Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. Integrations

JFrog Integration with GitHub

The JFrog and GitHub integration enables the ability to achieve Unifying Code & Binary Mgmt for a Seamless Developer Experience.

With this integration, organizations can more easily achieve:

  • Bridge Code, Actions, and Binaries using GitHub action Job-summary view.
  • Secure tokenless experience best practices by configuring OIDC for Secure GitHub Actions pipelines using OIDC authentication
  • Deployment of JFrog Source code scanning capabilities
  • Track build metadata and artifacts in JFrog Artifactory
  • View JFrog Xray Binary security findings within GitHub Advanced Security dashboards
  • Enhance Co-pilot capabilities by utilizing JFrog Remote MCP for selecting approved packages and utilizing JFrog Catalog rich information.
jfrog-github-flow-v5.png

Empower Code Management with Security and AI

  • Maximize Code Security: When you push code to GitHub, JFrog Frogbot performs a scan before and after merging. Powered by Xray and JFrog Advanced Security, this scan detects 1st party code issues (SAST), exposed secrets, and 3rd party dependencies issues (SCA), including Contextual analysis and malware detection. If vulnerabilities are found, Frogbot alerts you and can automatically create pull requests with suggested fixes. It also scans Pull Requests and can prevent risky code changes that violate your policy. All findings are integrated into the GitHub Advanced Security dashboard, helping with compliance and offering security insights.
  • Smart Use of Open-Source Packages: The JFrog Remote MCP can assist GitHub Copilot integrate JFrog Catalog data and JFrog Curaiton with GitHub Copilot Chat, allowing developers to interact with artifact information and receive real-time security updates about packages directly within their development environment.

Tokenless experience for secured access best practices with GitHub Actions

  • Secure GitHub Actions with JFrog Artifactory access using OIDC: GitHub Actions pipelines traditionally use long-lived credentials for Artifactory access, posing security risks. By switching to OIDC and integrating with JFrog Artifactory Access Management, long-lived credentials are replaced with short-lived tokens. This improves security, automates credential management, and makes your CI/CD pipeline more efficient.

Comprehensive Insights with JFrog Job Summary

During the build process, the JFrog Job Summary provides a consolidated view of build outputs directly in GitHub Actions.

The summary includes links to:

  • Artifacts stored in the JFrog Platform
  • Associated JFrog Build Info
  • Security scan results and findings from Xray

This enables developers and DevOps teams to quickly navigate between the GitHub workflow and the corresponding artifacts and security insights in the JFrog Platform, improving visibility and troubleshooting.

Traceability Between CI and Artifacts

The integration provides traceability between GitHub CI workflows and the artifacts stored in the JFrog Platform.

Builds executed in GitHub Actions can be linked to the artifacts and Build Info generated in JFrog Artifactory, allowing teams to navigate between CI runs and the corresponding packages.

Upcoming capabilities will extend this correlation to link GitHub-associated artifacts with JFrog packages, enabling deeper visibility across the software supply chain.

Updated 21 days ago