{"id":14986030,"url":"https://github.com/jfrog/setup-jfrog-cli","last_synced_at":"2025-05-14T22:08:29.530Z","repository":{"id":41871912,"uuid":"210126940","full_name":"jfrog/setup-jfrog-cli","owner":"jfrog","description":"Set up JFrog CLI in your GitHub Actions workflow","archived":false,"fork":false,"pushed_at":"2025-05-05T09:36:32.000Z","size":4914,"stargazers_count":253,"open_issues_count":23,"forks_count":89,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-05-10T02:05:15.787Z","etag":null,"topics":["actions","bintray","jf-artifactory","jfrog","jfrog-artifactory","jfrog-cli","jfrog-xray"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jfrog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-22T10:12:32.000Z","updated_at":"2025-05-05T09:36:36.000Z","dependencies_parsed_at":"2023-02-08T06:01:34.282Z","dependency_job_id":"cdb65e02-9027-4164-a8bc-2aaeb1ecf99d","html_url":"https://github.com/jfrog/setup-jfrog-cli","commit_stats":{"total_commits":167,"total_committers":15,"mean_commits":"11.133333333333333","dds":0.6107784431137724,"last_synced_commit":"f0a84f35b0e0bd21838c5fb3e6788072d6540d13"},"previous_names":[],"tags_count":66,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fsetup-jfrog-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fsetup-jfrog-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fsetup-jfrog-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fsetup-jfrog-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jfrog","download_url":"https://codeload.github.com/jfrog/setup-jfrog-cli/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254235700,"owners_count":22036964,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","bintray","jf-artifactory","jfrog","jfrog-artifactory","jfrog-cli","jfrog-xray"],"created_at":"2024-09-24T14:12:09.946Z","updated_at":"2025-05-14T22:08:24.518Z","avatar_url":"https://github.com/jfrog.png","language":"TypeScript","readme":"[![JFrog CLI](images/readme_image.png)](#readme)\n\n\u003cdiv align=\"center\"\u003e\n\n# Setup JFrog CLI\n\n[![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.svg)](https://github.com/jfrog/frogbot#readme)\n[![Build status](https://github.com/jfrog/setup-jfrog-cli/workflows/Test/badge.svg)](https://github.com/jfrog/setup-jfrog-cli/actions)\n\n\u003c/div\u003e\n\n## Table of Contents\n\n- [Overview](#overview)\n- [Usage](#usage)\n- [Authentication Methods](#Authentication-Methods)\n- [General Configuration](#general-configuration)\n - [Setting Build Name and Number for Build Info Publication](#setting-build-name-and-number-for-build-info-publication)\n - [Setting JFrog CLI Version](#setting-jfrog-cli-version)\n - [Setting the JFrog Project Key](#setting-the-jfrog-project-key)\n - [Downloading JFrog CLI from Artifactory](#downloading-jfrog-cli-from-artifactory)\n - [Custom Server ID and Multi-Configuration](#custom-server-id-and-multi-configuration)\n- [JFrog Job Summary](#jfrog-job-summary)\n- [Code Scanning Alerts](#code-scanning-alerts)\n- [Example Projects](#example-projects)\n- [Contributions](#contributions)\n- [References](#references)\n\n## Overview\n\nThis GitHub Action downloads, installs and configures [JFrog CLI](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli), so that it can be used as part of the workflow.\n\nAdditionally, the Action incorporates the following features when utilizing JFrog CLI to interact with the JFrog Platform:\n\n- **Versatile authentication methods** - Three distinct methods are available for [authenticating](#Authentication-Methods) with the JFrog Platform.\n- **Seamless build info generation** - All build related operations will be automatically recorded, and the collected build info will be published at the end of the workflow. There's no need to add the _build name_ and _build number_ options and arguments to commands which accept them, and no need to run `jf rt build-publish` for the build to be published.\n- **Extensive Job Summary** - A detailed summary of key JFrog CLI commands executed during the workflow will be generated and displayed in the GitHub Actions run page. \n\n## Usage\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n# + Authentication method\n- run: jf --version\n```\n\n## Authentication Methods\n\nJFrog CLI integrates with the JFrog Platform. In order to facilitate this connection, certain connection details of the JFrog Platform must be provided.\nThere are three methods to provide these details, and you only need to choose **one** method:\n\n\u003cdetails\u003e\n \u003csummary\u003e👤 Connecting to JFrog using OIDC (OpenID Connect)\u003c/summary\u003e\n\n### General\n\nThe sensitive connection details, such as the access token used by JFrog CLI on the JFrog platform, can be automatically generated by the action instead of storing it as a secret in GitHub.\nThis is made possible by leveraging the OpenID-Connect (OIDC) protocol.\nThis protocol can authenticate the workflow issuer and supply a valid access token, requiring only the JF_URL environment variable.\nLearn more about this integration in [this](https://jfrog.com/blog/secure-access-development-jfrog-github-oidc) blog post.\nTo utilize the OIDC protocol, follow these steps:\n\n### JFrog Platform configuration\n\n1. **Configure an OIDC Integration**: This phase sets an integration between GitHub Actions to the JFrog platform.\n 1. Navigate to the Administration tab In the JFrog Platform UI\n 2. Click `General` | `Manage Integrations`\n 3. Click `New Integration` | `OpenID Connect`:\n ![New Integration](images/new_oidc_integration.png)\n 4. Configure the OIDC integration:\n ![Configure OIDC integration](images/configure_oidc_integration.png)\n\n| NOTE: |\n|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| The value specified as the 'Provider Name' should be used as the oidc-provider-name input in [Workflow configuration step 2](#workflowstep2) below. |\n| The 'Audience' field does not represent the 'aud' claim for insertion into the identity-mapping in [Platform configuration step 2](#platformstep2) below. Only the claims included in the Claims Json created during step 2 will be validated. |\n\n\u003cdiv id=\"platformstep2\"\u003e\u003c/div\u003e\n\n2. **Configure an identity mapping**: This phase sets an integration between a particular GitHub repository to the JFrog platform.\n\n An identity mapping is a configuration object utilized by the JFrog Platform to associate incoming OIDC claims with particular selected fields. These fields might include `repository`, `actor`, `workflow`, and others.\n To configure the identity mapping, click on the identity mapping created in section 1 and then click on `Add Identity Mapping`. Fill in priority 1 and fill out all required fields:\n ![New OIDC Integration](images/identity_mapping.png)\n\n You have the flexibility to define any valid list of claims required for request authentication. You can check a list of the possible claims [here](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token).\n Example Claims JSON:\n\n ```json\n {\n \"repository\": \"repository-owner/repository-name\"\n }\n ```\n\n\n\n### Workflow configuration\n\n1. **Set required permissions**: In the course of the protocol's execution, it's imperative to acquire a JSON Web Token (JWT) from GitHub's OIDC provider. To request this token, it's essential to configure the specified permission in the workflow file:\n\n ```yml\n permissions:\n id-token: write\n ```\n\n \u003cdiv id=\"workflowstep2\"\u003e\u003c/div\u003e\n\n2. **Pass the 'oidc-provider-name' input to the Action (Required)**: The 'oidc-provider-name' parameter designates the OIDC configuration whose one of its identity mapping should align with the generated JWT claims. This input needs to align with the 'Provider Name' value established within the OIDC configuration in the JFrog Platform.\n3. **Pass the 'oidc-audience' input to the Action (Optional)**: The 'oidc-audience' input defines the intended recipients of an ID token (JWT), ensuring access is restricted to authorized recipients for the JFrog Platform. By default, it contains the URL of the GitHub repository owner. It enforces a condition, allowing only workflows within the designated repository/organization to request an access token. Read more about it [here](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-audience-value).\n\nExample step utilizing OpenID Connect:\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n env:\n JF_URL: ${{ vars.JF_URL }}\n with:\n oidc-provider-name: setup-jfrog-cli\n```\n\n**Notice:** When using OIDC authentication, this action outputs both the OIDC token and the OIDC token username. These can be utilized within the current workflow to log into the JFrog platform through other actions or clients (e.g., for use with `docker login`). The added outputs are `oidc-token` and `oidc-user`, respectively.\n\n### Handling Self-Signed Certificates\n\nIf your JFrog instance is configured with a self-signed SSL certificate, you may encounter errors with the GitHub Actions HTTP client not trusting your certificate. To help Node.js recognize and trust your self-signed certificate, follow these steps:\n\n1. **Prepare the SSL Certificate**: Save your SSL certificate chain, including the root CA and any intermediate certificates, into a `.pem` file. Ensure that this file is accessible within your GitHub Actions environment.\n\n2. **Set the Environment Variable**: In your GitHub Actions workflow, set the `NODE_EXTRA_CA_CERTS` environment variable to specify the location of your `.pem` file. Add the following line to your workflow:\n\n ```yaml\n env:\n NODE_EXTRA_CA_CERTS: /path/to/certificate/server.pem\n ```\nReplace /path/to/certificate/server.pem with the actual path to your certificate file on your runner.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e🔐 Storing the connection details using environment variables\u003c/summary\u003e\n\n### \nThe connection details of the JFrog platform used by this action can be stored as [GitHub secrets](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository) (or [GitHub Variables](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/variables) for non-secret values)\n\nYou can set the connection details to your JFrog Platform by using one of the following combinations:\n\n1. JF_URL (no authentication)\n2. JF_URL + JF_USER + JF_PASSWORD (basic authentication)\n3. JF_URL + JF_ACCESS_TOKEN (authentication using a JFrog Access Token)\n\nYou can use these environment variables in your workflow as follows:\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n env:\n # JFrog Platform url\n JF_URL: ${{ vars.JF_URL }} # or 'https://acme.jfrog.io'\n\n # Basic authentication credentials\n JF_USER: ${{ secrets.JF_USER }}\n JF_PASSWORD: ${{ secrets.JF_PASSWORD }}\n # or\n # JFrog Platform access token\n JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}\n- run: |\n jf rt ping\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e⚙️ Storing the connection details using single Config Token\u003c/summary\u003e\n\n### \n\n1. Make sure JFrog CLI is installed on your local machine by running `jf -v`.\n2. Configure the details of the JFrog platform by running `jf c add`.\n3. Export the details of the JFrog platform you configured, using the server ID you chose. Do this by running `jf c export \u003cSERVER ID\u003e`.\n4. Copy the generated Config Token to the clipboard and save it as a secret on GitHub.\n\nTo use the saved JFrog platform configuration in the workflow, all you need to do it to expose the secret to the workflow.\nThe secret should be exposed as an environment variable with the _JF*ENV*_ prefix.\nHere's how you do this:\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n env:\n JF_ENV_1: ${{ secrets.JF_SECRET_ENV_1 }}\n- run: |\n # Ping the server\n jf rt ping\n```\n\nAs you can see in the example above, we created a secret named _JF_SECRET_ENV_1_ and exposed it to the workflow\nas the _JF_ENV_1_ environment variable. That's it - the ping command will now ping the configured Artifactory server.\n\nIf you have multiple Config Tokens as secrets, you can use all of them in the workflow as follows:\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n env:\n JF_ENV_1: ${{ secrets.JF_SECRET_ENV_1 }}\n JF_ENV_2: ${{ secrets.JF_SECRET_ENV_2 }}\n- run: |\n # Set the utilized JFrog configuration by providing the server ID (configured by the 'jf c add' command).\n jf c use local-1\n # Ping local-1 Artifactory server\n jf rt ping\n # Now use the second sever configuration exposed to the Action.\n jf c use local-2\n # Ping local-2 Artifactory server\n jf rt ping\n```\n\n| Important: When exposing more than one JFrog configuration to the Action, you should always add the `jf c use` command to specify the server to use. |\n|------------------------------------------------------------------------------------------------------------------------------------------------------|\n\n| Important: If both Config Token(`JF_ENV_*`) and separate environment variables(`JF_URL`, ...) are provided, the default config will be the Config Token. To make the above separate environment variables as the default config use `jf c use setup-jfrog-cli-server` |\n|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n\n\u003c/details\u003e\n\n## General Configuration\n\u003cdetails\u003e\n \u003csummary\u003eSetting build name and number for build info publication to Artifactory\u003c/summary\u003e\n\n### Setting Build Name and Number for Build Info Publication\nBuild info collection and publication to Artifactory happens seamlessly when using the action in your workflow.\\\nThe Action automatically sets the following environment variables:\n_JFROG_CLI_BUILD_NAME_ and _JFROG_CLI_BUILD_NUMBER_ with the workflow name and run number respectively.\nYou therefore don't need to specify the build name and build number on any of the build related JFrog CLI commands.\n\nIn the following example, all downloaded files are registered as dependencies of the build and all uploaded files\nare registered as the build artifacts.\n\n```yml\n- run: |\n jf rt download \"my-repo/artifacts/*\" local-dir/\n jf rt upload \"local-dir/*\" new-repo/my-artifacts/\n jf rt build-publish\n```\n\nYou may override the default build name and number by setting the following environment variables in your workflow:\n```yml\nenv:\n JFROG_CLI_BUILD_NAME: \"Custom build name\"\n JFROG_CLI_BUILD_NUMBER: \"123\"\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eSetting JFrog CLI version\u003c/summary\u003e\n\n### Setting JFrog CLI Version\n\nBy default, the JFrog CLI version set in [action.yml](https://github.com/jfrog/setup-jfrog-cli/blob/master/action.yml) is used. To set a specific version, add the _version_ input as follows:\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n with:\n version: X.Y.Z\n```\n\nIt is also possible to set the latest JFrog CLI version by adding the _version_ input as follows:\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n with:\n version: latest\n```\n\n| Important: Only JFrog CLI versions 1.46.4 or above are supported. |\n|-------------------------------------------------------------------|\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eSetting the JFrog project key\u003c/summary\u003e\n\n### Setting the JFrog Project Key\n\n[JFrog Projects](https://jfrog.com/help/r/jfrog-platform-administration-documentation/projects) are a management entity that hosts all your resources related to a specific project,\nsuch as repositories, builds and Release Bundles.\n\nBy default, the JFrog CLI accepts a project flag in some of its commands. \nYou can set the project key in the environment variable ```JF_PROJECT``` to avoid passing it in each command.\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n env:\n JF_PROJECT: \"project-key\"\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eDownloading JFrog CLI from Artifactory\u003c/summary\u003e\n\n### Downloading JFrog CLI from Artifactory\n\nIf your agent has no Internet access, you can configure the workflow to download JFrog CLI from a [remote repository](https://www.jfrog.com/confluence/display/JFROG/Remote+Repositories) in your JFrog Artifactory, which is configured to proxy the official download URL.\n\nHere's how you do this:\n\n1. Create a remote repository in Artifactory. Name the repository jfrog-cli-remote and set its URL to https://releases.jfrog.io/artifactory/jfrog-cli/\n2. Set _download-repository_ input to jfrog-cli-remote:\n\n ```yml\n - uses: jfrog/setup-jfrog-cli@v4\n env:\n # JFrog platform url (for example: https://acme.jfrog.io)\n JF_URL: ${{ vars.JF_URL }}\n JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}\n\n with:\n download-repository: jfrog-cli-remote\n ```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eCustom Server ID and Multi-Configuration\u003c/summary\u003e\n\n### Custom Server ID and Multi-Configuration\n\nThe action configures JFrog CLI with a default server ID, which is unique for each run of a workflow.\n\nYou may override the default server ID by providing a custom server ID:\n\n ```yml\n - uses: jfrog/setup-jfrog-cli@v4\n with:\n custom-server-id: my-server\n ```\n\nYou may also use multiple configurations in the same workflow by providing a custom server ID for each configuration.\n\nAlternating between configurations can be done by providing the `--server-id` option to JFrog CLI commands or by setting a default server using `jf c use \u003cserver-id\u003e`.\n\u003c/details\u003e\n\n## JFrog Job Summary\n\nWorkflows using this GitHub action will output a summary of some of the key commands that were performed using JFrog CLI.\n\nThe summary can be viewed from the GitHub Actions run page and is enabled by default.\n\n### Preconditions\nTo fully leverage from the JFrog Job Summary, one should:\n1. Use JFrog CLI version 2.66.0 or above.\n2. Set `JF_URL` as a [GitHub Variable](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/variables) rather than a [GitHub Secret](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository) (see note below).\n\n\u003e **_NOTE:_** The Job Summary includes direct links to the JFrog Platform UI, for applicable licenses. \nFor the links to function correctly,\n`JF_URL` should be set as a variable rather than a secret.\nThis is to prevent GitHub from masking the URL.\n\n### Default Behavior:\n\nBy default, [build-info](https://jfrog.com/help/r/jfrog-pipelines-documentation/buildinfo) will be collected during the workflow and automatically published to Artifactory when the workflow completes.\n\nThis behavior is disabled if the `jf rt build-publish` command was manually run during the workflow, or if requested explicitly by setting the `disable-auto-build-publish` input to `true`:\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n with:\n disable-auto-build-publish: true\n```\n\nTo disable the JFrog Job Summary altogether, set the `disable-job-summary` input to `true`:\n\n```yml\n- uses: jfrog/setup-jfrog-cli@v4\n with:\n disable-job-summary: true\n```\n\n### Published Sections\n| Section | Command |\n|-------------------------------|----------------------------------------------------------------------------------------------|\n| Curation Audit | \u003cimg src=\"images/icons/maven.svg\" width=\"30\"\u003e `jf mvn install` |\n| | \u003cimg src=\"images/icons/npm.svg\" width=\"30\"\u003e `jf npm install` |\n| | \u003cimg src=\"images/icons/pypi.svg\" width=\"30\"\u003e `jf pip/pipenv/poetry install` |\n| | \u003cimg src=\"images/icons/go.svg\" width=\"30\"\u003e `jf go build` |\n| Build Info | `jf rt build-publish` ([automatically](#default-behavior) or manually) |\n| Build Info: Security | `jf build-scan` |\n| Published Modules: Artifacts | \u003cimg src=\"images/icons/docker.svg\" width=\"30\"\u003e `jf docker push`, `jf rt build-docker-create` |\n| | \u003cimg src=\"images/icons/maven.svg\" width=\"30\"\u003e `jf mvn install` |\n| | \u003cimg src=\"images/icons/npm.svg\" width=\"30\"\u003e `jf npm publish` |\n| | \u003cimg src=\"images/icons/pypi.svg\" width=\"30\"\u003e `jf twine upload` |\n| | \u003cimg src=\"images/icons/go.svg\" width=\"30\"\u003e `jf go publish` |\n| | \u003cimg src=\"images/icons/terraform.svg\" width=\"30\"\u003e `jf terraform publish` |\n| | \u003cimg src=\"images/icons/generic.svg\" width=\"30\"\u003e `jf rt upload` |\n| Published Modules: Security | \u003cimg src=\"images/icons/docker.svg\" width=\"30\"\u003e `jf docker scan` |\n| Code Scanning | `jf docker scan`, `jf scan` |\n\n### JFrog Job Summary Example\n\n![JFrog-Job-Summary](images/job_summary.png)\n\n### Behind the scenes\nThe **setup-jfrog-cli GitHub Action** leverages the **Command Summaries** feature of the JFrog CLI\nto generate a detailed summary of the entire workflow.\n\nThe final summary will include the summary of each CLI command that supports this feature.\nTo read more about the JFrog CLI supported commands, visit the following link:\n[JFrog CLI Command Summaries Documentation](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/cli-command-summaries).\n\n## Code Scanning Alerts\n\n**Note:** To use code scanning alerts, ensure you are using JFrog CLI version `v2.67.0` or above.\n\n\nThe action also supports the display of code scanning alerts in the GitHub Actions UI.\n\nCode scanning alerts are generated following the execution of the `jf docker scan` and `jf scan` commands.\n\nThis feature is available for customers with an Artifactory Enterprise license or above.\n\n### Preconditions\n`JF_GIT_TOKEN` - GitHub token with `security-events: write` permission.\n\nYou can utilize [$\\{{secrets.GITHUB\\_TOKEN\\}}](https://docs.github.com/en/actions/security-guides/automatic-token-authentication) for `JF_GIT_TOKEN`, which is an automatically generated token by GitHub.\n\n```yaml\npermissions:\n id-token: write\n contents: read\n # Required for uploading code scanning.\n security-events: write\n```\n\n``` yaml\n- uses: jfrog/setup-jfrog-cli@v4\n env:\n # The GitHub token is automatically generated for the job\n JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n```\n\n### Code Scanning Alerts Example:\n\n![Code-Scanning-Alerts](images/code-scanning.png)\n\n## Example Projects\n\nTo help you get started, you can use [these](https://github.com/jfrog/project-examples/tree/master/github-action-examples) sample projects on GitHub.\n\n## Contributions\n\nWe welcome pull requests from the community. To help us improve this project, please read our [Contribution](./CONTRIBUTING.md#-guidelines) guide.\n\n## References\n\n- [JFrog CLI Documentation](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli)\n- [Secure Access To Your Software Development with GitHub OpenID Connect (OIDC) and JFrog](https://jfrog.com/blog/secure-access-development-jfrog-github-oidc/)\n- [GitHub Actions Documentation](https://docs.github.com/en/actions)\n- [Security hardening for GitHub Actions](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)\n- [Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)\n","funding_links":[],"categories":["TypeScript","Building"],"sub_categories":["Workflows"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fsetup-jfrog-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjfrog%2Fsetup-jfrog-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fsetup-jfrog-cli/lists"}