Using with JFrog Artifactory Cloud

This article references our cloud Artifactory integration. Self-hosted documentation is available here.

Overview

Tidelift integrates with JFrog Artifactory to help you keep only known-good open source approved in your Artifactory repositories.

The purpose of the Artifactory integration is to sync the list of approved releases in one of your Tidelift catalogs to an Artifactory repository. When using Artifactory Cloud, approving a release in the catalog will download that release to an Artifactory repository. Denying a release will delete that release from the Artifactory repository.

The Artifactory repository you choose to sync must be a local repository, not a virtual or remote repository. (Our integration for self-hosted Artifactory supports remote repositories, but relies on a plugin for that, which isn't available in Artifactory cloud.)

You can connect a catalog to multiple repositories (for example, one for each package manager covered by the catalog), but connecting multiple catalogs to one repository will not work (since the catalogs might disagree on what's approved).

It's also possible to import the contents of an Artifactory repository to initially populate a catalog.

In the Artifactory app

To get started, you'll need an Artifactory account.

You'll need to create a user for Tidelift to use:

Next. you'll create a repository:

Then, you'll give user permission to deploy/manage repository:

Finally, you'll logout of Artifactory, and log back in as the new user to grab the api key:

From here, copy the API key into the Artifactory integration settings page within your Tidelift account. Then test!

Getting start with the Tidelift + Artifactory integration

Setting up your catalog with JFrog Artifactory
Updating your Artifactory instance from Tidelift catalogs

Still need help? Contact Us Contact Us