Skip to content
Skip to breadcrumbs
Skip to header menu
Skip to action menu
Skip to quick search

Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >

Working with an older version? JFrog Artifactory 6.x | JFrog Xray 2.x | JFrog Mission Control 3.x | JFrog Distribution 1.x |

Skip to end of banner Go to start of banner

JFrog Distribution

Skip to end of metadata

Created by Adi Atzmony, last modified by Anna O. Aleksandrowicz on Apr 24, 2022

Go to start of metadata

Overview

JFrog Distribution is a centralized platform that lets you provision software release distribution. It is a core part of JFrog Enterprise+, managing Release Bundles and their distribution processes, including release content, permission levels, and target destinations.

Distribution provides a secure and structured platform to distribute release binaries to multiple remote locations and update them as new release versions are produced. As part of the release flow, release bundles are verified by the target destination to ensure that they are signed correctly and safe to use.

JFrog Distribution securely manages the distribution of your software releases offering the following benefits:

Structured platform to distribute release binaries as a single coherent release bundle.
Supports Hybrid Distribution allowing you to distribute your Release Bundles from the JFrog Platform on the Cloud to multiple Cloud and On-Prem Edge nodes within the same organisation.
Secure delivery and distribution by signing the release bundle.
Efficient network utilisation by optimising replication, dramatically reducing network load and release bundle synchronisation time from source Artifactory to target instance or Edge node.
Auditing and traceability by tracking all changes associated with a release bundle.

Secure and Protected Release Bundles: JFrog Xray supports indexing and scanning of Release Bundles as well as defining Watches and Policies on Release Bundles. You can apply a policy on a Watch containing a Block Release Bundle Distribution action to prevent distributing a Release Bundle to edge nodes if it meets a security or License policy defined in JFrog Xray. For more information, see Xray Scanning of Release Bundles. Xray scanning requires Artifactory Pro X, Enterprise with Xray, or an Enterprise+ license.

Scanning Your Release Bundles by Xray

To scan your Release Bundle by JFrog Xray, the Release Bundle must first be declared as an indexed resource. For more information, see Indexing Resources.

JFrog Subscription Levels

CLOUD (SaaS) | SELF-HOSTED

_ENTERPRISE+

Page Contents

Quick Links

Highlights

JFrog Distribution Features and Functionality

The following table displays the supported features and function for Distribution according to the required environment.

Feature	SaaS	Self-Hosted
Comprehensive REST API
Set Access Permissions
Create Release Bundles
Optimized Replication
Auditing and Traceability
Secured & Protected Release Bundles
Edge-based Software Distribution
CDN-based Software Distribution	Available on AWS only.	Available on self-hosted on AWS only and limited to internal Distribution only.
Hybrid Software Distribution	Hybrid Distribution to Artifactory Edge allows SaaS customers of JFrog to distribute Release Bundles to both cloud and on-premises Artifactory Edge locations within the same organization. External distribution via hybrid edge nodes requires purchasing 1 Artifactory Edge node per one 3rd party.
Distribution from Self-hosted to SaaS Edges
Third-Party Access (Read-Only)	SaaS instances are licensed to support multiple third-party customers per Edge. Artifactory Edge is restricted to distributing customer content only.	Access to Artifactory Edge is limited to read-only access for third parties and restricted to distributing customer content only, with the requirement of a single edge per 3rd party for self-hosted instances.

The Distribution Flow

The high-level distribution flow has two main steps:

Creating a Release Bundle
A Release Bundle can be created in the JFrog Platform webUI or by calling the Create Release Bundle REST API endpoint in JFrog Distribution. This call specifies a variety of parameters including the files comprising the release bundle, and different properties associated with it. Since a release bundle is immutable, any file included in a release bundle cannot be deleted from Artifactory - they are automatically copied and saved into the Release Bundle separate repository where their contents cannot be edited or removed. JFrog Distribution collects the required metadata about the artifacts specified in the request by using an AQL query.
Scanning Your Release Bundles by Xray

To scan your Release Bundle by JFrog Xray, the Release Bundle must first be declared as an indexed resource. For more information, see Indexing Resources

Distributing a Release Bundle
A release bundle can distributed in the JFrog Platform WebUI or by calling the Distribute Release Bundle REST API endpoint in JFrog Distribution.

Blocking Release Bundle Distribution

Setting a Watch on a Release Bundle containing a Policy set with a Block Distributing action, will automatically block distributing the infected Release Bundle based on the Xray scanning results. For more information, see Distributing Release Bundles .

The distribution process includes the following steps:
1. Start a distribution transaction
  In steps 1-3, JFrog Distribution queries JFrog Mission Control for details of the distribution target nodes: JFrog Artifactory Edges ("Edge nodes"). It then primes the Edge nodes to receive the distributed packages by providing information about distributed files such as their checksum, and providing a GPG key to validate the authenticity of the bundle as a whole.
2. Transfer files with smart replication
  In steps 4-6, JFrog Distribution invokes the Replicator on the source Artifactory which distributes files over to the Edge nodes by replicating them.
3. End a distribution transaction
  In step 7, JFrog Distribution notifies the Edge nodes that the transaction is complete. In turn, each Edge node validates authenticity of the transferred bundle using the GPG key provided when the transaction started. It then validates the integrity of the transferred files by validating their checksum and hosts them in the correct place as specified in the release bundle.
Downloading a Release Bundle
The artifacts distributed as a Release Bundle to Artifactory or Artifactory Edge can be downloaded using different package clients, such as Docker client, Npm client, etc. In addition, artifacts can be downloaded using the JFrog CLI:
```
jfrog rt dl --bundle bundle_name/bundle_version
```
The JFrog CLI provides additional options for download. For example the Release Bundle Bill of Materials can be filtered out, for example, to only download zip files from a specific Release Bundle version:
```
jfrog rt dl "*.zip" --bundle bundle_name/bundle_version
```

No labels

JFrog.com | Documentation | Featured | Have a question? Want to report an issue? Contact JFrog support

Copyright © 2022 JFrog Ltd.