---
description: Integrate JFrog Artifactory and JFrog Container Registry with Docker Scout
keywords: docker scout, jfrog, artifactory, jcr, integration, image analysis, security, cves
title: Integrate Docker Scout with Artifactory
linkTitle: Artifactory
aliases:
  - /scout/artifactory/
---

Integrating Docker Scout with JFrog Artifactory lets you run image analysis
automatically on images in Artifactory registries.

## Local image analysis

You can analyze Artifactory images for vulnerabilities locally using Docker Desktop or the Docker CLI. You first need to authenticate with JFrog Artifactory using the [`docker login`](/reference/cli/docker/login/) command. For example:

```bash
docker login {URL}
```

> [!TIP]
>
> For cloud-hosted Artifactory you can find the credentials for your Artifactory repository by
> selecting it in the Artifactory UI and then the **Set Me Up** button.

## Remote image analysis

To automatically analyze images running in remote environments you need to deploy the Docker Scout Artifactory agent. The agent is a
standalone service that analyzes images and uploads the result to Docker Scout.
You can view the results using the
[Docker Scout Dashboard](https://scout.docker.com/).

### How the agent works

The Docker Scout Artifactory agent is available as an
[image on Docker Hub](https://hub.docker.com/r/docker/artifactory-agent). The agent works by continuously polling
Artifactory for new images. When it finds a new image, it performs the following
steps:

1. Pull the image from Artifactory
2. Analyze the image
3. Upload the analysis result to Docker Scout

The agent records the Software Bill of Materials (SBOM) for the image, and the
SBOMs for all of its base images. The recorded SBOMs include both Operating
System (OS)-level and application-level programs or dependencies that the image
contains.

Additionally, the agent sends the following metadata about the image to Docker Scout:

- The source repository URL and commit SHA for the image
- Build instructions
- Build date
- Tags and digest
- Target platforms
- Layer sizes

The agent never transacts the image
itself, nor any data inside the image, such as code, binaries, and layer blobs.

The agent doesn't detect and analyze pre-existing images. It only analyzes
images that appear in the registry while the agent is running.

### Deploy the agent

This section describes the steps for deploying the Artifactory agent.

#### Prerequisites

Before you deploy the agent, ensure that you meet the prerequisites:

- The server where you host the agent can access the following resources over
  the network:
  - Your JFrog Artifactory instance
  - `hub.docker.com`, port 443, for authenticating with Docker
  - `api.dso.docker.com`, port 443, for transacting data to Docker Scout
- The registries are Docker V2 registries. V1 registries aren't supported.

The agent supports all versions of JFrog Artifactory and JFrog Container
Registry.

#### Create the configuration file

You configure the agent using a JSON file. The agent expects the configuration
file to be in `/opt/artifactory-agent/data/config.json` on startup.

The configuration file includes the following properties:

| Property                    | Description                                                                     |
| --------------------------- | ------------------------------------------------------------------------------- |
| `agent_id`                  | Unique identifier for the agent.                                                |
| `docker.organization_name`  | Name of the Docker organization.                                                |
| `docker.username`           | Username of the admin user in the Docker organization.                          |