> ## Documentation Index
> Fetch the complete documentation index at: https://docs.backline.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# JFrog Package Registry Integration
> Connect to your JFrog Artifactory to access private NPM, PyPI, Go, Maven, Gradle, and NuGet packages
## Overview
The JFrog Package Registry integration allows Backline to access packages from your JFrog Artifactory instance. This is required for Backline to build and analyze projects that depend on private packages hosted in JFrog.
## What You Can Do
With the JFrog Package Registry integration, Backline can:
* Resolve NPM packages from your JFrog Artifactory
* Resolve Python packages from your JFrog Artifactory
* Resolve Go modules from your JFrog Artifactory
* Resolve Maven and Gradle artifacts from your JFrog Artifactory
* Resolve NuGet packages for .NET / C# projects from your JFrog Artifactory
* Build and analyze projects that depend on packages in your JFrog registry
* Provide remediation for vulnerabilities in projects using JFrog as their package source
## Supported Package Types
| Package Type | JFrog Repository Format | Example URL |
| ------------------ | ---------------------------- | ---------------------------------------------------------------------------- |
| **NPM** | npm (local/remote/virtual) | `https://company.jfrog.io/artifactory/api/npm/npm-virtual/` |
| **PyPI** | pypi (local/remote/virtual) | `https://company.jfrog.io/artifactory/api/pypi/pypi-virtual/simple` |
| **Go** | go (local/remote/virtual) | `https://company.jfrog.io/artifactory/api/go/go-virtual/` |
| **Maven / Gradle** | maven (virtual) | `https://company.jfrog.io/artifactory/libs-main/` |
| **NuGet** | nuget (local/remote/virtual) | `https://company.jfrog.io/artifactory/api/nuget/v3/nuget-virtual/index.json` |
NuGet repository URLs must point to the **v3** feed and end with `/index.json`.
## Prerequisites
Before connecting JFrog Package Registry, ensure you have:
* A JFrog Artifactory instance (Cloud or self-hosted)
* An Identity Token or Access Token with read permissions
* Repository URLs for the package types you want to use
## Generating a JFrog Token
Log in to your JFrog Platform (e.g., `https://your-company.jfrog.io`).
Click your username in the top-right corner, then select **Edit Profile** → **Identity Tokens**.
Click **Generate Token**, provide a description (e.g., "Backline Integration"), and click **Create**.
Copy the generated token immediately—it won't be shown again.
Store the token securely. You'll need it when configuring the integration in Backline.
Use a token with **read-only** permissions. Backline only needs to read packages, not publish them.
## Finding Your Repository URLs
To find the correct URL for each repository type in JFrog:
In JFrog Platform, go to **Artifactory** → **Artifacts**.
Click on the repository you want to use (e.g., `npm-virtual`, `pypi-virtual`).
Click **Set Me Up** in the top-right corner. The dialog will show the repository URL.
For PyPI repositories, ensure the URL ends with `/simple`.
### Repository Type Recommendations
| Repository Type | Recommendation |
| --------------- | ----------------------------------------------------------- |
| **Virtual** | Preferred—aggregates multiple repositories (remote + local) |
| **Remote** | Good for caching packages from public registries |
| **Local** | For your own private packages only |
Use **virtual** repositories when possible. They combine remote and local repositories, giving Backline access to both public packages (cached) and your private packages through a single URL.
## Connecting JFrog Package Registry
In Backline, navigate to **Integrations** from the main menu.
Find and click on the **JFrog Package Registry** integration card.
Provide your JFrog Identity Token or Access Token.
Enter the URLs for the package types you want to use:
* **NPM Repository URL**: Your JFrog npm repository URL
* Example: `https://company.jfrog.io/artifactory/api/npm/npm-virtual/`
* **PyPI Repository URL**: Your JFrog PyPI repository URL (must end with `/simple`)
* Example: `https://company.jfrog.io/artifactory/api/pypi/pypi-virtual/simple`
* **Go Repository URL**: Your JFrog Go repository URL
* Example: `https://company.jfrog.io/artifactory/api/go/go-virtual/`
* **Maven / Gradle Repository URL**: Your JFrog Maven virtual repository URL — serves both Maven and Gradle (Gradle resolves from Maven-layout registries)
* Example: `https://company.jfrog.io/artifactory/libs-main/`
Use a **virtual** repository that aggregates your release and snapshot Maven repositories. One URL covers both, so Backline can resolve stable versions and in-development SNAPSHOTs through a single configuration. Authentication uses the same JFrog Access Token via Bearer auth. The URL must use HTTPS — credentials are not sent over plaintext.
* **NuGet Repository URL**: Your JFrog NuGet v3 repository URL (must end with `/index.json`)
* Example: `https://company.jfrog.io/artifactory/api/nuget/v3/nuget-virtual/index.json`
You only need to configure URLs for the package types your repositories use. At least one URL is required.
Click **Connect**. Backline will verify the token and repository access.
## After Connection
Once JFrog Package Registry is configured, Backline will:
1. Use the provided token to authenticate with your JFrog instance
2. Access packages from your JFrog repositories during dependency analysis
3. Provide remediation for projects that depend on packages in your JFrog registry
## Managing the Integration
### Updating Configuration
To update the integration settings:
1. Open the **Integration Hub**
2. Click on the **JFrog Package Registry** integration
3. Update the token or repository URLs as needed
4. Click **Save**
### Adding Package Types
To add support for additional package types:
1. Open the JFrog Package Registry integration settings
2. Add the repository URL for the new package type
3. Save the changes
## Troubleshooting
### Authentication Failed
If Backline cannot authenticate with JFrog:
* Verify the token hasn't expired
* Check that the token has read permissions for the configured repositories
* Ensure you're using an Identity Token or Access Token (not a password)
### Repository Not Accessible
If Backline cannot reach the repository:
* Verify the repository URL is correct and includes the `/api/` path segment
* Check network connectivity between Backline and your JFrog instance
* For self-hosted instances, ensure Backline's IPs can reach your JFrog server
### Package Resolution Issues
If specific packages cannot be resolved:
* Verify the package exists in your JFrog repository
* Check that the repository type matches the package manager (e.g., npm format for NPM packages)
* For virtual repositories, ensure the component repositories are correctly configured
### PyPI URL Format
PyPI repository URLs must end with `/simple` for pip compatibility:
* Correct: `https://company.jfrog.io/artifactory/api/pypi/pypi-virtual/simple`
* Incorrect: `https://company.jfrog.io/artifactory/api/pypi/pypi-virtual/`