Pricing | The JFrog Software Supply Chain Platform (2024)

30+ natively supported package and file types, plus generic repositories.

Advanced registry supporting Docker/OCI containers. Reliable, consistent, and efficient access to remote Docker container registries with integration to your build ecosystem. Includes unlimited access to Docker Hub.

Remote and local Hugging Face repos allow for caching of models from Hugging Face and storing proprietary model versions.

For a given package type leverage local repositories for 1st party packages, remote repositories for cached OSS packages, and virtual repositories which blend 1st and 3rd party packages for greater flexibility.

Cache all pulled dependencies in Artifactory for faster, more reliable builds and version control.

To support distributed development teams, multi-Pull and multi-Push are supported via scheduled and event-based replication.

Provide automated mirroring of artifacts and their metadata with other repositories of an associated federation located on remote JFrog Deployments (JPDs) in a multisite environment.

Control over access to all, or any subset of your services, from one location by synchronizing all security entities (users, groups, permissions and access tokens) between the federated services.

AQL offers a simple way to formulate complex queries that specify any number of search criteria, filters, sorting options and output fields.

Native integrations across the leading package, build, QA, security and orchestration tools.

Integrate Artifactory to trigger events to other systems and applications for notification and actions that you define, e.g. build promotion.

Generate a tracked, immutable Release Bundle to advance through your SDLC towards production.

Easily create your own environments and corresponding repos in Artifactory aligned to the stages in your SDLC.

Advance a Release Bundle to the target environment without the need for custom scripts.

Create a release composed of multiple Release Bundles (ie. for the purpose of releasing microservices together).

Enable fast, secure distribution of verified multi repository release bundles to sync large-scale geo distributed teams and accelerate deployments to any target: on-premises, cloud, or embedded devices.

A read only Artifactory instance used for distributing software to a runtime such as a data center, a point-of-sale or even a mobile device. Supports hybrid topologies. Two (2) edges included standard with E+ subscription.

Enable software distribution in hybrid / multi-cloud topologies - from self-hosted to Cloud Distribution Edges or from Cloud to self-hosted Distribution edges.

Provide high availability and performance of content delivery. Available on AWS Only.

Integrate with the most popular CI/CD tools to manage and orchestrate your CI/CD pipelines from a central place. Scale horizontally, allowing you to have a centrally managed solution that supports thousands of users and pipelines.

Provide users with a way to ensure that their artifacts have not been tampered with before these artifacts are promoted through the CI/CD workflow. If the authenticity of artifacts cannot be verified, they can be blocked.

Create reusable pipeline templates to ensure standardization of pipeline flows.

Fine-grained permissions and access control with centralized secret management. Each step in a pipeline executes in its own isolated build node.

Easy-to-use YAML syntax that is standardized across the pipeline steps.

Real-time, interactive visualization showing latest status and dependencies across steps and pipelines.

Run builds on Linux, Windows, and Mac OS.

Scan open source software artifacts in repositories, builds, and release bundles for security vulnerabilities across your software supply chain.

Scan Docker and other container images for open source security vulnerabilities.

High-quality comprehensive vulnerability database which integrates data from NVD, GitHub, Ubuntu, Debian, Red Hat, PHP, and the JFrog Security Research Team.

Scan open source software artifacts in repositories, builds, and release bundles for license compliance issues across your software supply chain.

JFrog’s high-quality vulnerability database is enhanced by the JFrog Security Research team to give more specific and detailed information on the vulnerability, its use cases and options for mitigations.

Discover and eliminate malicious packages using continuously-aggregated malicious package information from JFrog and global sources.

Create and export SBOMs in industry standard formats: SPDX and Cyclone DX. Export them in different file formats including .json, .xls and .xml.

Flag and or block packages that may have maintenance issues and technical debt as defined by your policies.

Perform SAST and SCA scans in the IDE, JFrog’s CLI, and Git via JFrog’s FrogBot, to enable a seamless developer experience.

Detect malicious models and enforce license compliance.

Identify and prioritize whether OSS vulnerabilities in containers are actually exploitable.

Detect secrets left exposed in any containers stored in JFrog Artifactory to prevent any accidental leak of internal tokens or credentials.

Scan source code for zero-day security vulnerabilities to fix before build time. Enable developers to write trusted code within their day-to-day workflow.

Lightweight SAST client ensures all scans occur locally on the developer machine, no proprietary code is uploaded to the cloud.

Proprietary models and rules allow for processing of ~1KLOC per second with greater accuracy compared to other SAST solutions.

Secure IaC files stored in JFrog Artifactory for early detection of cloud and infrastructure misconfigurations that can be exploitable.

Find configuration issues, security malpractices, and insecure usage of popular OSS libraries related to your application framework.

Automated and seamless policy-based blocking of company defined insecure OSS. For example those with high severity CVEs, malicious packages, etc.

Pre-defined curation policies for malicious package, CVE, operational risk, and license usage.

Developers are alerted via email if their desired OSS package was blocked from usage.

Record of every action taken against OSS brought into your development ecosystem such as allow, block, or warn.

Explore OSS packages and discover their versions, vulnerabilities, license data, operational risk, and if they have any dependencies.

Groups allow you to create collections of devices, including hierarchies of groups. Tags allow you to assign custom labels to devices.

A customizable and easy-to-use software update solution with extensive roll-back capabilities, designed for Linux-based IoT Edge devices.

The Remote control tool lets you connect to your Linux terminal through a web-based ssh. The Remote access tool lets you connect to your Linux device's local network port remotely to forward connections like: VNC, SSH, web-view server

The Remote commands tool allows you to run remote bash commands on multiple Linux edge devices with a single click and view the full output of the commands.

The process monitoring tool allows you to view whether specific processes are running in the device and receive an alert if the process crashes.

The Resource monitor tool lets you view RAM, CPU and disk usage history of your devices in one place.

Alerts allow you to configure notifications & actions through JFrog Connect Agent and API's based on triggers gathered from various data points across your device fleet.

The Logs tool allows you to fetch log files from your device remotely.

JFrog Connect shows where your devices are on a map, based on the public IP address of the device, or a manually defined location.

Total number of user accounts included in the plan.

Connect REST API allows you to programmatically get information about their fleet of devices and make actions such as schedule update deployments, send remote commands, fetch log files, change the device name, and more.

Communication cycle is the time between successive keep-alive messages the device sends to the JFrog Connect servers. The number in the table is the minimum number of seconds you can set for the communication cycle.

AWS, GCP, and Azure available.

Stand Up and connect multiple JFrog instances across different cloud providers with the same consistent experience.

Provide visibility into the health and status of your registered JFrog Platform Deployments and services including the connections between the JPDs across geographical locations around the world and even drill-down to view the status of a single JPD and its associated services.

Access regularly updated product documentation and community support via sources like Stack Overflow.

Support tickets are addressed by our team of Developer Support Engineers within defined SLAs.

Includes 24x7 SLA Support plus an assigned resource with regular touch-points to ensure success.

The highest level white glove support including a designed technical account lead, accelerated SLA, prioritized processes, and more.

Delegate management of JFrog Platform resources to a given product or team to improve visibility on efficiency, scale, cost and security

21 days log retention available for cloud subscription only.

Enable IT departments to automate the processes between user identity and service providers, such as Okta and Azure Active Directory (AD).

Store signing keys (GPG keys, RSA keys, and Trusted keys) used to sign packages and JFrog Distribution release bundles secretly.

Reduce security risks associated with exposing your JFrog SaaS instances via the public Internet, by establishing a secure network connection–originating from your own cloud environment (AWS VPC/Azure VNet/GCP), to your JFrog Cloud (SaaS) instance – without traversing the traffic via public Internet.