The Power of Artifactory User Plugins

20 augustus 2019

Although TMC ALM is a Platinum Atlassian Solution partner, we are also experienced in a lot of other ALM related solutions. Today’s blog is about the Power of Artifactory user plugins

“With great power comes great responsibility.”

Most likely, this famous Spider-Man Uncle Ben phrase is not new to you. It also applies perfectly in the case of Artifactory user plugins.

jFrog Artifactory is a Universal Artifact Repository Manager that provides great power to its users by providing the possibility to customize its behavior or extend its features. By writing user plugins you can change the behavior of Artifactory to react to certain events or you can build extensive REST APIs to enhance its features with new functionality. To help you use this power responsibly, I have written this blog. 

User plugins vs Rest API

You may add scheduled tasks, extend security realms, change resolution rules, manipulate downloaded content, respond to a storage event, perform searches/queries and much more in Artifactory with standard REST APIs. This is enormous power! Trust me. However, for your organizational needs you might sometime want Artifactory to react to some events in a particular manner or perform some extra tasks before or after the artifact is published. This is where user plugins have the upper hand over REST APIs solutions.

Imagine if you want Artifactory to control if an artifact is being added to a pre-defined structure along with relevant additional information such as source repository URL, git commit id or even a build job URL. You want to accept or deny the request based on completeness of this information and even want to send an email notification to the uploader and owner of the repository. On top of it, you want to apply this only for a few specific repositories. You can do so very easily with a custom user plugin. Even though, REST API provides you with the ability to upload the artifact with metadata, it does not control the pre-defined structure or properties that you have added. This is where user plugin plays a differentiating and value add role.

At TMC ALM we have helped a lot of customers and we have concluded that every organization is different and so is their requirement for binary deployment workflows.

Even though community contributors have done an excellent job on the community available plugins, it may not fit defacto in your organization’s requirements and standards.

Some examples

 TMC ALM has provided some of our customers with the following Artifactory user plugin solutions:

  • Snapshot clean up (scheduled and on REST call) User plugin

One of our customers started using Artifactory two years ago. Their Maven repositories were configured to maintain a minimum number of  unique artifacts and they were set to be automatically cleaned up if more than 3 in numbers. Their other non-Maven repositories grew big, consuming up to 2Tb of diskspace. With the plugin, we implemented the ability to list snapshot repositories and clean them on a regular basis(nightly). The plugin can be configured to remove outdated artifacts every time the plugin is executed and preserve only x number of snapshots in a snapshot repository. We reclaimed approximately 1Tb of diskspace back which could further be used for maintaining release artifacts.

  • Layout enforcement for specified repositories

One of our customers wanted to enforce the following structure “org.<company-name>.<JiraProjectKey>.<JiraComponent>” to be followed while uploading the artifacts to Artifactory. They also wanted to check if the Jira Project key and component name under which the artifacts are being published indeed are present in Jira. This plugin has been designed to interact with external tools such as Jira and maintain the structure in Artifactory. The customer is happy with the fact that the repositories are very neatly organized.

  • Interface to communicate with other services within the organization

We designed the interface plugin to interact with an external PLM system. As soon as an artifact is promoted as a release, Artifactory sends out a trigger notification to the PLM system and updates the properties of the artifact with the metadata received from the PLM system.

  • Collect statistics of repositories, its types and used/unused/deprecated artifacts

With the plugin, stakeholders are notified periodically with the statistics of repositories, the types of repositories available in the Artifactory instance and the number of used/unused artifacts that can be removed to reclaim diskspace. The customers’ tool administrator found this plugin very useful and a must-have tool for efficient tool administration.

  • Interface to communicate with Atlassian tools such as Jira Software

The plugin interacts with Jira to check the status of an issue and allows or denies the upload of an artifact. It enables the organization to keep proper account of issues being worked on in their Jira project.

  • Invoke custom promotion logic

Though Artifactory provides an API to promote a regular artifact or a docker image, our customer needed to implement custom promotion logic based on the qualification of tests. This plugin controls the promotion flow of an artifact from snapshot to release repository based on the information from quality gate checking. Thus ensuring only the qualified artifacts are promoted further and highest level of quality is maintained.

  • Implement checksum check at various level of promotion

This plugin is an enhancement of the previous one. It goes one level deeper and maintains the checksum of an artifact as a property. This checksum can also be used by the customer in their internal documentation and verification checks to prevent any undesired last minute tampering to their released artifacts. The plugin calculates the checksum of all the files under an artifact when the artifact is added to snapshot repository. When the snapshot is promoted further to stage or release repository, the checksum is recalculated and compared against the previously stored checksum. If the checksum differs, the promotion is denied and the stakeholders are notified of tampering of the artifacts.

  • Deny use of deprecated third-party dependencies

This is one of our craftsmanship plugins. This one is complicated but in our opinion it is a must-have feature for growing organizations which heavily depend on third-party or open source libraries. With the plugin, we implemented Artifactory to check if an artifact is relying on a third-party dependency which is deprecated or about to be deprecated in the next few months. This prevents the development team from unknowingly consuming the dependency which is deprecated or about to be deprecated and thus deny the upload of such an artifact. Though there are tools available which can check if one or more of your dependencies are deprecated, check security vulnerabilities or open source license information, they come into play once the artifacts are published to Artifactory. Whereas with this plugin, you can absolutely prevent such circumstances. At TMC ALM we always aim for prevention instead of curing.

  • Auto-publish qualified Android apps to the Play store

This plugin is another example of why user plugins have the upper hand on REST API. With this plugin, once the artifact is qualified and promoted to release to a repository, it is automatically published to a play store. If the first attempt to upload fails, a retry is attempted and the administrator or stakeholders are notified of success or failure. This is also a simple example of Continuous Deployment we enabled our customer with.

Based on above experience we can say that failing to handle your power with responsibility might result in monumental failure of binary deployment workflow of your organization. Handling your power with responsibility and steering it towards the right direction is something that we strive to deliver with the above offering.

For more possible scenarios and possibilities you can refer to the official jFrog documentation ( for details about User plugins.

Community-contributed Artifactory user plugins are available as open source code in Github ( for you to use as it is or modify and contribute back.

Experts at TMC-ALM are able and ready to help you design and customize these plugins. We have experienced consultants who are eagier to work together with you to solve your problem or tackle your challenge in order to make your binary deployment  work easier and happier.

Do not hesitate to contact TMC-ALM for all your queries related to jFrog Artifactory general usage or user plugins.