Configure JFrog OIDC Integration with GitHub App

You can configure OpenID Connect (OIDC) integration between JFrog and GitHub using two modes: Automatic and Advanced.

Feature	Automatic Mode: JFrog App for GitHub	Advanced Mode: Traditional Method
Use Case	Simple, dedicated setups	Flexible, complex setups
Repository Mapping	A one-to-one mapping: one OIDC integration to one GitHub repository	One OIDC integration for multiple repositories
Supported Tokens	User, Admin, Group	Project, User, Admin, Group
How to Configure	Follow the steps below	Refer to Configure an OIDC Integration

In the JFrog Platform, select the All Projects scope
Select the Administration module, and go to General Management > Manage Integrations
Click New Integration, and select GitHub Repositories from the drop-down menu
Click Open GitHub Marketplace to be redirected to the integration page on GitHub
In GitHub, review the integration readme file and click Install
Select whether to install the application on all your repositories or select the repositories and click Install & Authorize
In the Platform URL field, enter your Hostname URL, select the checkbox to agree to the terms, and click Start
To allow the integration, select the checkbox to agree to the terms and click Allow
Select the integration setup, including the following settings:
1. Select GitHub Repositories: your GitHub repoisitories will be populated in the list, select the checkboxes for the repositories you want to enable the integration for, and when you are done, click Next.
2. Select Token Type: enter the values for the token that JFrog will return, for more information, see Create Scoped Token.Create Scoped Token
  1. In the Token Scope field, select the scope from the drop-down menu.
    Admin
    User
    Group
    User Mapping
    Groups Mapping
  2. In the User Name/User/Groups/Pattern field, enter the value as appropriate.
    Other than Admin Scope, for other Token Scopes, click + Add Scope and add the scope.
  3. In the Service field, if you want to specify the services that the integration can use: all services are selected by default.
  4. In the Token Expiration Time (In Minutes) Field, enter the token expiration value.
3. Create Pull request: To add a pull request to all your selected GitHub repositories, select the Auto-Generate Pull Request checkbox and click Next.
In GitHub, go to the Pull Requests tab of a repository you selected, and verify that the JFrog pull request is there.

The pull request should contain the following code sample, including all the necessary OIDC configuration parameters, such as the OIDC provider name:

 name: "Setup JFrog CLI OIDC Example"
                on: push
                
                permissions:
                  # This is required for requesting the OIDC token
                  id-token: write
                  # This is required for actions/checkout
                  contents: read
                jobs:
                  build:
                    runs-on: ubuntu-latest
                    steps:
                      - name: Checkout
                        uses: actions/checkout@v4
                      - name: Setup JFrog CLI
                        uses: jfrog/setup-jfrog-cli@v4
                        env:
                          JF_URL: ${{ vars.JF_URL }}
                        with:
                          oidc-provider-name: <github_username>/<repo-name>@github
                
                      - name: Run JFrog CLI
                        run: |
                          # Ping the server
                          jf rt ping

Integrate the code snippet components in your own GitHub workflow, and replace the JF_URL placeholder with your own JFrog Host URL
Merge the pull request in your GitHub repository.