riven by community and customer demand, the deep integration and jointly-developed roadmap will cover multiple aspects of the software supply chain. Read Less >
JFrog and GitHub Integration Documentation
JFrog & GitHub: Leaping Forward Together
GitHub and JFrog Partner To Unify Code and Binaries for DevSecOps
How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration
Copilot Extension Documentation
An Enterprise subscription on both platforms is required to fully experience JFrog GitHub integrations. Existing GitHub Enterprise users can sign up for a trial of the JFrog Platform and connect those instances or vice versa.
The integration supports JFrog and GitHub’s SaaS/managed offerings and self-hosted versions.
GitHub Advanced Security is not required to benefit from the integration. If enabled, it allows consolidation of security results from JFrog into GitHub Advanced Security for a unified view.
Frogbot is used for repo scanning, pull request scans, and other GitHub native functions. The JFrog CLI allows integration of Xray and JFrog Advanced Security features into your build process and SDLC.
The GitHub UI now includes a "JFrog Summary" for builds, showing links to binaries, build locations, and vulnerability information.
For optimal benefits, using JFrog throughout your CI/CD process is recommended. Any tier with Xray can be used for GitHub Actions integration, but advanced features require EnterpriseX or higher.
The OIDC setup provides a short-lived token usable in GitHub Actions and with JFrog CLI.
JFrog scan results are available in GitHub’s security tab. A GitHub Advanced Security license is not required for JFrog SAST and SCA, but consulting with JFrog for optimal integration is recommended.
GitHub Packages can still be used, but Artifactory is the preferred method for package management, providing industry-standard features and enhancing your software supply chain security.