JFrog
Akto testing results can be seamlessly uploaded into JFrog as evidence artifacts, enabling security validation to travel with every stage of the software lifecycle. Whether it’s a package, a build, or a release bundle, Akto results can be attached as evidence, ensuring that vulnerabilities and compliance checks are transparently tied to the exact artifact version being shipped. This integration provides traceability, strengthens audit readiness, and embeds API security insights directly into the DevSecOps pipeline.

🔧 Steps to upload Akto results as Evidence on JFrog
Pre-requisites
JFrog package/build info: It can be
package version, package name and package repo name
build name, build number
JFrog key details
key alias
private key file (.pem)
X-API-KEY : Your Akto API Key that you can get from Settings > Integrations > Akto API
Test result summary id : You can find this from the URL

2. Run the following script -
wget https://raw.githubusercontent.com/akto-api-security/integration_scripts/refs/heads/master/jfrog/akto_testing_jfrog.sh
chmod +x akto_testing_jfrog.sh
export AKTO_API_KEY=YOUR_API_KEY_HERE
export SUMMARY_HEX_ID=YOUR_TEST_SUMMARY_ID_HERE
./akto_testing_jfrog.sh
3. Check the output
You should see 2 files
testing_results.json
testing_results.md
Successful bash output looks like the following -
ankushjain@MacBook-Pro bootstrap % ./akto_testing_jfrog.sh
📡 Fetching results from Akto API...
✅ Markdown report saved to testing_results.md (0 processed, 0 skipped)
4. Run the following command to upload evidence -
// For packages
jf evd create
--package-name="JFROG_PACKAGE_NAME" \
--package-version="JFROG_PACKAGE_VERSION" \
--package-repo-name="JFROG_PACKAGE_REPO" \
--key="JFROG_PRIVATE_KEY_PEM_FILE_PATH" \
--key-alias="JFROG_PRIVATE_KEY_ALIAS" \
--predicate="../testing_results.json" \
--predicate-type="https://akto.io/v1/api-security-testing" \
--markdown="../testing_results.md" \
// For builds
jf evd create \
--build-name "JFROG_BUILD_NAME" \
--build-number "JFROG_BUILD_NUMBER" \
--key JFROG_PRIVATE_KEY_PEM_FILE_PATH \
--key-alias JFROG_PRIVATE_KEY_ALIAS \
--predicate "testing_results.json" \
--predicate-type "https://akto.io/v1/api-security-testing" \
--markdown "testing_results.md"
📥 What Data Gets Sent
API security test findings: Vulnerable findings only along with
Vulnerability details
API Collection name + path
sample payload
severity details
✅ Verifying in JFrog
To verify evidence got uploaded:
Go to Package or Build name in your JFrog dashboard.
Go to Evidence tab
Look for Akto evidence

Get Support for your Akto setup
There are multiple ways to request support from Akto. We are 24X7 available on the following:
In-app
intercom
support. Message us with your query on intercom in Akto dashboard and someone will reply.Join our discord channel for community support.
Contact
[email protected]
for email support.
Last updated
Was this helpful?