GitHub

JFrog and GitHub have come together to ensure organizations have full control over the entire software supply chain from code to binaries to security to distribution. Driven byRead More >

riven by community and customer demand, the deep integration and jointly-developed roadmap will cover multiple aspects of the software supply chain. Read Less >

GitHub Integration Features

Related Resources
Documentation

JFrog and GitHub Integration Documentation

Webinar

JFrog & GitHub: Leaping Forward Together

Blog

GitHub and JFrog Partner To Unify Code and Binaries for DevSecOps

Technical Blog

How to Connect the JFrog Platform to Your GitHub Environment to Create a Seamless Integration

Documentation

Copilot Extension Documentation

GitHub Integration FAQ

How can I try this integration?

An Enterprise subscription on both platforms is required to fully experience JFrog GitHub integrations. Existing GitHub Enterprise users can sign up for a trial of the JFrog Platform and connect those instances or vice versa.

Does the Frogbot GitHub Advanced Security (GHAS) integration work with on-prem versions of GitHub and Artifactory?

The integration supports JFrog and GitHub’s SaaS/managed offerings and self-hosted versions.

Is GitHub Advanced Security required for the JFrog and GitHub integration?

GitHub Advanced Security is not required to benefit from the integration. If enabled, it allows consolidation of security results from JFrog into GitHub Advanced Security for a unified view.

What’s the difference between using Frogbot and the JFrog Xray CLI?

Frogbot is used for repo scanning, pull request scans, and other GitHub native functions. The JFrog CLI allows integration of Xray and JFrog Advanced Security features into your build process and SDLC.

Will GitHub’s UI be enhanced to display Artifactory packages?

The GitHub UI now includes a "JFrog Summary" for builds, showing links to binaries, build locations, and vulnerability information.

Are specific JFrog products required to benefit from the integration?

For optimal benefits, using JFrog throughout your CI/CD process is recommended. Any tier with Xray can be used for GitHub Actions integration, but advanced features require EnterpriseX or higher.

Can an OIDC connection setup be used to obtain a temporary username/password for tools like Maven, npm, and Docker?

The OIDC setup provides a short-lived token usable in GitHub Actions and with JFrog CLI.

Do you need a GitHub Advanced Security license to use JFrog SAST and SCA? Will JFrog scan results appear in GitHub’s code scanning section?

JFrog scan results are available in GitHub’s security tab. A GitHub Advanced Security license is not required for JFrog SAST and SCA, but consulting with JFrog for optimal integration is recommended.

Will the integration replace GitHub Packages, and what are the advantages?

GitHub Packages can still be used, but Artifactory is the preferred method for package management, providing industry-standard features and enhancing your software supply chain security.

Release Fast Or Die

About GitHub

GitHub empowers developers and organizations to build, scale, and deliver secure software. As the world's largest developer platform, GitHub fosters a global community where millions of people and businesses collaborate, innovate, and drive code to its full potential.