Skip to content

OIDC auth not working with frogbot repo scan #901

New issue
New issue
Open
Open
OIDC auth not working with frogbot repo scan#901
Labels
bugSomething isn't working
@KingBain

Description

@KingBain
KingBain
opened on Aug 13, 2025

Describe the bug

When OIDC Identity mappings are created at the project level, frogbot fails to autheticate in a github action.

An example can be seen here: https://github.com/KingBain/jfrog-testing/actions/runs/16940279730/job/48007242502

My project level identity mapping:

Image

The error message I receive

Error: 9 [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis:
server response: 403 Forbidde

Current behavior

Run jfrog/[email protected]
  with:
    oidc-provider-name: github-oidc
    version: latest
  env:
    JFROG_CLI_ENV_EXCLUDE: *password*;*secret*;*key*;*token*;*auth*;JF_ARTIFACTORY_*;JF_ENV_*;JF_URL;JF_USER;JF_PASSWORD;JF_ACCESS_TOKEN
    JFROG_CLI_OFFER_CONFIG: false
    JFROG_CLI_SOURCECODE_REPOSITORY: KingBain/jfrog-testing
    JFROG_CLI_CI_JOB_ID: Jfrog Frogbot OIDC Test
    JFROG_CLI_CI_RUN_ID: 16940279730
    JFROG_CLI_GITHUB_TOKEN: 
    JFROG_CLI_BUILD_NAME: Jfrog Frogbot OIDC Test
    JFROG_CLI_BUILD_NUMBER: 5
    JFROG_CLI_BUILD_URL: https://github.com/KingBain/jfrog-testing/actions/runs/16940279730
    JFROG_CLI_USER_AGENT: setup-jfrog-cli-github-action/4.5.13
    JFROG_CLI_BUILD_PROJECT: ssc-fsdh
    JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: /home/runner/work/_temp
    JFROG_CLI_USAGE_GH_TOKEN_FOR_CODE_SCANNING_ALERTS_PROVIDED: 
    SETUP_JFROG_CLI_SERVER_IDS: setup-jfrog-cli-server
    JF_URL: https://artifacts-artefacts.devops.cloud-nuage.canada.ca/
    JF_GIT_TOKEN: ***
    JF_GIT_BASE_BRANCH: main
Frogbot
  /opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot scan-repository
  14:28:37 [Info] Frogbot version: 2.27.2
  14:28:38 [Info] Running Frogbot "scan-repository" command
  14:28:38 [Info] Getting resources (git repository: github.com/KingBain/jfrog-testing.git) active watches...
  14:28:38 [Warn] Failed to get active defined watches: server response: 403 Forbidden
  Error: 9 [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis:
  server response: 403 Forbidden
  Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot' failed with exit code 1

Reproduction steps

No response

Expected behavior

No response

JFrog Frogbot version

v2.27.2

Package manager info

NA

Git provider

GitHub

JFrog Frogbot configuration yaml file

No response

Operating system type and version

NA

JFrog Xray version

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions