Artifactory
7 min
artifactory edition enterprise only the artifactory integration scans artifacts stored in jfrog artifactory repositories for credentials and other sensitive data configuration the artifactory integration can be configured in trufflehog under integrations , or via a local configuration file (below) web configuration configure this integration from the integrations page in trufflehog you'll need credentials appropriate to your artifactory instance — see the local configuration section below for the supported authentication methods local configuration local configuration supports two authentication methods access token — uses an artifactory access token, recommended for a read only service account basic auth — uses a username and password (or api key, or access token as the password) creating a read only service account both auth methods work best with a dedicated read only account in artifactory, navigate to identity and access and create a new user leave all roles unchecked ensure the user is added to the readers group (selected by default) after creating the user, open the access tokens tab and generate a token access token sources \ connection "@type" type googleapis com/sources artifactory endpoint https //example jfrog io accesstoken xxxxxxxxxxxxxx ignorepaths \ third party/drivers/ name artifactory repository artifacts scanperiod 12h type source type jfrog artifactory verify true basic auth the password field accepts an access token, api key, or account password sources \ connection "@type" type googleapis com/sources artifactory endpoint https //example jfrog io basicauth username scanner account password xxxxxxxxxxxxxx ignorepaths \ third party/drivers/ name artifactory repository artifacts scanperiod 12h type source type jfrog artifactory verify true scope with includepaths and ignorepaths path filters control which artifacts within a repository are scanned the two fields combine as follows includepaths only — only artifacts matching the include list are scanned ignorepaths only — all artifacts are scanned except those matching the ignore list both specified — artifacts must match includepaths and must not match ignorepaths paths should not include a repository qualifier if example is the repository name and the directory to include is example/path/to/dir, the includepaths value should be path/to/dir/ paths apply to all repositories in the configuration to scope a path to a specific repository, configure a separate artifactory source for that repository configuration options field type required description endpoint string yes the url for your artifactory instance repositories list no explicit list of artifactory repositories to scan omit to enumerate instead includepaths list no artifact paths to include in scans supports glob patterns ( ) ignorepaths list no artifact paths to skip during scans supports glob patterns ( ) capabilities feature supported scan artifacts ✅ scan archive files ✅ scan base64 encoded data ✅ scan binaries ✅ include / exclude filters ✅ auto resume ✅
