{"id":13647201,"url":"https://github.com/jenkinsci/github-plugin","last_synced_at":"2026-02-12T06:19:34.623Z","repository":{"id":1231253,"uuid":"1163555","full_name":"jenkinsci/github-plugin","owner":"jenkinsci","description":"Jenkins GitHub plugin","archived":false,"fork":false,"pushed_at":"2026-01-12T22:19:28.000Z","size":1961,"stargazers_count":300,"open_issues_count":166,"forks_count":400,"subscribers_count":105,"default_branch":"master","last_synced_at":"2026-01-31T20:45:15.789Z","etag":null,"topics":["github","hpi","java","jenkins-plugin"],"latest_commit_sha":null,"homepage":"https://plugins.jenkins.io/github/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"rickyrauch/Balloons.IO","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jenkinsci.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE.md","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"community_bridge":"jenkins","custom":["https://www.jenkins.io/donate/#why-donate"]}},"created_at":"2010-12-13T05:35:14.000Z","updated_at":"2026-01-18T14:46:57.000Z","dependencies_parsed_at":"2023-11-12T20:22:48.722Z","dependency_job_id":"8322cfdc-0153-4c9b-96f5-fb0525ab8d88","html_url":"https://github.com/jenkinsci/github-plugin","commit_stats":{"total_commits":674,"total_committers":107,"mean_commits":6.299065420560748,"dds":0.8694362017804154,"last_synced_commit":"878320196dedc838d29407ab2d4348e97b166515"},"previous_names":[],"tags_count":105,"template":false,"template_full_name":null,"purl":"pkg:github/jenkinsci/github-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkinsci%2Fgithub-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkinsci%2Fgithub-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkinsci%2Fgithub-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkinsci%2Fgithub-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jenkinsci","download_url":"https://codeload.github.com/jenkinsci/github-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkinsci%2Fgithub-plugin/sbom","scorecard":{"id":514975,"data":{"date":"2025-08-11","repo":{"name":"github.com/jenkinsci/github-plugin","commit":"0ffb13e2ccd13a32ae4790f2377ca2e00896d190"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":3,"reason":"4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 10/19 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'actions' permission set to 'read': .github/workflows/jenkins-security-scan.yml:14","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/jenkins-security-scan.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/jenkins-security-scan.yml:13","Warn: no topLevel permission defined: .github/workflows/release-drafter.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/jenkins-security-scan.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkinsci/github-plugin/jenkins-security-scan.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/jenkinsci/github-plugin/release-drafter.yml/master?enable=pin","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/jenkinsci/.github/SECURITY.md:1","Info: Found linked content: github.com/jenkinsci/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/jenkinsci/.github/SECURITY.md:1","Info: Found text in security policy: github.com/jenkinsci/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":8,"reason":"SAST tool is not run on all commits -- score normalized to 8","details":["Warn: 18 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-20T01:34:49.275Z","repository_id":1231253,"created_at":"2025-08-20T01:34:49.276Z","updated_at":"2025-08-20T01:34:49.276Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29360623,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-12T01:03:07.613Z","status":"online","status_checked_at":"2026-02-12T02:00:06.911Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","hpi","java","jenkins-plugin"],"created_at":"2024-08-02T01:03:23.840Z","updated_at":"2026-02-12T06:19:34.608Z","avatar_url":"https://github.com/jenkinsci.png","language":"Java","readme":"# GitHub Plugin\n\n[![codecov](https://codecov.io/gh/jenkinsci/github-plugin/branch/master/graph/badge.svg)](https://codecov.io/gh/jenkinsci/github-plugin)\n[![License](https://img.shields.io/github/license/jenkinsci/github-plugin.svg)](LICENSE)\n\nThis plugin integrates Jenkins with [GitHub](http://github.com/)\nprojects.The plugin currently has three major functionalities:\n\n-   Create hyperlinks between your Jenkins projects and GitHub\n-   Trigger a job when you push to the repository by groking HTTP POSTs\n    from post-receive hook and optionally auto-managing the hook setup.\n-   Report build status result back to github as [Commit\n    Status](https://github.com/blog/1227-commit-status-api) ([documented\n    on\n    SO](https://stackoverflow.com/questions/14274293/show-current-state-of-jenkins-build-on-github-repo/26910986#26910986))\n-   Base features for other plugins\n\n## Hyperlinks between changes\n\nThe GitHub plugin decorates Jenkins \"Changes\" pages to create links to\nyour GitHub commit and issue pages. It adds a sidebar link that links\nback to the GitHub project page.\n\n![](/docs/images/changes.png)\n![](/docs/images/changes-2.png)\n\nWhen creating a job, specify that is connects to git. Under \"GitHub\nproject\", put in: git@github.com:*Person*/*Project*.git Under \"Source\nCode Management\" select Git, and put in\ngit@github.com:*Person*/*Project*.git\n\n## GitHub hook trigger for GITScm polling\n\nThis feature enables builds after [post-receive hooks in your GitHub\nrepositories](https://help.github.com/post-receive-hooks/). This trigger\nonly kicks git-plugin internal polling algo for every incoming event\nagainst matched repo.\n\n\u003e This trigger was previously named as \"Build when a change is pushed to GitHub\"\n\n## Usage\n\nTo be able to use this feature different mode are available : \n* manual mode : the url have to be added manually in each project\n* automatic mode : Jenkins register automatically the webhook for every project\n\n### Manual Mode\n\nIn this mode, you'll be responsible for registering the hook URLs to\nGitHub. Click the\n![(question)](/docs/images/help_16.svg)\nicon (under Manage Jenkins \\\u003e Configure System \\\u003e GitHub) to see the URL\nin Jenkins that receives the post-commit POSTs — but in general the URL\nis of the form `$JENKINS_BASE_URL/github-webhook/` — for example:\n`https://ci.example.com/jenkins/github-webhook/`.\n\nOnce you have the URL, and have added it as a webhook to the relevant\nGitHub repositories, continue to **Step 3**.\n\n### Automatic Mode (Jenkins manages hooks for jobs by itself)\n\nIn this mode, Jenkins will automatically add/remove hook URLs to GitHub\nbased on the project configuration in the background. You'll specify\nGitHub OAuth token so that Jenkins can login as you to do this.\n\n**Step 1.** Go to the global configuration and add GitHub Server Config.\n\n![](/docs/images/ghserver-config.png)\n\n**Step 2.1.** Create your personal access token in GitHub.\n\nPlugin can help you to do it with all required scopes. Go to\n**Advanced** -\\\u003e **Manage Additional GitHub Actions** -\\\u003e **Convert\nLogin and Password to token**\n\n![](/docs/images/manage-token.png)\n\n\u003e *Two-Factor Authentication*\n\u003e \n\u003e Auto-creating token doesn't work with [GitHub\n\u003e 2FA](https://help.github.com/articles/about-two-factor-authentication/)\n\u003e \n\u003e You can create **\"Secret text\"** credentials with token in corresponding\n\u003e domain with login and password directly, or from username and password\n\u003e credentials.\n\n**Step 2.2.** Select previously created \"Secret Text\" credentials with\nGitHub OAuth token.\n\n*Required scopes for token*\n\nTo be able manage hooks your token should have **admin:org\\_hook**\nscope.\n\n*GitHub Enterprise*\n\nYou can also redefine GitHub url by clicking on **Custom GitHub API\nURL** checkbox.  \nNote that credentials are filtered by entered GH url with help of domain\nrequirements. So you can create credentials in different domains and see\nonly credentials that matched by predefined domains.\n\n![](/docs/images/secret-text.png)\n\n**Step 3.** Once that configuration is done, go to the project config of\neach job you want triggered automatically and simply check \"GitHub hook trigger for GITScm polling\" \nunder \"Build Triggers\". With this, every new\npush to the repository automatically triggers a new build.\n\nNote that there's only one URL and it receives all post-receive POSTs\nfor all your repositories. The server side of this URL is smart enough\nto figure out which projects need to be triggered, based on the\nsubmission.\n\n## Security Implications\n\nThis plugin requires that you have an HTTP URL reachable from GitHub,\nwhich means it's reachable from the whole internet. So it is implemented\ncarefully with the possible malicious fake post-receive POSTS in mind.\nTo cope with this, upon receiving a POST, Jenkins will talk to GitHub to\nensure the push was actually made.\n\n## Jenkins inside a firewall\n\nIn case your Jenkins run inside the firewall and not directly reachable\nfrom the internet, this plugin lets you specify an arbitrary endpoint\nURL as an override in the automatic mode. The plugin will assume that\nyou've set up reverse proxy or some other means so that the POST from\nGitHub will be routed to the Jenkins.\n\n## Trouble-shooting hooks\n\nIf you set this up but build aren't triggered, check the following\nthings:\n\n-   Click the \"admin\" button on the GitHub repository in question and\n    make sure post-receive hooks are there.\n    -   If it's not there, make sure you have proper credential set in\n        the Jenkins system config page.\n-   Also, [enable\n    logging](https://wiki.jenkins.io/display/JENKINS/Logging) for the\n    class names\n    -   `com.cloudbees.jenkins.GitHubPushTrigger`\n    -   `org.jenkinsci.plugins.github.webhook.WebhookManager`\n    -   `com.cloudbees.jenkins.GitHubWebHook`  \n        and you'll see the log of Jenkins trying to install a\n        post-receive hook.\n-   Click \"Test hook\" button from the GitHub UI and see if Jenkins\n    receive a payload.\n\n## Using cache to GitHub requests\n\nEach **GitHub Server Config** creates own GitHub client to interact with\napi. By default it uses cache (with **20MB** limit) to speedup process\nof fetching data and reduce rate-limit consuming. You can change cache\nlimit value in \"Advanced\" section of this config item. If you set 0,\nthen this feature will be disabled for this (and only this) config.\n\nAdditional info:\n\n-   This plugin now serves only hooks from github as main feature. Then\n    it starts using git-plugin to fetch sources.\n-   It works both public and Enterprise GitHub\n-   Plugin have some\n    [limitations](https://stackoverflow.com/questions/16323749/jenkins-github-plugin-inverse-branches)\n\n## Possible Issues between Jenkins and GitHub\n\n### Windows:\n\n-   In windows, Jenkins will use the the SSH key of the user it is\n    running as, which is located in the %USERPROFILE%\\\\.ssh folder ( on\n    XP, that would be C:\\\\Documents and Settings\\\\USERNAME\\\\.ssh, and on\n    7 it would be C:\\\\Users\\\\USERNAME\\\\.ssh). Therefore, you need to\n    force Jenkins to run as the user that has the SSH key configured. To\n    do that, right click on My Computer, and hit \"Manage\". Click on\n    \"Services\". Go to Jenkins, right click, and select  \"Properties\".\n    Under the \"Log On\" tab, choose the user Jenkins will run as, and put\n    in the username and password (it requires one). Then restart the\n    Jenkins service by right clicking on Jenkins (in the services\n    window), and hit \"Restart\".\n-   Jenkins does not support passphrases for SSH keys. Therefore, if you\n    set one while running the initial GitHub configuration, rerun it and\n    don't set one.\n\n## Pipeline examples\n\n### Setting commit status\n\nThis code will set commit status for custom repo with configured context\nand message (you can also define same way backref)\n\n```groovy\nvoid setBuildStatus(String message, String state) {\n  step([\n      $class: \"GitHubCommitStatusSetter\",\n      reposSource: [$class: \"ManuallyEnteredRepositorySource\", url: \"https://github.com/my-org/my-repo\"],\n      contextSource: [$class: \"ManuallyEnteredCommitContextSource\", context: \"ci/jenkins/build-status\"],\n      errorHandlers: [[$class: \"ChangingBuildStatusErrorHandler\", result: \"UNSTABLE\"]],\n      statusResultSource: [ $class: \"ConditionalStatusResultSource\", results: [[$class: \"AnyBuildResult\", message: message, state: state]] ]\n  ]);\n}\n\nsetBuildStatus(\"Build complete\", \"SUCCESS\");\n```\n\nMore complex example (can be used with multiple scm sources in pipeline)\n\n```groovy\ndef getRepoURL() {\n  sh \"git config --get remote.origin.url \u003e .git/remote-url\"\n  return readFile(\".git/remote-url\").trim()\n}\n\ndef getCommitSha() {\n  sh \"git rev-parse HEAD \u003e .git/current-commit\"\n  return readFile(\".git/current-commit\").trim()\n}\n\ndef updateGithubCommitStatus(build) {\n  // workaround https://issues.jenkins-ci.org/browse/JENKINS-38674\n  repoUrl = getRepoURL()\n  commitSha = getCommitSha()\n\n  step([\n    $class: 'GitHubCommitStatusSetter',\n    reposSource: [$class: \"ManuallyEnteredRepositorySource\", url: repoUrl],\n    commitShaSource: [$class: \"ManuallyEnteredShaSource\", sha: commitSha],\n    errorHandlers: [[$class: 'ShallowAnyErrorHandler']],\n    statusResultSource: [\n      $class: 'ConditionalStatusResultSource',\n      results: [\n        [$class: 'BetterThanOrEqualBuildResult', result: 'SUCCESS', state: 'SUCCESS', message: build.description],\n        [$class: 'BetterThanOrEqualBuildResult', result: 'FAILURE', state: 'FAILURE', message: build.description],\n        [$class: 'AnyBuildResult', state: 'FAILURE', message: 'Loophole']\n      ]\n    ]\n  ])\n}\n```\n\n## Change Log\n\n[GitHub Releases](https://github.com/jenkinsci/github-plugin/releases)\n\n## Development\n\nStart the local Jenkins instance:\n\n    mvn hpi:run\n\n\n## Jenkins Plugin Maven goals\n\n\thpi:create  Creates a skeleton of a new plugin.\n\t\n\thpi:hpi Builds the .hpi file\n\n\thpi:hpl Generates the .hpl file\n\n\thpi:run Runs Jenkins with the current plugin project\n\n\thpi:upload Posts the hpi file to java.net. Used during the release.\n\t\n\t\n## How to install\n\nRun \n\n\tmvn hpi:hpi\n\t\nto create the plugin .hpi file.\n\n\nTo install:\n\n1. copy the resulting ./target/rdoc.hpi file to the $JENKINS_HOME/plugins directory. Don't forget to restart Jenkins afterwards.\n\t\n2. or use the plugin management console (https://example.com:8080/pluginManager/advanced) to upload the hpi file. You have to restart Jenkins in order to find the plugin in the installed plugins list.\n\n\n## Plugin releases\n\n\tmvn release:prepare release:perform -Dusername=juretta -Dpassword=******\n","funding_links":["https://funding.communitybridge.org/projects/jenkins","https://www.jenkins.io/donate/#why-donate"],"categories":["Java"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjenkinsci%2Fgithub-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjenkinsci%2Fgithub-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjenkinsci%2Fgithub-plugin/lists"}