To help you better understand the concepts and terminology used in JFrog Academy, this glossary defines essential terms related to the JFrog Platform and modern software development:
| Category | Term/Acronym | Definition |
| Core Platform |
JFrog Artifactory | The system of record for your binaries. A universal repository manager that governs the entire software lifecycle from creation to distribution. |
| JFrog Platform Deployment (JPD) | A single installation of the JFrog Platform (SaaS or Self-hosted) providing unified management for JFrog Artifactory, JFrog Xray, and other services. | |
| Projects | A management entity used to group resources (repositories, builds) and assign RBAC to specific teams or business units. | |
| RBAC (Role-Based Access Control) | A method of regulating access to JFrog Artifactory and Projects based on the roles of individual users. This ensures that only authorized personnel can promote binaries to production Stages. | |
| HA (High Availability) | A system design that ensures the JFrog Platform remains operational during component failures or maintenance, providing the Customer with uninterrupted access to their system of record. | |
| DR (Disaster Recovery) | The strategy and infrastructure (like Federated Repositories) used to restore platform operations and data in the event of a catastrophic failure. | |
| Federated Repository | A specialized repository that ensures bi-directional synchronization of Raw Materials across global sites in real-time to eliminate latency. | |
| Security |
JFrog Xray | An SCA tool that scans the Customer's Dependencies for security vulnerabilities and license compliance across all Stages. |
| CVE (Common Vulnerabilities and Exposures) | A list of publicly disclosed computer security flaws. JFrog Xray maps these to your Raw Materials to identify known risks in your supply chain. | |
| CVSS (Common Vulnerability Scoring System) | A numerical score (0-10) reflecting the severity of a CVE. This helps the Customer prioritize which vulnerabilities to remediate first during the development Stages. | |
| Vulnerability | A weakness in a software component's code or configuration that can be exploited. JFrog Advanced Security identifies these in both Dependencies and first-party code. | |
| Shift Left Approach | The practice of moving security testing and quality checks to the earliest possible Stages of the SDLC. Tools like Frogbot and IDE integrations empower developers to fix issues before they reach the repository. | |
| JFrog Advanced Security (JAS) | A suite including SAST (first-party code scanning), Secrets Detection, and Contextual Analysis to secure the software supply chain. | |
| JFrog Curation | An automated "security gate" that blocks malicious or non-compliant Raw Materials at the remote repository level before they enter the network. | |
| Contextual Analysis | Advanced scanning that determines if a vulnerability is "reachable" in your code, helping you focus on real threats rather than noise. | |
| Secrets Detection | Automated scanning that prevents sensitive data (API keys, passwords) from being leaked within your Dependencies or source code. | |
| SBOM (Software Bill of Materials) | A full "ingredients list" for your software, exported in standard formats (SPDX / CycloneDX) for transparency and compliance. | |
| AI / ML |
AI Catalog | A centralized hub to discover, govern, and secure all AI models (internal or OSS), eliminating "Shadow AI" within the organization. |
| Model Context Protocol (MCP) | An open standard acting as "USB-C for AI," allowing AI agents to interact securely with the JFrog Platform using natural language. | |
| Automation |
Build Info | A JSON file generated during CI that captures the full "ancestry" of a build for 100% reproducibility and traceability. |
| JFrog CLI | A powerful command-line interface used to automate platform tasks and manage Raw Materials across various Stages. | |
| CI/CD | Continuous Integration / Continuous Delivery. The automated process of building, testing, and deploying code. The JFrog Platform acts as the system of record for binaries as they move through these automated Stages. | |
| Workers | A serverless framework (TypeScript) used to automate platform tasks triggered by events, such as custom notifications or logic. | |
Storage |
Smart Archiving | A policy-based system that automatically moves old or "cold" artifacts to cheaper storage while keeping them searchable and retrievable. |
| Checksum-Based Storage | JFrog’s unique storage method where each file is stored only once (Deduplication) based on its unique hash, regardless of references. | |
| Release |
Release Bundle (v2) | A signed, immutable snapshot of a versioned release, ensuring the binaries tested in early Stages are exactly what is deployed. |
| Promotion | The act of moving a build or Release Bundle to the next Stage (e.g., from Development to Staging) after passing security gates. | |
| Identity |
SSO (Single Sign-On) | An authentication scheme that allows a user to log in with a single set of credentials to the JFrog Platform and other linked applications, increasing security and user experience. |
| SCIM (System for Cross-domain Identity Management) | An open standard that automates the exchange of user identity information between your identity provider and the JFrog Platform, simplifying user provisioning at scale. | |
| Governance |
Policy | A set of rules defined in JFrog Xray or JFrog Curation that automatically determines the "Pass/Fail" status of a binary based on security or license criteria. |
| Signed Evidence | Cryptographically verifiable metadata (attestations) captured at critical Stages (e.g., Build, Promote). It creates a tamper-proof audit trail for regulatory compliance. | |