AppTrust Automation with Terraform

JFrog AppTrust automates software compliance and governance throughout your SDLC by enforcing policy gates and maintaining evidence-based trust for your releases. The Terraform providers for AppTrust enable you to define and manage both your application lifecycle and governance policies as code.

Instead of manually creating applications, promoting versions through lifecycle stages, and configuring compliance rules through the UI, you can declare your entire AppTrust configuration in Terraform files. The AppTrust provider manages your applications, versions, promotions, releases, and package bindings, while the Unified Policy provider defines the governance rules—such as CVE checks, license compliance, and evidence requirements—that enforce quality gates at each lifecycle stage.

This approach gives you version control over your governance infrastructure, enables consistent deployments across environments, and integrates AppTrust functionality directly into your infrastructure provisioning workflows. Whether you're creating a new application, promoting versions through QA to production, or defining which security and compliance checks must pass before release, the Terraform providers allow you to automate the automation, treating your DevGovOps infrastructure with the same rigor you apply to your application infrastructure.

Terraform Providers for AppTrust

The Terraform providers used for AppTrust – AppTrust and Unified Policy – are available with the other JFrog Terraform providers. If you already use Terraform providers for JFrog Artifactory or other JFrog applications, you can simply add these to your existing Terraform configuration.

The Terraform providers are based on the AppTrust Service and Unified Policy APIs.

What's Next?

• Get Started with AppTrust Provider
• Get Started with Unified Policy Provider