Skip to content

Add JFrog Artifactory Reference Token rule. #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mickgmdb merged 1 commit into from
Dec 22, 2025
Merged

Add JFrog Artifactory Reference Token rule. #166

mickgmdb merged 1 commit into from
Dec 22, 2025

Conversation

@trevermckee
Copy link
Contributor

@trevermckee trevermckee commented Dec 19, 2025

JFrog Artifactory has been attempting to deprecate API keys in the past year. As of version 7.98.x it no longer supports creating new API keys. API keys have largely been replaced with reference and identity tokens. See more details about this here.

This change adds a reference token detection rule with validation.

The format for reference tokens is documented here.

Validations

  • Validated detection and validation of active Reference Tokens
  • Validated detection and unsuccessful validation for expired Reference Tokens
Copilot AI review requested due to automatic review settings December 19, 2025 19:18
Copilot AI reviewed Dec 19, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds detection and validation support for JFrog Artifactory Reference Tokens, which are replacing deprecated API keys in JFrog Artifactory version 7.98.x and later. The new rule follows JFrog's documented format for reference tokens and uses Bearer token authentication for validation.

  • Adds a new detection rule kingfisher.artifactory.3 for Artifactory Identity Reference Tokens
  • Implements HTTP validation using Bearer authentication against the JFrog API
  • Follows the documented token format with the cmVmd prefix

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
data/rules/artifactory.yml
- report_response: true
- status:
- 200
type: StatusMatch
Copy link

Copilot AI Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The validation for the Access Token rule (kingfisher.artifactory.1) includes a JsonValid response matcher in addition to StatusMatch. Since this rule validates against the same API endpoint that returns JSON, consider adding a JsonValid matcher for consistency and more robust validation.

Suggested change
type: StatusMatch
type: StatusMatch
- type: JsonValid
Copilot uses AI. Check for mistakes.
@trevermckee trevermckee mentioned this pull request Dec 19, 2025
Open
2 tasks
@mickgmdb mickgmdb merged commit 02edefd into mongodb:main Dec 22, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@trevermckee @mickgmdb