Onboard
Introduction
Users
Teams
Introduction
IntroductionPromote an image in Amazon ECRRetrieve an object from Amazon S3Store an object on Amazon S3Copy Docker images with CraneDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryGet artifact detailsRegister a build artifactRegister a deployed environment artifact
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineBuild and publish Docker images with KanikoRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Ansible PlaybookDeploy with Argo WorkflowsDeploy with AWS CodeDeployDeploy a binary with Amazon EC2Deploy to ECSRender an Amazon ECS task definitionDeploy with AWS Elastic BeanstalkDeploy with HerokuDeploy with OctopusDeploy with OpenShiftDeploy with SpinnakerDeploy with Tosca
Publish evidence items
Fetch secrets from CyberArk Conjur
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxCheckovCoverity on PolarisFind Security BugsGitHub Security ScannerGosecGrypeMendNexus IQnjsscanSnykSonarQube bundledSonarQube
IntroductionBlack DuckMendSnyk
IntroductionGitleaksTruffleHog ContainerTruffleHog CodeTruffleHog S3
IntroductionCreate a change requestUpdate or close a change requestGet a change request current stateQuery a change request approval
Publish test results
Multi-workflows dispatch
Introduction
Manage workflows
Introductioncloudbees and other context objectsenvnameonpermissionsjobs.<job_id>.<job_id>.delegates.<job_id>.env.<job_id>.vars.<job_id>.secrets.<job_id>.environment.<job_id>.if.<job_id>.needs.<job_id>.outputs.<job_id>.permissionsjobs.<job_id>.uses.<job_id>.services.<job_id>.services.<service_id>.services.<service_id>.args.services.<service_id>.env.services.<service_id>.imagejobs.<job_id>.steps.<job_id>.steps[*].id.<job_id>.steps[*].env.<job_id>.steps[*].if.<job_id>.steps[*].name.<job_id>.steps[*].run.<job_id>.steps[*].shell.<job_id>.steps[*].uses.<job_id>.steps[*].with.<job_id>.steps[*].with.args.<job_id>.steps[*].with.entrypoint.<job_id>.steps[*].timeout-minutesjobs.<job_id>.timeout-minutes
An example workflow
Reusable workflows
Personal access tokens
Trigger a workflow using an API
IntroductionManual approval
Connect a repositoryCreate a workflowRun a scanPublish an image
Introduction
Get started with feature flags
Create flags in code
Manage multiple SDK keys in your application
Create and manage flags in the UI
Namespaces and labels
Configure feature flags
Feature management custom roles
Flag approval requests and reviews
Audit history
Configuration as code
Flag impressions and activity status
Flag health
Code references
Properties and custom properties
Target groups
Enabling secret mode
IntroductionAndroid / Android TV / Fire TVC/C++ (client-side)C/C++ (server-side)GoJavaJavaScript (browser) / Chromecast / TizenJavaScript SSR.NET/C#Node.jsiOS / tvOSPHPPythonReact NativeRuby
IntroductionClient-side AndroidClient-side C ClientClient-side C++ ClientClient-side JavaClient-side JavaScript (browser)Client-side .NET/C# clientClient-side Objective-CClient-side React NativeClient-side SwiftServer-side CServer-side C++Server-side GoServer-side JavaServer-side .NET/C#Server-side NodeJSServer-side PythonServer-side PHPServer-side RubyBoth client-side and server-side JavaScript SSR
IntroductionAndroid appAngular appDjango appGin appJava Spring Boot app.NET Core appReact appSwift iOS app

SCM integrations

5 minute read

Create a source code management (SCM) integration to connect CloudBees platform Components and Applications to repositories hosted in GitHub, Bitbucket, GitLab, or Gerrit.

Once an SCM integration is configured, CloudBees platform can query repositories and branches, configure webhooks to trigger workflows, and authenticate repository access during workflow execution. This integration also enables security scans on connected source code repositories.

You can integrate with:

  • Cloud-hosted SCMs such as GitHub, Bitbucket Cloud, or GitLab Cloud.

  • Self-managed or on-premises SCMs such as Bitbucket Data Center, GitLab self-managed, or Gerrit.

Each integration type uses its own authentication method:

  • GitHub: GitHub App (managed automatically by CloudBees platform)

  • GitLab and Bitbucket: Personal access token

  • Gerrit: Basic authentication

The following table summarizes the supported SCM providers, their hosting types, and the integration methods used by CloudBees platform.

Table 1. SCM integration types available in the platform
SCM provider Hosting Integration type

Bitbucket

Cloud

Access token

Bitbucket Data Center

Self-hosted

Access token

GitHub

Cloud

GitHub App

GitLab

Cloud or self-managed

Access token

Gerrit

Self-hosted

Basic authentication
Each SCM integration type requires specific repository or application permissions to enable workflow commits and webhook creation. For detailed requirements, refer to SCM permissions for editing workflows and creating webhooks.

Once your source code is connected to CloudBees platform, you can create new components or applications and set up workflows.

For more information, refer to the following documentation:

GitHub

If you have a GitHub repository in the cloud, you can connect it to the platform.

GitHub App installation

The CloudBees platform connects to GitHub through a GitHub App that is registered and managed by CloudBees.

To integrate your GitHub repository:

  1. Select an organization, and then select Configurations  Integrations.

  2. Select Create integration.

  3. Select Source code management.

  4. Select GitHub App.

  5. Enter an integration Name (no spaces are allowed).

  6. (Optional) Enter a Description.

  7. Select Install GitHub App. This action redirects you to GitHub.

  8. Select a GitHub account or GitHub organization to connect.

    You can only set up a single CloudBees platform integration with a given GitHub account or organization. GitHub accounts and organizations are displayed in GitHub as follows:

    • Configure present: At least one repository is already connected to the platform.

    • Configure is not present: Available to connect to the platform.

    The integration name is automatically generated based on the GitHub organization name.

    New features in the CloudBees platform may sometimes require updates to permissions in the GitHub App registered by CloudBees.
    Create environment
    Figure 1. Example GitHub App installation.

  9. Install and authorize All repositories, or Only select repositories, and select from the options.

  10. Select Install & Authorize.

Your GitHub account is now connected to CloudBees platform and appear in Configurations  Integrations.

Core GitHub App permissions

For basic functionality of the CloudBees platform, the following permissions are required in your installed GitHub App.

Table 2. Installed GitHub App core permissions
Read access Write access Key

Actions

Commit statuses

Contents

Metadata

Events

Pull requests

Webhooks
Additional permissions may be required for specific features. Refer to specific feature documentation to check for any additional required permissions for that feature.

GitHub App permission change requests

On occasion, new features in the CloudBees platform may require updates to core permissions in the GitHub App for full functionality. If the CloudBees platform requires a permissions update, all users of the GitHub App:

  • Receive an email notification from GitHub alerting them of the permissions change request.

  • Can access the permissions change request in the Installed GitHub applications listing for the connected GitHub organization.

Permissions update
Figure 2. Example GitHub App permissions update request.

To update GitHub App permissions:

  1. Go to your list of installed GitHub Apps, and select Review request next to CloudBees platform.

  2. Review the Developer note describing why this change is necessary.

  3. Select Accept new permissions.

The CloudBees platform GitHub App permissions have been updated to enable full functionality for the new platform feature described in the Developer note.

If you choose not to accept the new permissions, your existing permissions are retained, and you will not be able to use the new platform feature.

For more information, refer to the GitHub documentation for approving updated permissions for a GitHub App.

Bitbucket

If you have an Atlassian Bitbucket repository in the cloud, you can use an access token to connect it to the platform.

To integrate with Bitbucket:

  1. Select an organization, and then select Configurations  Integrations.

  2. Select Create integration.

  3. Select Source code management.

  4. Select Bitbucket access token.

  5. Enter an integration Name (no spaces are allowed).

  6. (Optional) Enter a Description.

  7. Enter your Token.

    Create repository access token
    Figure 3. An example Bitbucket access token with the appropriate permissions.

    The CloudBees platform requires only the following scopes from Bitbucket:

    • Repositories: Read and write

    • Pull requests: Read and write

    • Webhooks: Read and write

  8. (Optional) Select Test integration to check the connection.

  9. Select Submit.

Your Bitbucket account is now connected to CloudBees platform and appears in Configurations  Integrations.

Bitbucket Data Center

Enterprise teams who require an on-premises repository can use the Atlassian Bitbucket Data Center. You can connect Bitbucket Data Center to the platform using an access token.

To integrate with Bitbucket Data Center:

  1. Select an organization, and then select Configurations  Integrations.

  2. Select Create integration.

  3. Select Source code management.

  4. Select Bitbucket Data Center access token.

  5. Enter an integration Name (no spaces are allowed).

  6. (Optional) Enter a Description.

  7. Enter your Bitbucket Data Center URL.

  8. Enter your Token.

    The CloudBees platform requires the following scopes from Bitbucket:

    • Repository admin permissions

    Refer to the Bitbucket Data Center HTTP access token documentation for more information.

  9. (Optional) Select Test integration to check the connection.

  10. Select Submit.

Your Bitbucket Data Center account is now connected to CloudBees platform and appears in Configurations  Integrations.

Gerrit

Gerrit is an enterprise-level code review and collaboration tool based on Git that allows development teams to approve or reject source code changes in a self-hosted environment.

To integrate with Gerrit:

  1. Select an organization, and then select Configurations  Integrations.

  2. Select Create integration.

  3. Select Source code management.

  4. Select Gerrit Code Review Credentials.

  5. Enter an integration Name (no spaces are allowed).

  6. (Optional) Enter a Description.

  7. Enter your organization Gerrit instance URL in Gerrit Code Review URL.

  8. Enter the Username.

  9. Enter the Password.

Permissions update
Figure 4. Example Gerrit Integration form.

Your Gerrit SCM account is now connected to CloudBees platform and appears in Configurations  Integrations.

GitLab

If you use GitLab to host your repositories, you can connect it to the CloudBees platform using a personal access token. The integration supports both GitLab Cloud (gitlab.com) and self-managed GitLab instances.

After integration, the CloudBees platform can discover your repositories and branches, configure webhooks to trigger workflows, and use the token to access your source code when workflows run.

To integrate with GitLab:

  1. Select an organization, and then select Configurations  Integrations.

  2. Select Create integration.

  3. Select Source code management.

  4. Select GitLab access token.

  5. Enter an integration Name (no spaces are allowed).

  6. (Optional) Enter a Description.

  7. If you use a self-managed GitLab instance, enter the full GitLab URL.

  8. Enter your GitLab personal access token.

  9. (Optional) Select Test integration to verify the connection.

  10. Select Submit.

GitLab personal access token form
Figure 5. An example GitLab personal access token form

The CloudBees platform requires a personal access token with the following minimum scope:

api: Grants complete read/write access to the API, including all groups, projects, and repositories. Project-level access tokens are not supported.

To create a personal access token in GitLab:

  1. In GitLab, navigate to User Settings  Access tokens.

  2. Enter a Token name and (optional) Description.

  3. Set an Expiration date.

  4. Select the api scope.

  5. Select Create personal access token.

Your GitLab account is now connected to CloudBees platform and appears in Configurations  Integrations.

You can now create components or applications and link them to your GitLab repositories.

For more information about creating components or applications, refer to Create components and Create application.

Registry mirror
SCM permissions