Quick start

# First time setup
jf config add my-server --url https://your-instance.jfrog.io --interactive

# Or use web login (Artifactory 7.64.0+)
jf login https://your-instance.jfrog.io

# Common operations
jf rt upload "*.jar" libs-release-local/   # Upload artifacts
jf rt download libs-release-local/app.jar  # Download artifacts
jf rt search libs-release-local/           # Search artifacts
jf audit                                    # Security audit
jf docker push my-registry/app:1.0         # Push Docker image

Skill organization

This skill routes to specialized sub-skills by JFrog domain:

Core Configuration:

jf-config - Server configuration, authentication, multi-server setup

Artifactory Operations:

jf-rt - Upload, download, search, copy, move, delete artifacts

# Configure server (done once, or use env vars)
jf config add artifactory --url $JFROG_URL --access-token $JFROG_ACCESS_TOKEN

# Collect build info
export JFROG_CLI_BUILD_NAME=my-app
export JFROG_CLI_BUILD_NUMBER=$BUILD_NUMBER

# Build and upload
jf rt upload "target/*.jar" libs-release-local/com/myapp/ --build-name=$JFROG_CLI_BUILD_NAME --build-number=$JFROG_CLI_BUILD_NUMBER

# Collect environment
jf rt build-collect-env

# Publish build info
jf rt build-publish

# Scan build
jf build-scan $JFROG_CLI_BUILD_NAME $JFROG_CLI_BUILD_NUMBER

# Full project audit (SCA + SAST + Secrets + IaC)
jf audit

# Specific scanners only
jf audit --sca --secrets

# With specific output format
jf audit --format sarif > results.sarif

# Fail on violations (for CI gates)
jf audit --fail

# Login to Artifactory Docker registry
jf docker login my-artifactory.jfrog.io

# Build with build-info
jf docker build -t my-artifactory.jfrog.io/docker-local/app:1.0 . --build-name=app --build-number=1

# Push with build-info
jf docker push my-artifactory.jfrog.io/docker-local/app:1.0 --build-name=app --build-number=1

# Scan local image
jf docker scan my-artifactory.jfrog.io/docker-local/app:1.0

# npm - configure and install
jf npmc --repo-resolve npm-remote --repo-deploy npm-local
jf npm install
jf npm publish

# Maven - configure and build
jf mvnc --repo-resolve-releases libs-release --repo-resolve-snapshots libs-snapshot --repo-deploy-releases libs-release-local
jf mvn clean install

# pip - configure and install
jf pipc --repo-resolve pypi-remote --repo-deploy pypi-local
jf pip install -r requirements.txt

What are you scanning?
├─ Source code / project directory → jf audit
├─ Single file on disk → jf scan <file>
├─ Local Docker image → jf docker scan <image>
├─ Published build-info → jf build-scan <name> <number>
└─ SBOM file → jf sbom-enrich <file>

Environment?
├─ Interactive (dev machine)
│   ├─ Web browser available → jf login <url>
│   └─ No browser → jf config add --interactive
├─ CI/CD (non-interactive)
│   ├─ Access token available → jf config add --url <url> --access-token <token>
│   └─ Username/password → jf config add --url <url> --user <user> --password <pass>
└─ Multiple servers → jf config add <server-id> ...; jf config use <server-id>

Variable	Purpose
`JFROG_CLI_BUILD_NAME`	Default build name
`JFROG_CLI_BUILD_NUMBER`	Default build number
`JFROG_CLI_BUILD_URL`	CI build URL for build-info
`CI`	Set to `true` in CI environments
`JFROG_CLI_LOG_LEVEL`	DEBUG, INFO, WARN, ERROR
`JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR`	Directory for command summaries

Jfrog Cli Skills | Skills Pool

Full Command	Alias
`jf config`	`jf c`
`jf artifactory`	`jf rt`
`jf xray`	`jf xr`
`jf audit`	`jf aud`
`jf scan`	`jf s`
`jf docker`	-
`jf release-bundle-create`	`jf rbc`
`jf release-bundle-promote`	`jf rbp`
`jf release-bundle-distribute`	`jf rbd`

Jfrog Cli Skills

Jfrog Cli Skills

Quick start

Skill organization

Command Aliases

When to use jf vs web UI

Common workflows

CI/CD Build Pipeline

Security Audit

Docker Workflow

Package Manager Integration

Decision Trees

"Which scan command should I use?"

"How do I authenticate?"

Environment Variables

Version Info

Oracle

Blucli

Peekaboo

Add Dock Band

Add Fallback Commands

Add Adaptive Card Form