jfrog

The JFrog Remote MCP Server exposes a set of AI-assisted capabilities that connect your development environment to the JFrog platform. When you add the JFrog MCP server to your MCP client, the AI can perform Resource Management (creating and viewing JFrog projects, repositories, and components), Artifact Search (AQL-based queries to locate artifacts used across your organization), Catalog and Curation (access package data, versions, vulnerabilities, and curation status), and Security Monitoring (real-time DevSecOps reports on CVEs and vulnerability applicability). Authentication is handled via OAuth, so you don’t need to manage API keys. Once connected, you can ask the AI to query the JFrog catalog, verify that only approved packages are used, track projects and artifacts, or generate security-related reports from your codebase context. The server is hosted in the JFrog Cloud, ensuring automatic updates and new features as they are released.

To use the tools, configure the MCP client to point at the JFrog MCP server URL, then complete OAuth authorization when prompted. After authorization, you can issue natural-language queries such as: “Show me all artifacts in project X with CVSS above 7,” or “List the latest secure versions for package Y,” and the AI will translate them into actionable JFrog queries and present results in your IDE or coding assistant.

Typical workflows include validating dependencies during coding sessions, auditing OSS usage, and generating vulnerability-aware release notes, all powered by the JFrog MCP integration.

Prerequisites:\n- An MCP client or IDE extension that supports MCP servers (e.g., VS Code MCP integration, Cursor, or compatible tooling).\n- Internet access to reach the JFrog Cloud MCP endpoint.\n- An active JFrog Cloud subscription with the JFrog MCP Server feature enabled and OAuth configuration ready.\n\nSteps:\n1) Enable the MCP server in JFrog:\n - Admin login → Enable the JFrog MCP Server for your JPD as documented by JFrog.\n2) Add the JFrog MCP Server to your MCP client:\n - In your MCP client settings, add a new MCP server with the following details:\n\n Example (Cursor or VS Code MCP config):\n {\n "mcpServers": {\n "jfrog": {\n "url": "https://<JFROG_PLATFORM_URL>/mcp"\n }\n }\n }\n\n3) Authenticate:\n - Save the configuration and refresh or restart your MCP client. An OAuth window should appear in your browser. Complete the OAuth flow to authorize the MCP client to access the JFrog MCP Server.\n4) Validate connection:\n - Retry a simple query like: "Show me projects" to confirm the server is responding.\n5) Start using capabilities:\n - Begin issuing natural-language prompts to access resources, artifact data, and security information from JFrog directly within your IDE.

Notes and tips:\n- OAuth-based authentication means you don’t need to manage API keys; ensure your OAuth scopes include the required JFrog MCP permissions.\n- If the MCP client prompts for permissions, grant access to read projects, artifacts, catalog data, and vulnerability information.\n- The JFrog MCP Server is cloud-hosted and updated automatically; if you encounter discrepancies, refresh the MCP client or re-authenticate.\n- When querying the catalog for vulnerabilities, consider filtering by severity or CVE status to keep you within policy requirements.\n- If your organization uses a custom JFrog Platform URL, replace <JFROG_PLATFORM_URL> with your endpoint.\n- Network proxies or firewall rules may block OAuth redirects; ensure the MCP client can reach the OAuth callback URL used by JFrog.\n- If you’re integrating into CI workflows, you can invoke the MCP client’s capabilities during dependency review steps to enforce policy checks.\n- Documentation references from the JFrog integration guide can help you tailor the prompts for specific use cases like AQL queries or curation checks.