take any value.
`regexp`	A regular expression used for matching the git commit messages. The expression should include two capturing groups - for the issue key (ID) and the issue summary. Example message: `HAP-1007 - This is a sample issue`
`keyGroupIndex`	The capturing group index in the regular expression used for retrieving the issue key.
`summaryGroupIndex`	The capturing group index in the regular expression for retrieving the issue summary.
`trackerUrl`	The issue tracking URL. Used for constructing links to issues in the Artifactory build UI.
`aggregate`	Set to `true` to include issues from previous builds.
`aggregationStatus`	If `aggregate` is `true`, indicates how far in time to aggregate (for example, until a build with a `RELEASE` status is found).

Example

jf rt bag frogger-build 17 checkout-dir

Expected output:

[Info] Reading the git branch, revision and remote URL and adding them to the build-info.

📘
Note
checkout-dir here is the directory that contains the .git folder, not the .git folder itself. The Git information (branch, revision, remote URL) is stored locally and included when you later run jf rt bp to publish the build.

Configuration file structure (example)

version: 1
issues: 
  # The serverID yaml property is optional. The --server-id command option, if provided, overrides the serverID value.
  # If both the serverID property and the --server-id command options are not provided,
  # the default server, configured by the "jfrog config add" command is used.
  serverID: my-artifactory-server

  trackerName: JIRA
  regexp: (.+-[0-9]+)\s-\s(.+)
  keyGroupIndex: 1
  summaryGroupIndex: 2
  trackerUrl: https://my-jira.com/issues
  aggregate: true
  aggregationStatus: RELEASED

Recommendation: Prefer jf rt bp ... --collect-git-info [--dot-git-path ...] to gather Git metadata at publish time. Use bag only when you need commit-message issue extraction via YAML.

Adding Files as Build Dependencies

The download command and other commands that download dependencies from Artifactory accept the --build-name and --build-number options to record the downloaded files as build dependencies. In cases where it is necessary to add a file downloaded by another tool as a dependency, use the build-add-dependencies (bad) command.

By default, the command collects files from the local file system. To collect files from Artifactory instead, add the --from-rt option.

To add files as build dependencies:

Run jf rt bad with build name, number, and pattern (or a File Spec); add --from-rt to resolve paths in Artifactory. See Usage, Command options, and the examples below.

Usage

jf rt bad [command options] <build-name> <build-number> <pattern>
jf rt bad --spec=<file-spec-path> [command options] <build-name> <build-number>

Where:

<build-name> — Build name to add dependencies to.
<build-number> — Build number for that build.
<pattern> — Local path or pattern for dependencies (when not using --spec).
<file-spec-path> — Path to a File Spec file (second command form).

Commands Params

Command name	Abbreviation
`rt build-add-dependencies`	`rt bad`

Command arguments: The command takes three arguments.

Argument	Description
build name	The build name to which to add dependencies.
build number	The build number to which to add dependencies.
pattern	Specifies the local file system path to dependencies which should be added to the build info. You can specify multiple dependencies by using wildcards or a regular expression as designated by the `--regexp` command option. If you have specified that you are using regular expressions, then the first one used in the argument must be enclosed in parenthesis.

Command options:

When using the * or ; characters in the command options or arguments, wrap the whole string in quotes (") so they are not interpreted as literals.

Option	Description
`--from-rt`	(Default: false) Set to `true` to search the files in Artifactory, rather than on the local file system. The `--regexp` option is not supported when `--from-rt` is set to true.
`--server-id`	(Optional) Server ID configured using the `jf config` command.
`--spec`	(Optional) Path to a File Spec.
`--spec-vars`	(Optional) Semicolon-separated variables in the form of `"key1=value1;key2=value2;..."` to be replaced in the File Spec. In the File Spec, the variables should be used as `${key1}`.
`--recursive`	(Default: true) When `false`, artifacts inside sub-folders in Artifactory will not be affected.
`--regexp`	(Default: false) Use a regular expression instead of wildcards to collect files (not supported with `--from-rt`).
`--dry-run`	(Default: false) Only show a summary of dependencies that will be added.
`--module`	(Optional) Optional module name in the build-info for adding the dependency.
`--exclusions`	A list of semicolon-separated exclude patterns. Allows wildcards or a regular expression according to the value of the `--regexp` option.

Adding Files as Build Dependencies Examples

Adding Files as Build Dependencies Example 1

Add all files located under the path/to/build/dependencies/dir directory as dependencies of a build. The build name is my-build-name and the build number is 7. The build-info is only updated locally. To publish the build-info to Artifactory use the jf rt build-publish command.

jf rt bad my-build-name 7 "path/to/build/dependencies/dir/"

Expected output:

[Info] Running Build Add Dependencies command...
[Info] Adding dependency: path/to/build/dependencies/dir/dep1.jar
[Info] Adding dependency: path/to/build/dependencies/dir/dep2.jar
{
  "status": "success",
  "totals": {
    "success": 2,
    "failure": 0
  }
}

Adding Files as Build Dependencies Example 2

Add all files located in the m-local-repo Artifactory repository, under the dependencies folder, as dependencies of a build.

jf rt bad my-build-name 7 "my-local-repo/dependencies/" --from-rt

Adding Files as Build Dependencies Example 3

Add all files located under the directory to module m1.

jf rt bad my-build-name 7 "path/to/build/dependencies/dir/" --module m1

Publishing Build-Info

The build-publish (bp) command publishes accumulated build-info to Artifactory.

To publish build-info:

Run jf rt bp with the build name and number to publish, plus any optional flags (see Usage and Command options below).

Usage

jf rt bp [command options] <build-name> <build-number>

Where:

<build-name> — Build name to publish.
<build-number> — Build number to publish.

Commands Params

Command name	Abbreviation
`rt build-publish`	`rt bp`

Command arguments: The command accepts two arguments.

Argument	Description
build name	Build name to be published.
build number	Build number to be published.

Command options:

Option	Description
`--server-id`	(Optional) Server ID configured using the `jf config` command. If not specified, the default configured Artifactory server is used.
`--project`	(Optional) JFrog project key.
`--build-url`	(Optional) CI server build URL to include in the build-info.
`--collect-env`	(Default: false) Collect environment variables at publish time.
`--env-include`	(Default: ``)* Semicolon-separated patterns in the form `"value1;value2;..."`. Only environment variables that match those patterns are included.
`--env-exclude`	(Default: `password;psw;secret;key;token;auth`) Case-insensitive semicolon-separated patterns to exclude sensitive variables.
`--collect-git-info`	(Default: false) Collect Git revision and remote URL at publish time.
`--dot-git-path`	(Optional) Path to the directory containing the `.git` folder (for example, `--dot-git-path .` for the current directory). The CLI appends `.git` to this value — do not pass the `.git` directory itself. If omitted, the CLI searches upward from the current directory.
`--git-config-file-path`	(Optional) Path to a Git config file (for advanced repository layouts).
`--dry-run`	(Default: false) Set to `true` to disable communication with Artifactory.
`--insecure-tls`	(Default: false) Skip TLS certificates verification.
`--overwrite`	(Default: false) Overwrite all existing occurrences of build infos with the provided name and number. Build artifacts will not be deleted.
`--detailed-summary`	(Default: false) Set to true to get a command summary with details about the build info artifact.

Publishing Build-Info Examples

Publish Only Example

jf rt bp my-build-name 18

Expected output (success):

[Info] Publishing build info for <my-build-name>/<18>...
[Info] Build info successfully published to Artifactory.

Publish + collect env + git (one step) Example

jf rt bp my-build-name 18 \
  --collect-env \
  --env-exclude "*password*;*secret*;*key*;*token*;*auth*" \
  --collect-git-info \
  --dot-git-path .

Security note: Always use --env-exclude to prevent leaking secrets. The default covers common names; extend it for your organization's variables.

Dry-run tip: Use --dry-run to preview the full build-info JSON (including collected env vars and VCS fields) without publishing to Artifactory:

jf rt bp my-build-name 18 --dry-run

Aggregating Published Builds

In complex builds where steps run across multiple machines, you can publish separate build-info instances and then aggregate them into a "master" build-info record. The build-append (ba) command adds a reference from a new build-info to a previously published one.

If your build is composed of multiple build steps across different machines/time periods, create a separate build-info for each section and publish it independently. Once all are published, create a new build-info that references all previously published build-info instances using build-append. The reference is represented by a new module in the new build-info, with ID format: <referenced build name>/<referenced build number>.

To aggregate published builds:

Satisfy the prerequisites in the note below, then run jf rt ba for each published build you want to append, and publish the aggregating build with jf rt bp.

📘
Prerequisites for build-append

Upload artifacts for each sub-build (using jf rt upload with --build-name and --build-number).

Publish each sub-build to Artifactory with jf rt build-publish.

Only then run jf rt ba — the appended builds must already be published. The command contacts Artifactory to verify the referenced builds exist.

Usage

jf rt ba <build-name> <build-number> <build-name-to-append> <build-number-to-append>

Where:

<build-name> — Current (aggregating) build name.
<build-number> — Current (aggregating) build number.
<build-name-to-append> — Published build name to append.
<build-number-to-append> — Published build number to append.

Commands Params

Command name	Abbreviation
`rt build-append`	`rt ba`

Command arguments: The command accepts four arguments.

Argument	Description
build name	The current (not yet published) build name.
build number	The current (not yet published) build number.
build name to append	The published build name to append to the current build.
build number to append	The published build number to append to the current build.

Command options:

Option	Description
`--server-id`	(Optional) Server ID configured using the `jf config` command. If not specified, the default configured Artifactory server is used.
`--project`	(Optional) JFrog project key.
`--build-url`	(Optional) CI server build URL to include in the build-info.
`--dry-run`	(Default: false) Set to `true` to preview without publishing to Artifactory.
`--env-include`	(Default: ``)* Semicolon-separated patterns for environment variables to include.
`--env-exclude`	(Default: `password;psw;secret;key;token;auth`) Case-insensitive semicolon-separated patterns to exclude sensitive variables.
`--insecure-tls`	(Default: false) Skip TLS certificates verification.

Requirements

Artifactory version 7.25.4 and above.

Aggregating Published Builds Example

# Create and publish build a/1
jf rt upload "a/*.zip" generic-local --build-name a --build-number 1
jf rt build-publish a 1

# Create and publish build b/1
jf rt upload "b/*.zip" generic-local --build-name b --build-number 1
jf rt build-publish b 1

# Append builds a/1 and b/1 to build aggregating-build/10
jf rt build-append aggregating-build 10 a 1
jf rt build-append aggregating-build 10 b 1

# Publish build aggregating-build/10
jf rt build-publish aggregating-build 10

# Download the artifacts of aggregating-build/10 (includes a/1 and b/1)
jf rt download --build aggregating-build/10

Promoting a Build

The build-promote (bpr) command promotes a build in Artifactory, typically by moving or copying build artifacts to a target repository.

To promote a build:

Run jf rt bpr with the build name, build number, and target repository (see Usage and Command options below).

Usage

jf rt bpr [command options] <build-name> <build-number> <target-repository>

Where:

<build-name> — Build name to promote.
<build-number> — Build number to promote.
<target-repository> — Repository key to promote artifacts into.

Commands Params

Command name	Abbreviation
`rt build-promote`	`rt bpr`

Command arguments: The command accepts three arguments.

Argument	Description
build name	Build name to be promoted.
build number	Build number to be promoted.
target repository	Build promotion target repository.

Command options:

Option	Description
`--server-id`	(Optional) Server ID configured using the `jf config` command. If not specified, the default configured Artifactory server is used.
`--project`	(Optional) JFrog project key.
`--status`	(Optional) Build promotion status.
`--comment`	(Optional) Build promotion comment.
`--source-repo`	(Optional) Build promotion source repository.
`--include-dependencies`	(Default: false) If set to true, the build dependencies are also promoted.
`--copy`	(Default: false) If set true, the build artifacts and dependencies are copied to the target repository, otherwise they are moved.
`--props`	(Optional) Semicolon-separated properties in the form `"key1=value1;key2=value2,..."` to attach to the build artifacts.
`--dry-run`	(Default: false) If true, promotion is only simulated. The build is not promoted.
`--fail-fast`	(Default: true) If true, abort the promotion on the first error.
`--insecure-tls`	(Default: false) Skip TLS certificates verification.

Promoting a Build Example

Move the artifacts associated with the published build-info my-build-name/18 to target-repository:

jf rt bpr my-build-name 18 target-repository

Cleaning up the Build

Use the build-clean (bc) command to reset locally accumulated build-info and delete any information collected so far for a given build name and number.

To reset locally accumulated build-info:

Run jf rt bc with the build name and number you want to clear (see Usage below).

Usage

jf rt bc <build-name> <build-number>

Where:

<build-name> — Build name whose local build-info you want to clear.
<build-number> — Build number for that build.

Commands Params

Command name	Abbreviation
`rt build-clean`	`rt bc`

Command arguments: The command accepts two arguments.

Argument	Description
build name	Build name.
build number	Build number.

Command options:

This command has no options.

Cleaning up the Build Example

jf rt bc my-build-name 18

Expected output:

[Info] Cleaning build info...
[Info] Cleaned build info my-build-name/18.

Discarding Old Builds from Artifactory

The build-discard (bdi) command removes old builds previously published to Artifactory according to retention options.

To discard old published builds:

Run jf rt bdi with the build name and at least one retention rule (such as --max-builds or --max-days); see Usage, Command options, and the examples below.

Usage

jf rt bdi [command options] <build-name>

Where:

<build-name> — Build name whose old published builds you want to discard (subject to retention flags).

Commands Params

Command name	Abbreviation
`rt build-discard`	`rt bdi`

Command arguments: The command accepts one argument.

Argument	Description
build name	Build name.

Command options:

Option	Description
`--server-id`	(Optional) Server ID configured using the `jf config` command. If not specified, the default configured Artifactory server is used.
`--max-days`	(Optional) The maximum number of days to keep builds in Artifactory.
`--max-builds`	(Optional) The maximum number of builds to store in Artifactory.
`--exclude-builds`	(Optional) Comma-separated build numbers in the form `"build1,build2,..."` that should not be removed.
`--delete-artifacts`	(Default: false) If set to true, automatically removes build artifacts stored in Artifactory.
`--async`	(Default: false) If set to true, build discard will run asynchronously and will not wait for response.
`--project`	(Optional) JFrog project key.
`--insecure-tls`	(Default: false) Skip TLS certificates verification.

Discarding Old Builds from Artifactory Examples

📘
Build discard operations require at least one retention rule (such as max-builds or max-days). If no retention criteria are specified, the request succeeds, but no builds are removed. The delete-artifacts option only controls artifact removal for discarded builds.
Example: jf rt bdi my-build-name --max-builds=10 --delete-artifacts=false

Discarding Old Builds from Artifactory Example 1

Discard the oldest build numbers of build my-build-name, leaving only the 10 most recent:

jf rt bdi my-build-name --max-builds=10

Discarding Old Builds from Artifactory Example 2

Discard the oldest build numbers, leaving only builds published during the last 7 days:

jf rt bdi my-build-name --max-days=7

Discarding Old Builds from Artifactory Example 3

Discard by age but keep specific builds:

jf rt bdi my-build-name --max-days 7 --exclude-builds "b20,b21"

Troubleshooting

Build succeeded but nothing was deployed
- Gradle (Artifactory plugin): specify publications (artifactory.publish.publications=release or via CLI/DSL).
- Maven: run a deploy phase/goal (deploy) or ensure your setup deploys during install.
- npm/yarn: install only resolves; publish with jf npm publish (or jf rt u), then jf rt bp.
- Docker/Podman: ensure jf docker login (or remove --skip-login), and that the repo permissions are correct.
Secrets in env: use --env-exclude with --collect-env; extend default patterns to match your org's variables.
.git path not found: The bag command and --collect-git-info require a valid .git directory. Ensure your working directory contains a .git folder, or specify the path to the directory containing .git with --dot-git-path <parent-dir>. For example, if .git is at /repo/.git, use --dot-git-path /repo. Do not pass the .git folder itself. If the path is wrong, the CLI exits 0 with a [Warn] and silently omits VCS data from the build-info.