diff --git a/README.md b/README.md index 29e7152d3..cb0a56eef 100644 --- a/README.md +++ b/README.md @@ -50,8 +50,8 @@ There exist two methods to provide these details, and you only need to choose ** ### General You can choose one of the following two methods to set the connection details to the JFrog Platform as secrets: -* [Storing the connection details using separate environment variables](#storing-the-connection-details-using-separate-environment-variables) -* [Storing the connection details using single Config Token](#storing-the-connection-details-using-single-config-token) +- [Storing the connection details using separate environment variables](#storing-the-connection-details-using-separate-environment-variables) +- [Storing the connection details using single Config Token](#storing-the-connection-details-using-single-config-token) ### Storing the connection details using separate environment variables @@ -135,8 +135,9 @@ If you have multiple Config Tokens as secrets, you can use all of them in the wo Connecting to JFrog using OIDC (OpenID Connect) ### General + The sensitive connection details, such as the access token used by JFrog CLI on the JFrog platform, can be automatically generated by the action instead of storing it as a secret in GitHub. -This is made possible by leveraging the OpenID-Connect (OIDC) protocol. This protocol can authenticate the workflow issuer and supply a valid access token, requiring only the JF_URL environment variable. +This is made possible by leveraging the OpenID-Connect (OIDC) protocol. This protocol can authenticate the workflow issuer and supply a valid access token, requiring only the JF_URL environment variable. Learn more about this integration in [this](https://jfrog.com/blog/secure-access-development-jfrog-github-oidc) blog post. To utilize the OIDC protocol, follow these steps: ### JFrog Platform configuration @@ -294,6 +295,7 @@ We welcome pull requests from the community. To help us improve this project, pl ## References - [JFrog CLI Documentation](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli) +- [Secure Access To Your Software Development with GitHub OpenID Connect (OIDC) and JFrog](https://jfrog.com/blog/secure-access-development-jfrog-github-oidc/) - [GitHub Actions Documentation](https://docs.github.com/en/actions) - [Security hardening for GitHub Actions](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions) - [Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)