Apptrust Evidence Policies
API transport: Prefer
jf api(JFrog CLI 2.100.0+). See jf-api-patterns.md (path-only URLs; auth fromjf config). Examples usingcurlwith$JFROG_URL+ bearer token are fallback when the CLI is missing or below 2.100.0.
Evidence Promotion Policy Creator
Create a JFrog lifecycle policy that validates evidence exists before allowing application promotion, scoped to applications with specific labels.
Prerequisites
Follow jfrog-apptrust-auth.md to authenticate with the JFrog Platform before proceeding.
Desired State
After the workflow completes, the following must be true:
- A template exists (Rego policy) that evaluates evidence for the requested predicate type.
- A rule exists that binds the template to the predicate type (and any extra parameters).
- A policy exists, scoped to the chosen project or application, that blocks or warns on promotion when the evidence check fails.
More from jfrog/ai-agent-examples
jfrog-reconcile-manifest
Reconcile JFrog Platform state with a desired-state manifest. Reads current configuration, computes a diff, presents changes for approval, and applies only the delta. Use when the user wants to update, sync, or reconcile JFrog with manifest changes.
10jfrog-project-onboarding
Orchestrate end-to-end JFrog Platform onboarding for GitHub projects. Provisions JFrog projects, creates Artifactory repositories, adds members, configures OIDC, configures package managers, and updates CI workflows. Use when the user wants to onboard, connect, or integrate GitHub repos with JFrog, or when processing an onboarding manifest.
9github-configure-package-managers
Configure package manager settings in GitHub repositories to resolve dependencies from JFrog Artifactory. Handles npm (.npmrc), Maven (settings.xml), pip (pip.conf), Go (GOPROXY), Docker, and Helm. Use when setting up local developer dependency resolution through Artifactory.
9jfrog-system-config-repo
Persist and retrieve onboarding manifests via Artifactory or Git. Supports configurable project/repo for Artifactory and clone/commit/push for Git. Routes by state.destination in the manifest. Use when persisting or retrieving onboarding manifests.
9jfrog-oidc-setup
Configure OpenID Connect (OIDC) integration between GitHub Actions and JFrog Platform for secretless CI authentication. Checks subscription compatibility, creates OIDC providers, and sets up identity mappings per repository. Use when setting up OIDC for GitHub Actions workflows.
9detect-existing-patterns
Detect existing project and repository naming patterns on the JFrog Platform before onboarding. Queries all projects and repos, analyzes naming conventions, and presents the user with a choice between following detected patterns or using the standard naming rules. Use before creating new projects or repositories.
9