One seamless experience across the software supply chain

> Partner > GitHub


JFrog and GitHub have built an integration that includes intuitive navigation and traceability between source code and binaries, CI/CD with GitHub Actions and JFrog Artifactory, and a unified view of security findings across the software supply chain. By providing full control and visibility across the entire software supply chain, we are accelerating our joint vision of making developers’ lives easier and happier.

JFrog & GitHub Leap Forward

This integration covers everything from curating open source packages, coding, CI, release management, deployment, and production. Watch this video to learn more about three key features:

  1. OIDC Integration: Dynamic Token Creation and Management
  2. Workflow Summaries available in GitHub
  3. Bidirectional Mapping of Source Code and Binaries


Track Artifact Lifecycles

We’ve integrated GitHub Actions with JFrog Artifactory to provide better tracking for stored artifacts. Binary artifacts generated by Actions will include metadata and processes as part of the binary data in JFrog Artifactory, making them a first-class citizen in software bill of materials (SBOM) generation.

One Pane of Glass for Advanced Security

A full security view of source and binary-focused security scans in one place, providing security posture visibility from source to production (some roadmap items).

JFrog Frogbot automatically scans your repositories using JFrog Xray for potential vulnerabilities, exposed secrets, and malware in your dependencies. When vulnerabilities are detected, Frogbot not only alerts you but can also automatically open pull requests with suggested fixes, streamlining the remediation process.

Let’s build from here
The world’s leading AI-powered developer platform

Release Fast Or Die