Jenkins Integration
Report pipeline runs and attestations from Jenkins using the MergeWhy Shared Library.
The MergeWhy Jenkins Shared Library lets you report pipeline runs and attestations from Jenkins pipelines in minutes — no Java required. Evidence is automatically linked to your pull requests and counted toward your compliance score.
60-Second Setup
1. Add library to Jenkins
Go to Jenkins → Manage Jenkins → Configure System → Global Pipeline Libraries and add:
Name: mergewhy
Default version: main
Source: Git → https://github.com/mergewhy/jenkins-shared-library2. Store API key as credential
Go to Jenkins → Credentials → System → Global credentials → Add credential:
Kind: Secret text
ID: mergewhy-api-key
Secret: <your MergeWhy API key>Get your API key at: MergeWhy → Settings → Developer → API Keys → Create Key
3. Update your Jenkinsfile
@Library('mergewhy') _
pipeline {
agent any
environment {
MERGEWHY_API_URL = 'https://app.mergewhy.com'
}
stages {
stage('Test') {
steps {
sh 'npm test'
}
post {
always {
mergewhy.reportAttestation(
name: 'unit-tests',
type: 'test_results',
status: currentBuild.result == 'FAILURE' ? 'FAILED' : 'PASSED',
)
}
}
}
}
post {
always {
mergewhy.reportRun() // always last
}
}
}Available Methods
mergewhy.reportRun(config?)
Reports the completed pipeline run. Call in post { always { } }. Auto-detects repository, branch, commit SHA, and PR number from Jenkins environment variables.
mergewhy.reportAttestation(config)
Reports a test result, security scan, or other attestation. Supported types: test_results, security_scan, sbom, code_coverage, lint_results.
Note
MERGEWHY_API_URL to your self-hosted MergeWhy instance URL. The library uses only curl — no outbound network access beyond your configured URL.