Who can use this feature?
JFrog Job Summary is available to Pro/ProX and Enterprise/Enterprise+ customers. Advanced features, such as detailed security findings and linkage between GitHub and Artifactory, are exclusive to Enterprise/Enterprise+ customers. For a complete feature comparison by subscription type, refer to the JFrog and GitHub Integration Features Matrix.
A build failure can disrupt various teams within an organization, affecting developers, security teams, pipeline engineers, and DevOps teams. Rather than manually browsing through logs to diagnose issues, the JFrog and GitHub integration provides a consolidated view of your build process, offering enhanced clarity, control, and security.
What does it do?
The JFrog Job Summary feature offers detailed insights into each build, directly within GitHub Actions. This includes:
Artifact Linking: Each artifact uploaded to Artifactory is linked to its corresponding Artifactory artifact.
Package Linking: Project packages uploaded to Artifactory are linked to their corresponding Artifactory packages.
Published Build: Establishes a bi-directional link between builds and the Buildinfo created in Artifactory, including details on published modules, environment, Xray data, and Build Info JSON.
Security Issues: Provides summaries of security scans, including SCA (Software Composition Analysis) issues, binary scanning, contextual analysis, and secrets detection.
Build Info: Details of the build process are published to Artifactory and saved as a Buildinfo artifact. To learn more, refer to JFrog Build Info.
Curation Audit: Lists packages that violated policies and were blocked from upload, with links from GitHub Actions job summaries to Xray for detailed security insights.
Why is it important?
Developers: Provides detailed build insights and metadata, improving build quality and visibility.
Security Teams: Enhances vulnerability and compliance management, supports policy enforcement, and ensures package curation.