Try JFrog
Guides
Contact SupportTry JFrog
  1. source-code
  2. Frogbot V3
  3. Scanning Commits and Pull Requests

Jenkins

Frogbot integrates with Jenkins using the Generic Webhook Trigger plugin to respond to PR and push events from your Git provider.

Prerequisites

  • Install the Generic Webhook Trigger plugin in Jenkins.
  • Configure a webhook in your Git provider (GitHub, GitLab, Bitbucket Server, or Azure Repos) that points to your Jenkins instance.

Setup

Step 1: Configure Credentials

In Jenkins, go to Manage Jenkins > Credentials and add:

CredentialTypeID
JFrog Platform URLSecret textJF_URL
JFrog access tokenSecret textJF_ACCESS_TOKEN
Git provider tokenSecret textJF_GIT_TOKEN

Step 2: Create a PR Scan Pipeline

Create a Jenkinsfile for PR scanning:

pipeline {
    // Use your agent with installed package manager (npm, go, python, etc.)
    agent { label '<YOUR_AGENT_LABEL>' }
    
    triggers {
        // Webhook trigger - uncomment ONE provider block below based on your Git provider
        GenericTrigger(
            genericVariables: [
                // GitHub - Uncomment for GitHub
                //[key: 'JF_GIT_REPO', value: '$.repository.name'],
                //[key: 'JF_GIT_PULL_REQUEST_ID', value: '$.number'],
                //[key: 'JF_GIT_OWNER', value: '$.repository.owner.login'],
                //[key: 'JF_GIT_BASE_BRANCH', value: '$.pull_request.base.ref'],

                // GitLab - Uncomment for GitLab
                //[key: 'JF_GIT_REPO', value: '$.project.name'],
                //[key: 'JF_GIT_PULL_REQUEST_ID', value: '$.object_attributes.iid'],
                //[key: 'JF_GIT_OWNER', value: '$.project.namespace'],
                //[key: 'JF_GIT_BASE_BRANCH', value: '$.object_attributes.target_branch'],

                // Bitbucket Server - Uncomment for Bitbucket
                //[key: 'JF_GIT_REPO', value: '$.pullRequest.fromRef.repository.slug'],
                //[key: 'JF_GIT_PULL_REQUEST_ID', value: '$.pullRequest.id'],
                //[key: 'JF_GIT_OWNER', value: '$.pullRequest.fromRef.repository.project.key'],
                //[key: 'JF_GIT_BASE_BRANCH', value: '$.pullRequest.toRef.displayId'],

                // Azure Repos - Uncomment for Azure Repos
                //[key: 'JF_GIT_REPO', value: '$.resource.repository.name'],
                //[key: 'JF_GIT_PULL_REQUEST_ID', value: '$.resource.pullRequestId'],
                //[key: 'JF_GIT_OWNER', value: '$.resource.repository.project.name'],
                //[key: 'JF_GIT_BASE_BRANCH', value: '$.resource.targetRefName'],
                //[key: 'JF_GIT_PROJECT', value: '$.resource.repository.project.name'],
            ],
            causeString: 'Pull Request Webhook',
            // Webhook URL: https://<JENKINS_URL>/generic-webhook-trigger/invoke?token=<YOUR_WEBHOOK_TOKEN>
            token: '<YOUR_WEBHOOK_TOKEN>'
        )
    }
    
    environment {
        // [Mandatory] JFrog Platform URL
        // Example: 'https://mycompany.jfrog.io/'
        JF_URL = credentials('<YOUR_JF_URL_CREDENTIAL_ID>')
        
        // [Mandatory] JFrog Access Token with Xray read permissions
        JF_ACCESS_TOKEN = credentials('<YOUR_JF_ACCESS_TOKEN_CREDENTIAL_ID>')
        
        // [Mandatory] Git access token with repo permissions
        JF_GIT_TOKEN = credentials('<YOUR_GIT_TOKEN_CREDENTIAL_ID>')
        
        // [Mandatory] Git provider: 'github', 'gitlab', 'bitbucketServer', 'azureRepos'
        JF_GIT_PROVIDER = '<YOUR_GIT_PROVIDER>'
        
        // [Mandatory for on-prem Git] API endpoint
        // Examples: 'https://api.github.com', 'https://gitlab.company.com/api/v4'
        JF_GIT_API_ENDPOINT = '<YOUR_GIT_API_ENDPOINT>'
    }
    
    stages {
        stage('Frogbot Scan Pull Request') {
            steps {
                sh """
                    curl -fL "https://releases.jfrog.io/artifactory/frogbot/v3/[RELEASE]/getFrogbot.sh" | sh
                    ./frogbot scan-pull-request
                """
            }
        }
    }
}

Step 3: Create a Commit Scan Pipeline

Create a separate Jenkinsfile for commit scanning (typically triggered by cron or push):

pipeline {
    // Use your agent with installed package manager (npm, go, python, etc.)
    agent { label '<YOUR_AGENT_LABEL>' }
    
    triggers {
        // Scheduled scan - runs daily at midnight
        cron('0 0 * * *')
        
        // Webhook trigger - uncomment ONE provider block below based on your Git provider
        GenericTrigger(
            genericVariables: [
                // GitHub Push - Uncomment for GitHub
                //[key: 'JF_GIT_REPO', value: '$.repository.name'],
                //[key: 'JF_GIT_OWNER', value: '$.repository.owner.login'],
                //[key: 'JF_GIT_BASE_BRANCH', value: '$.ref'],

                // GitLab Push - Uncomment for GitLab
                //[key: 'JF_GIT_REPO', value: '$.project.name'],
                //[key: 'JF_GIT_OWNER', value: '$.project.namespace'],
                //[key: 'JF_GIT_BASE_BRANCH', value: '$.ref'],

                // Bitbucket Push - Uncomment for Bitbucket Server
                //[key: 'JF_GIT_REPO', value: '$.repository.slug'],
                //[key: 'JF_GIT_OWNER', value: '$.repository.project.key'],
                //[key: 'JF_GIT_BASE_BRANCH', value: '$.changes[0].ref.displayId'],

                // Azure Repos Push - Uncomment for Azure Repos
                //[key: 'JF_GIT_REPO', value: '$.resource.repository.name'],
                //[key: 'JF_GIT_OWNER', value: '$.resource.repository.project.name'],
                //[key: 'JF_GIT_BASE_BRANCH', value: '$.resource.refUpdates[0].name'],
                //[key: 'JF_GIT_PROJECT', value: '$.resource.repository.project.name'],
            ],
            causeString: 'Push Webhook',
             regexpFilterText: '$ref',
            //TRIGGERS ONLY ON MASTER/MAIN
             regexpFilterExpression: '^refs/heads/(master|main)$',
            // Webhook URL: https://<JENKINS_URL>/generic-webhook-trigger/invoke?token=<YOUR_WEBHOOK_TOKEN>
            token: '<YOUR_WEBHOOK_TOKEN>'
        )
    }
    
    environment {
        // [Mandatory] JFrog Platform URL
        // Example: 'https://mycompany.jfrog.io/'
        JF_URL = credentials('<YOUR_JF_URL_CREDENTIAL_ID>')
        
        // [Mandatory] JFrog Access Token with Xray read permissions
        JF_ACCESS_TOKEN = credentials('<YOUR_JF_ACCESS_TOKEN_CREDENTIAL_ID>')
        
        // [Mandatory] Git access token with repo permissions
        JF_GIT_TOKEN = credentials('<YOUR_GIT_TOKEN_CREDENTIAL_ID>')
        
        // [Mandatory] Git provider: 'github', 'gitlab', 'bitbucketServer', 'azureRepos'
        JF_GIT_PROVIDER = '<YOUR_GIT_PROVIDER>'
        
        // [Mandatory for on-prem Git] API endpoint
        // Examples: 'https://api.github.com', 'https://gitlab.company.com/api/v4'
        JF_GIT_API_ENDPOINT = '<YOUR_GIT_API_ENDPOINT>'
    }
    
    stages {
        stage('Frogbot Scan Repository') {
            steps {
                sh """
                    curl -fL "https://releases.jfrog.io/artifactory/frogbot/v3/[RELEASE]/getFrogbot.sh" | sh
                    ./frogbot scan-repository
                """
            }
        }
    }
}

Webhook Configuration by Git Provider

Git ProviderWebhook EventsPayload Field Mappings
GitHubPull requests (opened, synchronize)$.repository.name, $.pull_request.number, $.repository.owner.login
GitLabMerge request events$.project.path, $.object_attributes.iid, $.project.namespace
Bitbucket ServerPull request (opened, source updated)$.pullRequest.toRef.repository.slug, $.pullRequest.id, $.pullRequest.toRef.repository.project.key
Azure ReposPull request created, Pull request updated$.resource.repository.name, $.resource.pullRequestId, $.resource.repository.project.name

Adjust the genericVariables in the GenericTrigger configuration to match your Git provider's webhook payload structure.

Updated 15 days ago