> ## Documentation Index
> Fetch the complete documentation index at: https://docs.draftt.io/llms.txt
> Use this file to discover all available pages before exploring further.

# JFrog Artifactory

Connect JFrog Artifactory to Draftt to monitor artifact versions and detect vulnerabilities across your software supply chain. Draftt scans your Artifactory repositories for outdated packages, EOL runtimes, and dependency risks alongside your cloud infrastructure.

## Setup

<Steps>
  <Step title="Name your integration">
    In Draftt, go to **Integrations > JFrog Artifactory > Add**. Enter a descriptive name to identify this integration in your dashboard.
  </Step>

  <Step title="Generate an API key">
    Open your [JFrog user profile page](https://your-instance.jfrog.io/ui/user-profile) and navigate to the **API Keys** section to generate a new API key. Paste it into the Draftt setup dialog.
  </Step>

  <Step title="Enter your JFrog endpoint">
    Enter your JFrog Artifactory instance URL. This should be your JFrog cloud instance or self-hosted server URL (e.g. `https://your-company.jfrog.io`).
  </Step>

  <Step title="Select repositories">
    Specify the repositories to scan as a comma-separated list (e.g. `docker-local, npm-local, maven-local`). Leave empty to scan all available repositories in your JFrog instance.
  </Step>
</Steps>

## What Gets Scanned

Draftt scans your Artifactory repositories for:

* **Lifecycle debt:** Packages and base images that have reached end of life or are approaching end of support
* **Version gaps:** Dependencies significantly behind current stable releases
* **Vulnerability exposure:** Artifacts with known CVEs based on version metadata

## Verifying Your Connection

After setup, return to **Integrations > JFrog Artifactory** in Draftt. A **Healthy** status means Draftt can access your repositories and is scanning as expected. If **Unhealthy**, verify that the API key is valid and has not been revoked.
