# JFrog Artifactory Integrate JFrog Artifactory with OX to centralize security findings alongside container, pipeline, cloud, and runtime signals already in OX. OX scans JFrog Artifactory on a schedule and on demand, enriches findings with OX context (application mapping, workflows, and compliance), and presents a unified queue for investigation and reporting. After you connect, JFrog Artifactory scan results appear on the Active Issues page (use the filter **Source tool > JFrog Artifactory**). ## What OX adds * **Context and correlation:** OX maps JFrog Artifactory findings to applications, services, and teams to show impact and ownership. * **Prioritization with severity factors:** OX may reprioritize scanner severities when exploitability and environment context reduce risk (for example, Critical → High). Severity factors explain why the priority changed. * **Evidence at a glance:** When available, OX displays scanner evidence, file locations, and remediation guidance alongside OX analytics to speed triage. ## Connection methods For general information about connection methods, see [Connection methods](https://docs.ox.security/get-started/onboarding-to-ox/source-control/connection-methods). Connect to OX with a JFrog group-scoped access token. ## Prerequisites **OX** * Permission to configure connectors **JFrog** * JFrog Platform user account with permission to create groups, permissions, and access tokens *** ## Connect with a group access token ### Step 1: Create credentials and permissions \[JFrog] The step has several parts. **Create a group** 1. Verify that the [prerequisites](#prerequisites) are in place. 2. Log in to your JFrog Platform (cloud or on-premises). 3. Go to **Administration > User Management > Groups**. 4. Select **New Group** and enter a name for the group. 5. Select **Save**. **Create permissions** 1. Go to **Administration > User Management > Permissions**. 2. Select **New Permission** and enter a name (e.g., ox-permissions). 3. Scroll to **Resources** and select **Add Repositories**. 4. Select the local repositories you want OX Security to scan and move them to the **Selected Repositories** list (right side of the page).
5. Select **OK**. 6. Still in **Permissions**, select the **Groups** tab.
7. From **Selected Groups**, select the group you just created and move it to the **Selected Group** list (right side of the screen).
8. Select **OK**. 9. Still in **Permissions**, in **Selected Group Repositories**, checkmark **Read**.\
10. To complete, select **Create**. **Create a user** Now create a user and add the user to the group. 1. Go to **Administration > User Management > Users**. 2. Select **New User**. * **User Name:** A meaningful name. You use this to set up the connection in OX. * **Email:** Your JFrog email. * **Can Update Profile:** Leave checked. * **Password:** Create one. 3. Scroll to **Related Groups** and select the group you created. If there are other groups, uncheck them. 4. To complete, select **Save**. **Create an access token** For JFrog documentation, see the article [Creating Access Tokens in Artifactory](https://jfrog.com/help/r/how-to-generate-an-access-token-video/artifactory-creating-access-tokens-in-artifactory). 1. Go to **Administration > User Management > Access Tokens**. 2. Select **Generate Token**. 3. Select **Scoped Token**. 4. Complete the details.
FieldValue
DescriptionEnter a meaningful description
(e.g., OX Security Integration Token)
Token ScopeFrom the dropdown, select User
UserSelect the user you just created
ServiceSelect Artifactory
Expiration TimeSelect Never (recommended)
Create Reference Token
(creates a shorter url)		Enable
5. Select **Generate**. 6. Copy and store the reference token in a secure location. You cannot view it again after this step.\ **Best practice:** Store the access token in a secrets manager and set a reminder to rotate the access token before expiration according to your policy. ### Step 2: Connect to OX \[OX] 1. Verify that the [prerequisites](#prerequisites) are in place. 2. In OX, go to **Connectors > Registry** and select **JFrog Artifactory**.
3. Enter the following parameters.
TextText
JFrog Platform URLThe base URL of your JFrog Platform account + artifactory
(e.g., https://your-organization.jfrog.io/artifactory)
User NameThe user name for this connection
API TokenThe group-scoped access token you created in JFrog
Connection NameEnter a name if there isn’t one
4. Click **VERIFY CONNECTIVITY**. 5. A green success message at the bottom of the screen indicates a successful connection. If verification fails, check your credentials and permissions. 6. Click **CONNECT**. #### Optional configurations * To change the resources OX scans and monitors, see the section [Change the locations OX scans](#change-the-locations-ox-scans). * To connect more JFrog accounts to the same organization in the OX platform, repeat the process. * For information on the OX Broker, see the article [OX Broker](https://docs.ox.security/get-started/onboarding-to-ox/prerequisites-and-access/ox-broker). ## Change the locations OX scans By default, OX scans everything if you did not make a specific selection. Once you have a connection, you can change the locations that OX scans and monitors. 1. Use the **Gear** icon at the bottom of the Configuration screen. 2. OX displays the locations or objects that OX scans and monitors. 3. Change the selection as needed. 4. Select **SAVE**.