Try JFrog
Guides
Contact SupportTry JFrog
  1. CLI

Build Tools

JFrog CLI integrates with popular build tools to resolve dependencies from Artifactory, deploy artifacts, and collect build information — all through a consistent interface.


Workflow: Configure, Build, Publish

Every build tool integration follows the same three-step pattern.

To integrate a build tool with Artifactory:

  1. Configure the tool (run once per project) using jf <tool>-config.
  2. Build with the tool, optionally collecting build-info using jf <tool> <command> --build-name=<name> --build-number=<number>.
  3. Publish build-info to Artifactory using jf rt build-publish <name> <number>.

Common Build-Info Flags

--build-name and --build-number must always be provided together. When present, the CLI records resolved dependencies and produced artifacts locally, then jf rt build-publish sends that record to Artifactory. Two additional flags are available on all build-tool commands.

FlagDescription
--projectAssociates the build-info with a JFrog Project
--moduleNames a logical component within the build-info (for multi-module builds)

Build-Info Enrichment

Before publishing build-info, you can enrich it with environment variables and Git context. The following commands work with any build tool.

CommandPurposeNotes
jf rt build-collect-envCollects environment variables into the build-infoOn success: [Info] Collected environment variables for <name>/<number>.
jf rt build-add-gitAdds Git commit hash, branch, and messageRequires a .git directory. Run from your project root, or pass the path explicitly as a third argument: jf rt build-add-git <name> <number> /path/to/project
jf rt build-add-dependenciesAdds arbitrary file dependenciesAccepts local paths and wildcards. On success: {"status":"success","totals":{"success":N,"failure":0}}
jf rt build-publishPublishes the enriched build-info to ArtifactoryUse --dry-run to preview the full build-info JSON before writing to Artifactory. See tip below.

In CI/CD pipelines, the recommended sequence after a build is:

jf rt build-collect-env <build-name> <build-number>
jf rt build-add-git <build-name> <build-number>
jf rt build-publish <build-name> <build-number>

Where:

  • <build-name> — Logical name for the build (for example my-app).
  • <build-number> — Build number or CI build ID (for example 42).

Example:

jf rt build-collect-env my-app 42
jf rt build-add-git my-app 42
jf rt build-publish my-app 42
📘

Note

jf rt build-add-git requires a .git directory in the current or a parent directory, or pass the project path as a third argument to the command.

👍

Shortcut

jf rt build-publish supports --collect-env and --collect-git-info flags that combine all three steps into one command. The --collect-git-info flag also degrades gracefully (a warning, not an error) when no .git directory is found:

jf rt build-publish --collect-env --collect-git-info <build-name> <build-number>
👍

Tip

Before publishing for the first time, use --dry-run to preview the full build-info JSON without writing to Artifactory:

jf rt build-publish --dry-run <build-name> <build-number>

For step-by-step instructions, see Getting Started.

Verifying Your Build

After publishing build-info, you can verify that artifacts and build-info are in Artifactory using jf rt search and jf rt curl. For verification steps, see Getting Started — Verifying Success.

Supported Build Tools

Package ManagerConfig CommandBuild CommandPublish CommandBuild-InfoNative Mode
Mavenjf mvn-configjf mvn <goals>Via install goal (or later)YesYes
Gradlejf gradle-configjf gradle <tasks>Via publish taskYesYes
Yarnjf yarn-configjf yarn <command>Yes
pipjf pip-configjf pip installVia jf twineYes
Pipenvjf pipenv-configjf pipenv installVia jf twineYes
Poetryjf poetry-configjf poetry <subcommand>jf poetry publishYesYes
TwineUses pip/pipenv configjf twine uploadjf twine uploadYes
Gojf go-configjf go <subcommand>jf go-publishYes
NuGetjf nuget-configjf nuget restoreYes
.NETjf dotnet-configjf dotnet restore / buildYes
Dockerjf docker pull / push / buildjf docker pushYesYes
Helmjf helm <command>jf helm pushYesNative-only
Conanjf conan <subcommand>Via Conan nativeYesNative-only
Terraformjf terraform-configjf terraformVia jf terraformYes
Rubyjf ruby-config(config only)
📘

Which Python tool?

Use jf pip for requirements.txt projects, jf pipenv for Pipfile projects, or jf poetry for pyproject.toml projects. pip and Pipenv publish via jf twine; Poetry publishes with jf poetry publish.

For tools with Native Mode support, see the Native Mode page for setup and when to use each mode.

Why Use JFrog CLI Instead of Native Build Tools?

Running builds through JFrog CLI (for example, jf mvn install instead of mvn install) provides:

  • Dependency resolution from Artifactory — reproducible builds and organizational caching.
  • Build information collection — automatic record of resolved dependencies and produced artifacts.
  • Security scanning — integrates with JFrog Xray for vulnerability analysis.
  • Audit trail — every build is traceable: who built it, what sources, which dependencies.

If you don't need these features, use native tools pointed at Artifactory directly, or enable Native Mode for supported tools.

Common Prerequisites

All build tool commands share these prerequisites. Individual tool pages list tool-specific requirements.

  • JFrog CLI installedInstallation guide
  • JFrog CLI authenticated — Run jf config add (or jf c add) to configure your Artifactory server connection
  • Native build tool installed — The package manager itself must be installed on the machine (for example, mvn, npm, go, docker, or pip)
  • Artifactory repositories — The repositories referenced in --repo-resolve and --repo-deploy must already exist in Artifactory

Air-gapped or offline? See Air-Gapped and Offline Setup for Maven and Gradle extractor configuration.

Debugging Build Tool Commands

First, verify your Artifactory connection:

jf rt ping

A successful response confirms the CLI can reach Artifactory. If this fails, fix connectivity before troubleshooting build commands.

If jf rt build-publish returns a 401 error, your access token may be expired or invalid. Re-run jf config add --overwrite <server-id> to update credentials, or inspect the current config with jf config show.

For all other failures, enable debug logging to see detailed output:

export JFROG_CLI_LOG_LEVEL=DEBUG
jf <tool> <command>

Where:

  • <tool> — The build-tool subcommand (for example mvn, gradle, npm).
  • <command> — Arguments passed through to that tool (for example install or clean install).

Example:

export JFROG_CLI_LOG_LEVEL=DEBUG
jf mvn clean install

Supported log levels: DEBUG, INFO (default), WARN, ERROR.

Frequently Asked Questions

How do I choose the right build tool command?

Match your project's package manager to the corresponding JFrog CLI command. If your project uses pom.xml, use jf mvn. If it uses package.json with Yarn, use jf yarn. See the Supported Build Tools table for the full mapping.

What is the difference between --repo-resolve and --repo-deploy?

--repo-resolve specifies the Artifactory repository used to download dependencies (typically a virtual repository that aggregates local and remote sources). --repo-deploy specifies the repository used to upload artifacts you produce (typically a local repository).

Do I need to run *-config every time I build?

No. Run the config command once per project. It creates a .jfrog/projects/<tool>.yaml file that persists across builds. Re-run only when changing repository assignments.

Can I use JFrog CLI in CI/CD pipelines?

Yes. Pass all flags non-interactively to *-config commands for automated setup. In GitHub Actions, use the jfrog/setup-jfrog-cli action. For Jenkins and GitLab CI, configure the server with jf config add using environment variables.

What is build-info and why should I collect it?

Build-info is a JSON record of every dependency resolved and artifact produced during a build. Publishing it to Artifactory (via jf rt build-publish) enables dependency traceability, build promotion, and JFrog Xray vulnerability scanning across your entire supply chain.

Related Topics

Glossary

TermDefinition
Server IDA local alias for a JFrog Platform connection, created with jf config add. Each server ID stores a URL, authentication credentials, and an optional default flag. Config commands reference server IDs via --server-id-resolve and --server-id-deploy.
Virtual RepositoryAn Artifactory repository that aggregates multiple local and remote repositories under a single URL. Used for dependency resolution (for example, --repo-resolve). Example: npm-virtual combines npm-local and npm-remote.
Local RepositoryAn Artifactory repository for storing your own artifacts. Used for deployment (for example, --repo-deploy). Example: npm-local.
Remote RepositoryAn Artifactory repository that proxies and caches packages from an external source (for example, npmjs.org, Maven Central, PyPI). Typically included behind a virtual repository.
Build-InfoA JSON object that records which dependencies were resolved and which artifacts were produced during a build. Collected with --build-name and --build-number, then published to Artifactory with jf rt build-publish. Build-info enables traceability, promotion, and Xray scanning.
.jfrog/projects/ directoryA directory created in your project root by *-config commands. Contains YAML files (for example, maven.yaml, npm.yaml) that store repository associations. Committed to version control so all team members share the same configuration.
Xray ScanA security scan that checks dependencies or Docker images against JFrog Xray vulnerability databases and policies. Triggered with --scan (for build tools) or jf docker scan (for containers). Note: the legacy jf rt build-scan command is deprecated; use the Xray-based build scan instead.

Updated 14 days ago