Using Tidelift with JFrog Artifactory self-hosted
This article references our self-hosted Artifactory integration. Cloud documentation is available here.
Our self-hosted integration currently works with JFrog Artifactory versions 7 (preferred) and 6.x. If you are using an older version of JFrog Artifactory, please contact email@example.com.
Tidelift integrates with JFrog Artifactory to help you keep only known-good open source approved in your Artifactory repositories.
The purpose of the Artifactory integration is to sync the list of approved releases in one of your Tidelift catalogs to an Artifactory repository. When using Artifactory self-hosted, approving a release in the catalog will set the tidelift.status property to approved, while denying a release will set the property to denied. An Artifactory plugin will block the download of denied artifacts.
The Artifactory repository you choose to sync must be a remote or local repository, not a virtual repository.
You can connect a catalog to multiple repositories (for example, one for each package manager covered by the catalog), but connecting multiple catalogs to one repository will not work (since the catalogs might disagree on what's approved).
It's also possible to import the contents of an Artifactory repository to initially populate a catalog.
How the Tidelift + Artifactory integration works
The Tidelift plugin will monitor all download events within Artifactory to block any artifacts with a tidelift.status of Denied from being downloaded. The download hook fires on every download request regardless of whether or not the package is in Artifactory already.
Setting up the Tidelift + Artifactory integration
For Artifactory 7.6+
Administration > General > Webhooks, with the following values:
Name: Tidelift URL: https://api.tidelift.com/external-api/artifactory/webhook Event: "Artifact was deployed" (and pick the Artifactory repositories you'll use for your Tidelift Catalog) Secret Token: <API key from the first step><br>
For Artifactory <7.6
curl -s -u admin:<admin password> -d "" $ARTIFACTORY_HOST/artifactory/api/plugins/execute/webhookReload.