Remote Repositories

Package Type

The package type must be specified when the repository is created, and once set, cannot be changed.

Repository Key

The repository key is a mandatory, unique identifier for the repository. It cannot begin with a number or contain spaces or special characters.

Stage

Defines one or more stages in which this repository will reside. Stages aggregate project resources (repositories, Pipeline sources, etc.) to simplify their management. For more information, see Stages & Lifecycle.

📘

Note

Defining a stage is mandatory when creating a repository within a specific project. The default selection is DEV.

URL

The URL for the remote repository. Currently, only HTTP and HTTPS URLs are supported.

User Name

The user name for accessing the URL of the remote repository. Leave this field blank to access the repository anonymously. For more information, see Remote Credentials for Remote Repositories.

Password/Access Token

The password or access token used to access the repository. For more information, see Remote Credentials for Remote Repositories.

Enable Token Authentication

When enabled, the Authorization header is set to Bearer instead of Basic.

SSL/TLS Certificate

The certificate used for authentication. Click Test to verify the certificate is valid. For more information, see Remote Credentials for Remote Repositories.

Repository Layout

Defines the layout used by the remote repository cache for storing and identifying modules. For more information, see Remote Repository Layout Configuration.

Remote Layout Mapping

Defines the layout used by the remote repository for storing and identifying modules. This layout can differ from the layout defined under Repository Layout for the remote repository cache. For more information, see Remote Repository Layout Configuration.

Public Description

A free text field that describes the content and purpose of the repository. This description can be viewed by all users with access to the repository.

Internal Description

A free text field to add additional notes about the repository. These notes are visible only to the administrator.

Include and Exclude Patterns

The Include Patterns and Exclude Patterns fields provide a way to filter out specific repositories when resolving the location of different artifacts.

In each field, you can specify a list of Ant-like patterns to filter in and filter out artifact queries. Filtering works by subtracting the excluded patterns (default is none) from the included patterns (default is all).

Example:

Consider that the Include Patterns and Exclude Patterns for a repository are as follows:

Include Patterns: org/apache/**,com/acme/**

Exclude Patterns:

com/acme/exp-project/**

In this example, the repository is searched for org/apache/maven/parent/1/1.pom and com/acme/project-x/core/1.0/nit-1.0.jar but not for com/acme/exp-project/core/1.1/san-1.1.jar because com/acme/exp-project/** is specified as an Exclude pattern.

❗️

Important

Include and exclude patterns apply to regular users. Admin users can see all items regardless of the patterns defined here.

Offline

If enabled, no attempts will be made to fetch remote artifacts from this repository and only locally-cached artifacts are retrieved.

Enable Indexing in Xray

Enables indexing on the repository for security and compliance analysis. Available with JFrog Xray.

Docker

npm

Maven

PyPI

Gradle

Go

Debian

RPM

Alpine

Bower

Cargo

Conan

Conda

CRAN

Gems

Ivy

NuGet

Composer

SBT

Generic

HuggingFace

Swift

Terraform

Chef

CocoaPods

GitLfs

Helm

Opkg

P2

Pub

Puppet

VCS

Proxy

If your organization requires you to go through a proxy to access a remote repository, this parameter lets you select the corresponding Proxy Key. For more details on setting up proxies in Artifactory please refer to Manage Proxy Servers.

No Proxy

To prevent auto-updates during the edit of system proxies, a flag was added in release 7.41.7 called No Proxy (in the UI) or disableProxy (in the REST API).

The flag is set to false by default - since it turns off the use of a proxy for this repository and prevents proxy updating during system proxy changes.

📘

Disabling the Proxy

With the release of 7.41.7, the functionality to disable a remote proxy requires you to set this action in the UI (or API) to ensure that no proxy is used.

Local Address

When working on multi-homed systems, this parameter lets you specify which specific interface (IP address) should be used to access the remote repository.

This can be used to ensure that access to the remote repository is not blocked by firewalls or other organizational security systems.

Socket Timeout

The time (in ms) that Artifactory waits (for both a socket and a connection) before giving up on an attempt to retrieve an artifact from a remote repository.

Upon reaching the specified Socket Timeout Artifactory registers the repository as "assumed offline" for the period of time specified in Assumed Offline Period.

Query Params

A custom set of parameters that should automatically be included in all HTTP requests to this remote repository.

For example, param1=value1&param2=value2&param3=value3

Lenient Host Authentication

When set, allows using the repository credentials on any host to which the original request is redirected.

Cookie Management

When set, the repository will allow cookie management to work with servers that require them.

Unused Artifacts Cleanup Period

Many cached artifacts in Artifactory remote repository storage are actually unused by any current projects in the organization. This parameter specifies how long an unused artifact will be stored before it is removed. Once reaching this period Artifacts will be removed in the next invocation of cleanup. For more details please refer to Cleanup Unused Cached Artifacts in Regular Maintenance Operations.

Leaving the field empty (default) means that the artifact is stored indefinitely.

Metadata Retrieval Cache Period (sec)

Defines how long before Artifactory checks for a newer version of a requested artifact in a remote repository.

A value of 0 means that Artifactory will always check for a newer version.

📘

On which file types does this parameter work?

This setting refers to artifacts that expire after a period of time (e.g. metadata files such as maven-metadata.xml, npm package.json or Docker manifest.json etc.).

Note that most artifacts that are downloaded do not change (e.g. release versions), therefore this setting does not affect them.

Metadata Retrieval Cache Timeout

Allows you to control the Metadata timeout performance. If the timeout is reached, the previous metadata is returned to the client, as a lock was not applied due to new metadata, leaving the previous request hanging. The default value is 60 seconds.

Assumed Offline Period

In case of a connection error, this parameter specifies how long (in seconds) Artifactory should wait before attempting an online check to reset the offline status.

A value of 0 means that the repository is never assumed offline and Artifactory will always attempt to make the connection when demanded. The default value is 300 seconds.

📘

Note

Artifactory attempts 10 retries before declaring the repository offline. The interval between retries increases gradually up to the Assumed Offline Period. The retries help prevent a situation where an unstable network can cause the repository to be stuck offline indefinitely. If all retries fail, the offline period is invoked.

Missed Retrieval Cache Period

If a remote repository is missing a requested artifact, Artifactory will return a "404 Not found" error. This response is cached for the period of time specified by this parameter. During that time, Artifactory will not issue new requests for the same artifact.

A value of 0 means that the response is not cached and Artifactory will always issue a new request when demanded. The default value is 1800 seconds.

Priority Resolution

Setting Priority Resolution takes precedence over the resolution order when resolving virtual repositories. Setting repositories with priority will cause metadata to be merged only from repositories set with this field. If a package is not found in those repositories, Artifactory will merge metadata from the repositories that have not been set with the Priority Resolution field.

Priority Resolution is available for all repository types excluding Chef, CocoaPods, Debian, Git LFS, Opkg, Rust, Vagrant, and VCS repositories.

For Docker repositories, Priority Resolution requires the resolveDockerTagsByTimestamp parameter to be set to true.

Disable Artifact Resolution in Repository

If set, Artifactory ignores this repository when trying to resolve artifacts. The repository is also not available for download or deployment of artifacts.

Allow Artifact Content Browsing

When set, allows Artifactory users to browse the internal contents of archives (for example, browsing specific Javadoc files from within a Javadoc archive).

⚠️

Warning

When Allow Content Browsing is enabled, this functionality restricts access to authenticated users only and is not supported for trial users. This limitation exists to prevent malicious users from uploading content that may compromise security.

Store Artifacts Locally

When set, Artifactory artifacts from this repository will be cached locally. If not set, direct repository-to-client streaming is used.

This setting is relevant for all package types, except Ansible, Helm OCI, OCI, and Hugging Face.

✅

When might you use direct repository-to-client streaming?

If your organization has multiple servers connected over a high-speed LAN, you may have one instance of Artifactory caching data on a central storage facility with additional instances of Artifactory running on other servers. In this case, it makes sense for the additional instances of Artifactory to act as satellite pass-through servers rather than have them duplicate the cached data within their own environments.

Synchronize Properties

When set, synchronizes properties of artifacts retrieved from a remote instance of Artifactory.

Bypass HEAD Requests

When set, Artifactory will not send a HEAD request to the remote resource before downloading an artifact for caching.

📘

Note

• CocoaPods and VCS packages do not support this setting.
• When creating a remote Terraform repository for https://registry.opentofu.org, https://registry.terraform.io/, or https://tf.app.wiz.io, Artifactory automatically sets Bypass HEAD Requests = true.

Block Mismatching Mime Types

When set, artifacts will fail to download if a mismatch is detected between the requested and received MIME type, according to a list specified in the system.properties file under blockedMismatchingMimeTypes. The MIME type identifies the format and content of artifacts in the repository.

You can override this setting by adding MIME types to the override list below.

📘

Note

• This setting can be overridden by the settings of the upstream server. For example, if the upstream server allows all MIME types (Accept: */*), the upstream server setting will override this Artifactory setting.
• When creating a remote Docker repository for a Chainguard Registry (http://cgr.dev/chainguard), Artifactory automatically sets Block Mismatching Mime Types = true.

Enable CDN Download

Enables CDN Download requests to this repository will redirect the client to download the files directly from AWS CloudFront. Supported for Enterprise+ and Enterprise Licenses. For more information, see JFrog Cloud with CDN Distribution.

📘

Note

The following package types do not support this setting: Go, Swift, Alpine, Cargo, Chef, CocoaPods, Conda, Gems, Ivy, NuGet, Opkg, P2, Pub, Puppet, SBT, VCS

Disable URL Normalization

When set, prevents URL normalization from occurring. For example, a remote host that redirects to a URL containing double slash symbols as expected behavior should not change "//" to "/".

📘

Note

When creating a remote Docker repository for an Azure Container Registry (*.azurecr.io), a Microsoft Container Registry (https://mcr.microsoft.com/), or a NavOps registry (https://registry.navops.io); Artifactory automatically sets Disable URL Normalization = true.

Override Default Blocked Mime Types

The set of mime types that should override the Block Mismatching Mime Types setting.

Git providers

Select the Git provider to be used by the remote repository:

• GitHub
• BitBucket
• Stash/Private BitBucket
• Stash/Private BitBucket (prior to 5.1.0)
• Artifactory (used when configuring a Smart Remote repository to another instance of Artifactory)
• Custom

Registry URL

Defines the base URL of the registry API used by the remote repository.

Git provider

Select the Git provider to be used by the remote repository:

• GitHub
• BitBucket
• Stash/Private BitBucket
• Stash/Private BitBucket (prior to 5.1.0)
• Artifactory (used when configuring a Smart Remote repository to another instance of Artifactory)
• Custom

Specs Repo URL

Defines the URL of the public CocoaPods Specs repository. This is a git repository containing podspec.json files pointing from a package name and version to its storage endpoint. It does not contain any actual binary packages.

The default value is https://github.com/CocoaPods/Specs.

CDN URL

Defines the URL of the CocoaPods CDN, which expedites the workflow by creating a static copy of the CocoaPods Specs repository, reducing the time required for adding repositories.

The default is https://cdn.cocoapods.org, which is the official CocoaPods trunk repository.

Custom URL Base

A read-only field containing the Custom URL Base defined for the JPD.

External Dependencies Enabled

Defines whether to allow pods with source URLs other than Git to be included in the remote repository.

Git providers

Select the Git provider to be used by the remote repository:

• GitHub
• BitBucket
• Stash/Private BitBucket
• Stash/Private BitBucket (prior to 5.1.0)
• Artifactory (used when configuring a Smart Remote repository to another instance of Artifactory)
• Custom

Registry URL

Defines the base URL of the registry API used by the remote repository. The default is https://packagist.org.

Project ID

The unique identifier to use for a Docker project and its associated resources. Use this field to enter your GCR/GAR (Google Container Registry/Google Artifact Registry) project ID to limit the scope of this remote repository to a specific project in your third-party registry.

If this field is left blank, remote repositories that support a project ID will default to their default project as set up in your account.

Enable Token Authentication

Enables token-based (bearer) authentication. Select this option when you are proxying the Docker Hub (https://registry-1.docker.io/).

Block pushing of image manifest v2 schema 1

When set, Artifactory will block the pushing of Docker images with manifest v2 schema 1 to this repository.

Enable Foreign Layers Caching

When selected, enables Artifactory to download foreign layers to a Docker remote repository. A foreign layer refers to layers within a Docker image that are stored in a different location from the registry from which the image is being pulled.

Patterns Allow List

This optional setting allows you to define include patterns (Ant-style path expressions) to match external URLs when trying to download foreign layers.

Supported expressions include (*, **, ?). By default, this field is set to ******, which means that foreign layers may be downloaded from any external source.

Propagate Query Params

When set, any query parameters included in the request to Artifactory are passed on to the remote repository.

Retrieve SHA256 from Remote Server

When set, Artifactory retrieves the SHA256 from the remote server if it is not cached in the remote repository.

The Retrieve SHA256 from Remote Server option allows you to download the SHA256 checksum for an artifact before it is cached in Artifactory. This is particularly useful for tools that try to fetch the SHA256 before downloading the package, which can result in a 404 error. By enabling this feature, you ensure that Artifactory retrieves the checksum first, generates it upon file download, and serves it as normal.

Git provider

Select the Git provider to be used by the remote repository:

• GitHub
• GitHub Enterprise
• Artifactory (used when configuring a Smart Remote repository to another instance of Artifactory)
• BitBucket Server
• BitBucket Cloud
• GitLab

Enable Foreign Layers Caching

When selected, enables Artifactory to download foreign layers to a Helm OCI remote repository.

Patterns Allow List

This optional setting allows you to define include patterns (Ant-style path expressions) to match external URLs when trying to download foreign layers.

Supported expressions include (*, **, ?). By default, this field is set to ******, which means that foreign layers may be downloaded from any external source.

Charts Base URL

Updates the index.yaml file with the corresponding path where the charts are located on the remote repository. When the Helm client fetches the artifacts, it will fetch them through Artifactory. This field must contain the base path where the charts/tgz files are present.

Use this option when the Helm charts and the index.yaml are stored in different locations. For example, if the remote registry is:

https://fluxcd-community.github.io/helm-charts

But the charts are stored in:

https://github.com/fluxcd-community/helm-charts/releases/download

Enter the chart path in this field.

For more information about this option, see the Knowledge Base article, ARTIFACTORY: How to configure the "Charts Base URL" in a Helm repository.

Enable Dependency Rewrite

When selected, enables the specification of a "safe" Allow List from which dependencies may be downloaded, cached in Artifactory, and configured to rewrite the dependencies so that the Helm client accesses dependencies through a remote repository.

Patterns Allow List

An Allow List of Ant-style path expressions that specify where external dependencies may be downloaded from. By default, this is set to ** which means that dependencies may be downloaded from any external source.

For example, if you limit the Patterns Allow List to https://github.com/**, the external dependencies will be cached in the "helm" remote repository, and only charts with a URL starting with https://github.com/will be allowed to be cached.

List Remote Artifacts

[Maven only] When set, Artifactory lets you navigate the contents of the repository at the remote registry, even if the artifacts have not been cached in this repository. By default, this option is not set.

Checksum Policy

Checking the Checksum effectively verifies the integrity of a deployed resource. The Checksum Policy determines how the system behaves when a client checksum for a remote resource is missing or conflicts with the locally calculated checksum.

There are four options:

• Generate if absent (default): The system attempts to retrieve the remote checksum, If it is not found, the system will automatically generate one and fetch the artifact.

  If the remote checksum does not match the locally calculated checksum, the artifact will not be cached and the download will fail.

• Fail: If the remote checksum does not match the locally calculated checksum, or is not found, the artifact will not be cached and the download will fail.

• Ignore and generate: The system ignores the remote checksum and only uses the locally generated one. As a result, remote artifact retrieval never fails, however integrity of the retrieved artifact may be compromised.

• Ignore and pass-through: The system stores and passes through all remote checksums (even if they do not match the locally generated one). If a remote checksum is not found, Artifactory generates one locally. As a result, remote resource retrieval never fails, however integrity of the retrieved artifact may be compromised, and client side checksum validation (as performed by Maven, for example) will fail.

Max Unique Snapshots

Specifies the maximum number of unique snapshots of the same artifact that should be stored. Once this number is reached and a new snapshot is uploaded, the oldest stored snapshot is removed automatically.

A value of 0 (default) indicates that there is no limit on the number of unique snapshots.

Eagerly Fetch Jars

When set, if a POM is requested, Artifactory attempts to fetch the corresponding jar in the background. This will accelerate first access time to the jar when it is subsequently requested.

Suppress POM Consistency Checks

By default, the system keeps your repositories healthy by refusing POMs with incorrect coordinates (path). If the groupId:artifactId:version information inside the POM does not match the deployed path, Artifactory rejects the deployment with a "409 Conflict" error.

You can disable this behavior by setting the Suppress POM Consistency checkbox.

Eagerly Fetch Sources

When set, if a binaries jar is requested, Artifactory attempts to fetch the corresponding source jar in the background. This will accelerate the initial access time to the source jar when it is subsequently requested.

Handle Releases

When enabled, you can deploy or cache release artifacts into this repository.

Handle Snapshots

When enabled, you can deploy or cache snapshot artifacts into this repository.

NuGet Download Context Path

Defines the context path prefix through which NuGet downloads are served.

For example, the NuGet Gallery download URL is https://nuget.org/api/v2/package. Therefore, the repository URL should be configured as 'https://nuget.org' and the download context path should be configured as api/v2/package.

NuGet Feed Context Path

Defines the context path prefix for the NuGet feed. The default value is api/v2.

NuGet v3 Feed URL

Defines the URL for the NuGet v3 feed.

For example, the feed URL for the official nuget.org repository is (also the default value): https://api.nuget.org/v3/index.json

NuGet Symbol Server URL

Defines the URL for the NuGet Symbol Server, which is the central repository for symbol packages used for debugging purposes. The default is https://symbols.nuget.org/download/symbols.

Force Authentication

Select this option to require the use of basic authentication credentials to use this repository.

Git providers

Select the Git provider to be used by the remote repository:

• GitHub
• BitBucket
• Stash/Private BitBucket
• Stash/Private BitBucket (prior to 5.1.0)
• Artifactory (used when configuring a Smart Remote repository to another instance of Artifactory)
• Custom

Registry URL

Defines the base URL of the registry API used by the remote repository.

Providers URL

Defines the base URL of the provider's storage API used by the remote repository. The default is https://releases.hashicorp.com.

Git providers

Select the Git provider to be used by the remote repository:

• GitHub
• BitBucket
• Stash/Private BitBucket
• Stash/Private BitBucket (prior to 5.1.0)
• Artifactory (used when configuring a Smart Remote repository to another instance of Artifactory)
• Custom

Max Unique Snapshots

Defines the maximum number of unique snapshots of a single artifact to store. Once the number of snapshots exceeds this setting, older versions are removed. A value of 0 (default) indicates there is no limit, and unique snapshots are not cleaned up.