Try JFrog
Guides
Contact SupportTry JFrog
  1. AI Integrations
  2. JFrog MCP Server

JFrog MCP Server Tools

This page details all tools exposed by the JFrog Platform MCP Server, grouped by product and domain.

Available Toolsets

ToolsetDescription
Access: TokensAccess token creation, listing, and revocation
Access: OIDCOpenID Connect identity provider configuration
Access: ProjectsProject lifecycle, membership, roles, and repository assignment
Artifactory: FederationFederated repository health, conflicts, and configuration synchronization
Artifactory: RepositoriesRepository creation and listing
Artifactory: PackagesPackage version queries across your organization
SecurityCatalog vulnerabilities, curation, JFrog Xray artifact scanning
JFrog AppTrustApplication lifecycle, versioning, promotion, and release management
PlatformEnvironment management

📘

Usage Responsibility Notice

When integrating the JFrog Platform MCP Server with third-party AI clients or agents, you are responsible for the configuration, management, and auditing of those integrations in accordance with your organization's policies. The behavior of third-party AI agents is governed by the terms and practices of their respective providers, not by JFrog.

We recommend configuring your AI client to operate under least-privilege principles, granting access only to the resources required for your specific workflows. Additionally, we strongly recommend enabling human-in-the-loop approval in your AI client settings, so that explicit user confirmation is required before any tool execution that creates, updates, or deletes resources in your JFrog Platform.


Access: Tokens

Tokens Tools

access_tokens_create

Note: The name of this tool will change in an upcoming release.

Create a new access token.

Parameters:

  • grant_type: client_credentials for new tokens, refresh_token to refresh (string, optional)
  • refresh_token: Refresh token value; required when grant_type is refresh_token (string, optional)
  • username: Username to create the token for (string, optional)
  • scope: Scope of access. Default: applied-permissions/user (string, optional)
  • expires_in: Token expiry in seconds; 0 for non-expirable (admin only) (integer, optional)
  • refreshable: Whether the token can be refreshed (boolean, optional)
  • audience: Space-separated service IDs that should accept this token (string, optional)
  • description: Human-readable token description (string, optional)
  • include_reference_token: Generate a reference token in addition to the full token (boolean, optional)
  • force_revocable: Make the token explicitly revocable (boolean, optional)
  • project_key: Scope the token to a specific project (string, optional)

access_tokens_list

List access tokens with filters.

Parameters:

  • username: Filter tokens by username (string, optional)
  • description: Filter tokens by description (partial match) (string, optional)
  • token_id: Filter by a specific token ID (string, optional)
  • refreshable: Filter by refreshable status (boolean, optional)
  • order_by: Sort field — created, expiry, or subject (string, optional)
  • descending_order: Sort in descending order (boolean, optional)

access_tokens_revoke

Revoke an existing access token.

Parameters:

  • token: The token value to revoke (JWT or reference token) (string, required)

Access: OIDC

OIDC Tools

access_oidc_create_configuration

Create a new OIDC identity provider configuration.

Parameters:

  • name: Unique name for the OIDC configuration (string, required)
  • issuer_url: The OIDC issuer URL (string, required)
  • audience: Expected audience claim in the ID token (string, optional)
  • description: Human-readable description (string, optional)
  • provider_type: Identity provider type — generic, GitHub, or Azure (string, optional)
  • token_issuer: Token issuer identifier for claim validation (string, optional)
  • enable_permissive_configuration: Allow permissive OIDC validation (boolean, optional)
  • use_default_proxy: Route discovery requests through the default HTTP proxy (boolean, optional)
  • azure_app_id: Azure Application ID; required when provider_type is Azure (string, optional)

Access: Projects

Projects Tools

access_projects_create

Create a new Access project.

Parameters:

  • project_key: Unique project identifier (string, required)
  • display_name: Human-readable project name (string, required)
  • description: Project description (string, optional)
  • admin_privileges: Admin privilege settings — manage_members, manage_resources, manage_security_assets, index_resources, allow_ignore_rules (object, optional)
  • storage_quota_bytes: Storage quota in bytes (integer, optional)

access_projects_get

Get Access project details.

Parameters:

  • project_key: The unique project key to look up (string, required)

access_projects_update

Update an Access project.

Parameters:

  • project_key: The project key to update (string, required)
  • display_name: New display name (string, optional)
  • description: New description (string, optional)
  • admin_privileges: Updated admin privileges (object, optional)
  • storage_quota_bytes: New storage quota in bytes (integer, optional)

access_projects_create_role

Create a custom project role.

Parameters:

  • project_key: The project key (string, required)
  • name: Unique role name within the project (string, required)
  • type: Role type — CUSTOM or PREDEFINED (string, required)
  • description: Role description (string, optional)
  • environments: Environments this role applies to, e.g. ["DEV", "PROD"] (string[], optional)
  • actions: Allowed actions, e.g. ["READ_REPOSITORY", "DEPLOY_BUILD"] (string[], optional)

access_projects_update_role

Update a project role.

Parameters:

  • project_key: The project key (string, required)
  • role_name: The name of the role to update (string, required)
  • type: Role type — only CUSTOM roles can be updated (string, required)
  • description: Updated role description (string, optional)
  • environments: Updated environments list (string[], optional)
  • actions: Updated actions list (string[], optional)

access_projects_get_user

Get user membership in a project.

Parameters:

  • project_key: The project key (string, required)
  • user: The username to look up (string, required)

access_projects_upsert_user

Add or update user in a project.

Parameters:

  • project_key: The project key (string, required)
  • user: The username to add or update (string, required)
  • roles: Role names to assign — replaces all existing roles (string[], required)

access_projects_list_groups

List groups assigned to a project.

Parameters:

  • project_key: The project key (string, required)

access_projects_upsert_group

Add or update group in a project.

Parameters:

  • project_key: The project key (string, required)
  • group: The group name (string, required)
  • roles: Role names to assign — replaces all existing roles (string[], required)

access_projects_get_repository

Get repository project status.

Parameters:

  • repo_name: The repository name to look up (string, required)

access_projects_move_repository_to

Move a repository to a project.

Parameters:

  • repo_name: The repository name to move (string, required)
  • target_project_key: The project key to move the repository into (string, required)
  • force: Force the move even if validation checks fail (boolean, optional)

access_projects_share_repository_with_all

Share repository with all projects.

Parameters:

  • repo_name: The repository name to share (string, required)
  • read_only: Restrict sharing to read-only access (boolean, optional)

list_projects

Note: The name of this tool will change in an upcoming release.

List all JFrog projects.

Parameters:

  • No parameters required

Artifactory: Federation

Federation Tools

artifactory_federation_get_status

Get federated repository health status.

Parameters:

  • status: Comma-separated status filter, e.g. HEALTHY,ERROR,DELAYED,NOT_AVAILABLE,PENDING_FS,FULL_SYNC_RUNNING,DISABLED (string, optional)

artifactory_federation_get_conflicts

Find federated repositories with configuration conflicts.

Parameters:

  • No parameters required

artifactory_federation_update_repo_config

Synchronize federated repository configuration to members.

Parameters:

  • repo_key: Repository key of the federated repository to synchronize (string, required)

Artifactory: Repositories

Repositories Tools

create_repository

Note: The name of this tool will change in an upcoming release.

Create a JFrog repository (local, remote, virtual, or federated).

Parameters:

  • key: Repository key (string, required)
  • rclass: Repository type — local, remote, virtual, federated (string, optional)
  • packageType: Package type; default generic (string, optional)
  • environments: Environment assignments (string[], optional)
  • xray_index: Enable JFrog Xray indexing; default true (boolean, optional)
  • url: Remote repository URL (string, optional)
  • repositories: Linked repositories for virtual repositories (string[], optional)
  • default_deployment_repo: Default deployment repository for virtual repositories (string, optional)

list_repositories

List JFrog repositories.

Note: The name of this tool will change in an upcoming release.

Parameters:

  • type: Filter by repository type (string, optional)
  • packageType: Filter by package type (string, optional)
  • project: Filter by project key (string, optional)

Artifactory: Packages

Packages Tools

artifactory_packges_get_versions

List versions of a package used in your organization.

Parameters:

  • package_type: Package type (string, required)
  • package_name: Package name (string, required)

get_rt_package_version

Note: The name of this tool will change in an upcoming release.

Get repositories where a specific package version is used.

Parameters:

  • package_type: Package type (string, required)
  • package_name: Package name (string, required)
  • package_version: Package version (string, required)

Security

Security Tools

list_catalog_vulnerabilities

Note: The name of this tool will change in an upcoming release.

Get vulnerability information including affected packages and versions.

Parameters:

  • cve_id: CVE identifier to query (string, required)

list_catalog_version_vulnerabilities

Note: The name of this tool will change in an upcoming release.

List known vulnerabilities for a specific package version.

Parameters:

  • package_type: Package type (string, required)
  • package_name: Package name (string, required)
  • package_version: Package version (string, required)

list_catalog_package_versions

Note: The name of this tool will change in an upcoming release.

List versions of a publicly available package.

Parameters:

  • package_type: Package type (string, required)
  • package_name: Package name (string, required)
  • vulnerability_status: Filter — vulnerable, invulnerable, or any (string, required)

get_catalog_package_entity

Note: The name of this tool will change in an upcoming release.

Get public information about a software package.

Parameters:

  • package_type: Package type (string, required)
  • package_name: Package name (string, required)
  • package_version: Version to query; default latest (string, optional)

get_curation_package_status

Note: The name of this tool will change in an upcoming release.

Check the curation status of a package version (approved / blocked / inconclusive).

Parameters:

  • package_type: Package type (string, required)
  • package_name: Package name (string, required)
  • package_version: Package version (string, required)

get_artifacts_summary

Note: The name of this tool will change in an upcoming release.

Get the security summary of one or more artifacts.

Parameters:

  • paths: Artifact paths in Artifactory (string[], optional)
  • checksums: SHA-256 or SHA-1 checksums (string[], optional)

AppTrust

JFrog AppTrust Tools

apptrust_create_application

Create a new JFrog AppTrust application.

Parameters:

  • application_key: Unique application identifier (string, required)
  • application_name: Display name (string, required)
  • project_key: Project key (string, required)
  • description: Application description (string, optional)
  • maturity_level: Maturity level — unspecified, experimental, production, end_of_life (string, optional)
  • criticality: Criticality — unspecified, low, medium, high, critical (string, optional)
  • labels: Key-value metadata labels (object[], optional)
  • user_owners: User owner names (string[], optional)
  • group_owners: Group owner names (string[], optional)

apptrust_get_application_summary

Get details of a JFrog AppTrust application.

Parameters:

  • application_key: Application identifier (string, required)

apptrust_list_applications

List JFrog AppTrust applications with filtering.

Parameters:

  • project_key: Filter by project (string, optional)
  • name: Substring filter on display name (string, optional)
  • criticality: Criticality filter (string, optional)
  • maturity_level: Maturity level filter (string, optional)
  • label: Label filters as key:value (string[], optional)
  • owner: Owner name filters (string[], optional)
  • limit: Page size (integer, optional)
  • offset: Pagination offset (integer, optional)
  • order_by: Sort field — name or created (string, optional)
  • order_asc: Ascending sort order (boolean, optional)

apptrust_create_application_version

Create a new version of a JFrog AppTrust application.

Parameters:

  • application_key: Parent application identifier (string, required)
  • version: Semantic version string (string, required)
  • sources: Content sources — builds, packages, artifacts, release bundles, AQL, or other app versions (object, required)
  • tag: Version tag (string, optional)
  • filters: Include/exclude filters (object, optional)
  • draft: Create as draft version (boolean, optional)
  • async_: Run creation asynchronously (boolean, optional)
  • sign_key_name: Signing key name (string, optional)

apptrust_list_versions

List versions of a JFrog AppTrust application.

Parameters:

  • application_key: Application identifier (string, required)
  • release_status: Filter — PRE_RELEASE, RELEASED, or TRUSTED_RELEASE (string, optional)
  • tag: Tag filter (string, optional)
  • order_by: Sort field (string, optional)
  • order_asc: Ascending sort order (boolean, optional)
  • limit: Page size (integer, optional)
  • offset: Pagination offset (integer, optional)

apptrust_get_application_version_status

Get the release status for a specific application version.

Parameters:

  • application_key: Application identifier (string, required)
  • version: Version string (string, required)

apptrust_get_lifecycle_overview

Get lifecycle stages configuration for a project.

Parameters:

  • project_key: Project key (string, required)
  • filter_gates_by: Filter gates — policies (string, optional)

apptrust_promote_version

Promote an application version to a lifecycle stage.

Parameters:

  • application_key: Application identifier (string, required)
  • version: Version string (string, required)
  • target_stage: Target lifecycle stage (string, required)
  • promotion_type: Promotion type — move, copy, keep, dry_run (string, optional)
  • included_repository_keys: Repositories to include (string[], optional)
  • excluded_repository_keys: Repositories to exclude (string[], optional)
  • overwrite_strategy: Overwrite strategy — DISABLED, LATEST, ALL (string, optional)
  • async_: Run promotion asynchronously (boolean, optional)
  • sign_key_name: Signing key name (string, optional)

apptrust_get_version_promotion_history

Get all promotions for a specific application version.

Parameters:

  • application_key: Application identifier (string, required)
  • version: Version string (string, required)
  • limit: Max records (integer, optional)
  • offset: Pagination offset (integer, optional)

apptrust_release_version

Release an application version to the PROD stage.

Parameters:

  • application_key: Application identifier (string, required)
  • version: Version string (string, required)
  • promotion_type: Promotion type — move, copy, keep, dry_run (string, optional)
  • included_repository_keys: Repositories to include (string[], optional)
  • excluded_repository_keys: Repositories to exclude (string[], optional)
  • overwrite_strategy: Overwrite strategy — DISABLED, LATEST, ALL (string, optional)
  • async_: Run release asynchronously (boolean, optional)
  • sign_key_name: Signing key name (string, optional)

apptrust_rollback_version

Roll back the latest promotion of an application version.

Parameters:

  • application_key: Application identifier (string, required)
  • version: Version string (string, required)
  • from_stage: Stage to roll back from (string, required)
  • async_: Run rollback asynchronously (boolean, optional)

apptrust_get_activity_logs

Get activity log events from JFrog AppTrust.

Parameters:

  • application_key: Filter by application key (string, optional)
  • project_key: Filter by project key (string, optional)
  • application_name: Filter by application names (string[], optional)
  • project_name: Filter by project names (string[], optional)
  • timestamp_from: Start time in unix milliseconds (integer, optional)
  • timestamp_to: End time in unix milliseconds (integer, optional)
  • subject_id: Filter by subject ID (string, optional)
  • subject_name: Filter by subject name (string, optional)
  • created_by: Filter by creator usernames (string[], optional)
  • limit: Page size (integer, optional)
  • offset: Pagination offset (integer, optional)
  • sort_by: Sort field (string, optional)
  • order: Sort order — asc or desc (string, optional)

Platform

Platform Tools

get_jfrog_global_environments

Note: The name of this tool will change in an upcoming release.

List global JFrog environments.

Parameters:

  • No parameters required

Updated about 2 hours ago