Features and Functionality
The user interface provides a consistent experience across all JFrog products. It is designed to support the most commonly used workflows, including improved package management, security and compliance, and package distribution, continuing to provide you with full flexibility. To support this experience the internal architecture (defined as a JPD) is designed to provide JFrog users with the same user experience across the JFrog products that have been installed.
To support the different user workflows, the UI is divided into two main modules:
Application Module providing an easy to use interface for viewing your packages, builds and artifacts in Artifactory. Including Xray security vulnerabilities and violations, Dashboard topology and trends, Distribution release bundles and Pipelines DevOps automation.
- Administration Module providing a consolidated place for configurations of all JFrog products (common and product specific). Including centralized settings, such as monitoring (storage, replication, service status), security and compliance, proxies, license and user management. As well as, property sets, backups, indexed resources, database sync and webhooks.
Both modules include an advanced search mechanism.
Flexible Permissions Model
Administrators get fine-grained permissions control over how users and groups access the different resources (repositories, builds, Release Bundles, destinations).
Security and Compliance Across your DevOps Pipeline
Fully integrated into the JFrog Platform, JFrog Xray protects your artifacts, repositories, builds and release bundles across the entire CI/CD pipeline.
- Get JFrog's vulnerability database that is continuously updated with new component vulnerability data. Including VulnDB, the industry's most comprehensive security vulnerability database.
- Identify security vulnerabilities and license violations according to your organization's needs. A dedicated Security and Compliance section in the UI allows you to set policies and watches on all your JFrog resources.
- Configure watches and policies with the option to block artifact download, Release Bundle distribution to Edge nodes, and even break Builds.
- Use advanced filtering that allows you to configure include /exclude patterns when setting indexed resources or when setting a Watch on the resources.
Secure Distribution Process
Manage the creation and distribution of Release Bundles to your Artifactory Edge Nodes. Gain better visibility and traceability into your distribution process with a complete view of all contents and package references of your Release Bundles.
The following table is a quick reference to common functionalities in the JFrog Platform, including their new locations and any functional changes.
Location in the New UI
|Custom Base URL|
Look and Feel Settings
Administration module | General | Settings
|Dedicated Artifactory Settings|
Administration module | Artifactory
General: Settings, Property Sets
Services: Maven Indexer
Security: Anonymous access, Revoke API Keys, Signing Keys, Trusted Keys, Certificates
Administration module | Identity and Access | Permissions
As part of the JFrog Platform permissions unification, permission targets that were previously separated per product are now represented as one permission target with multiple permission options for the different JFrog products. Changes include:
As part of the permission migration process:
- Users/Groups with Xray Admin and Artifactory Admin permissions will be converted to Administrators in the JFrog Platform.
- Users/Groups with only Xray Admin permissions will be converted to have
Manage Policies and
Manage Watch permissions on all the resources.
Administration module | Identity and Access | Users
Administration module | Identity and Access | Groups
- Manage Policies and Manage Watches are now a global permissions that are enabled on the user or group level. Previously this was a permission option in the permission target.
- View Watches is now integrated with the Manage Watches global permission. It is not available as a separate permission.
|Policies and Watches|
Application module | Security & Compliance
- Manually invoking a re-scan of a watch will apply on all resources defined in the watch. Previously you could set the re-scan on part of the resources.
|Dedicated Xray Settings|
Administration module | Xray
General: Indexed Resources, Webhooks, Integrations
The following table describes features that are currently under development and will be available in later JFrog Platform releases.
Not available in the initial JFrog Platform release.
- Artifactory Homepage: will be available in later JFrog Platform releases. For Mission Control installations, administrators can use the Topology page.
- System Logs screen: will contain only Artifactory logs.
- Native Tree Browser (from UI): The Artifactory native tree browser allows browsing the contents of a repository in a plain html structured tree.
This will not be available via the new UI. The old URL will still be available for clients who are relying on the tree browser.
- Public APIs / AQL for Metadata (service)
- Unified REST API for permissions
- : viewing Xray logs in the UI will not be available in the initial JFrog Platform release. JFrog logs are accessible via the REST API. Viewing Xray logs from the UI will be available in later JFrog Platform releases.
- Xray Reports: the reporting section in the UI, providing trend reports, is deprecated. Reporting on a specific artifact or build from the UI will still be available. Advanced reporting capabilities will be available in later JFrog Platform releases.
- System Logs: from the JFrog Platform release, only the Artifactory logs will be available from the UI.
- License Control is deprecated. Its functionality is included in the Xray integration and provides richer information and support for additional package types.
- Stash Search Results: allowing you to save your search results and go back to them later, has been removed.
Out of the box integrations: with Aqua, WhiteSource and Black Duck, are deprecated. Custom integration are still available, supporting integrating to any external source of your choice. The VulnDB integration, now transparently integrated into Xray, provides the industry's most comprehensive security vulnerability database. This eliminates the need for these out of the box 3rd party integrations.
- Xray Homepage: as part of the JFrog Platform UI unification, this page has been removed.
|Internet Explorer||The Internet Explorer browser is not supported in the JFrog Platform. For a list of supported browsers, see Browsers.|
- Component Search: searching for components that are not artifacts in your Artifactory instance, but are known to Xray as a result of its recursive scan capability. This functionality will be available in later JFrog Platform releases.
- Xray Permissions
Manage Watch permission is now available as a global permission on the user/group level. Previously manage watches was an option per permission target that was defined with a scope of resources. Now, users/groups with the
Manage Watch permission will enable permissions for all resources. When upgrading to the JFrog Platform, the permission conversion will remove the Manage Watch permission for all users and groups. After upgrading, this permission will need to be reconfigured for all required users and groups. Defining a scope will be available in later JFrog Platform releases, as part of the Projects functionality.
View Watches permission is deprecated. To view watches, enable the
Manage Watches permission option for users/groups.
REST API Changes
The JFrog Platform release introduces a new unified way to access all JFrog services using a single url, using the following format:
https://<Server Name>.jfrog.io/<Service Context>/
For backward compatibility, JFrog Artifactory and Xray will continue to work as before:
https://<Server Name>.jfrog.io/<Server Name>
The following table summarizes the list of changes from previous JFrog products versions to the JFrog Platform.