Using with JFrog Artifactory Cloud

This article references our cloud Artifactory integration. Self-hosted documentation is available here.


The Tidelift Subscription integrates with JFrog Artifactory to help you keep only known-good open source approved in your Artifactory repositories.

The purpose of the Artifactory integration is to sync the list of approved releases in one of your catalogs to an Artifactory repository. When using Artifactory Cloud, approving a release in the catalog will download that release to an Artifactory repository. Denying a release will delete that release from the Artifactory repository.

The Artifactory repository you choose to sync must be a local repository, not a virtual or remote repository. (Our integration for self-hosted Artifactory supports remote repositories, but relies on a plugin for that, which isn't available in Artifactory cloud.) Read more about the differences between local, remote and virtual repositories here.

You can connect a catalog to multiple repositories (for example, one for each package manager covered by the catalog), but connecting multiple catalogs to one repository will not work (since the catalogs might disagree on what's approved).

It's also possible to import the contents of an Artifactory repository to initially populate a catalog.

In the Artifactory app

To get started, you'll need an Artifactory account.

You'll need to create a user for Tidelift to use:

Next. you'll create a local repository:

Then, you'll give user permission to deploy/manage repository:

Finally, you'll logout of Artifactory, and log back in as the new user to grab the api key:

From here, copy the API key into the Artifactory integration settings page within your Tidelift account. Then test!

Getting start with the Tidelift + Artifactory integration

Setting up your catalog with JFrog Artifactory
Updating your Artifactory instance from Tidelift catalogs