Open Source · MIT License · Now on Jenkins Update Center

AI-powered pipeline intelligence for Jenkins

8 specialized analyzers for code review, vulnerability scanning, architecture drift detection, and release readiness — directly in your CI/CD pipeline.

View on GitHub Quick Start Guide
Jenkinsfile
// one step — eight dimensions of intelligence
def report = forgeAI(
  analyzers: ['code-review', 'vulnerability', 'architecture-drift'],
  sourceGlob: 'src/**/*.java',
  failOnCritical: true
)
// → compositeScore: 7.8/10 | verdict: SHIP_IT
Analyzers
Eight dimensions of code intelligence
Each analyzer uses a purpose-built, expert-level system prompt — not a generic wrapper. They understand your architecture, your tests, your dependencies.
</>

AI Code Review

Evaluates correctness, performance, SOLID principles, DRY violations, error handling, naming, and anti-patterns — with line-level suggestions and a 1–10 quality score.

code-review

Vulnerability Analysis

Detects OWASP Top 10, hardcoded secrets, SQL/command injection, unsafe deserialization, and SSRF — with CWE ID mapping and specific remediation steps per finding.

vulnerability

Architecture Drift

Detects layer violations, circular deps, coupling drift, and API boundary erosion across hexagonal, layered, CQRS, event-driven, and microservice patterns.

architecture-drift

Test Gap Analysis

Finds untested code paths, missing unit/integration/contract tests, race conditions, and boundary gaps — suggests concrete test cases with pseudo-code.

test-gaps

Dependency Risk

Flags GPL/license conflicts, unmaintained packages, unpinned versions, and transitive depth risk — scored 1–10 with supply-chain risk ranking.

dependency-risk

Commit Intelligence

Scores commit hygiene and Conventional Commits compliance, detects breaking changes, generates changelog entries, and recommends patch/minor/major semver bumps.

commit-intel

Pipeline Advisor

Analyzes your Jenkinsfile directly — finds parallelization wins, missing caches, secret handling issues, failure resilience gaps, and estimates the % build-time reduction achievable.

pipeline-advisor

Release Readiness

Synthesizes all analyzers with weighted scoring (security 3×, architecture 2×) into a final verdict — SHIP IT, CAUTION, HOLD, or BLOCK — plus a technical debt estimate in hours.

release-readiness
LLM Providers
Use any model. Cloud or local. Your choice.
ForgeAI is provider-agnostic. Plug in OpenAI, Anthropic Claude, or run fully air-gapped with Ollama — no data ever leaves your network.
OpenAI
GPT-4o / GPT-4o-mini
Anthropic
claude-opus-4-7 / claude-sonnet-4-6
Ollama
DeepSeek / CodeLlama
Groq
Llama 3.3 / GPT-OSS
LM Studio
Any GGUF model
Custom
Any OpenAI-compatible
Why ForgeAI
Not another ChatGPT wrapper
Purpose-built for CI/CD pipelines with capabilities no other plugin offers.
Capability ForgeAI Typical AI plugins
Architecture drift detection✓ Pattern-aware✕ Code-level only
Composite release scoring✓ Weighted (security 3×, arch 2×)✕ Single-dimension
Pipeline self-optimization✓ Analyzes Jenkinsfile itself✕ Not available
Air-gapped local LLM✓ Ollama, LM Studio, vLLM✕ Cloud-only
Multi-provider support✓ OpenAI + Claude + Ollama + Groq✕ Single vendor lock-in
Quality gate verdicts✓ SHIP_IT / CAUTION / HOLD / BLOCK✕ Pass/fail only
Supply-chain risk analysis✓ License + maintenance + depth✕ CVE-only
Auto changelog + semver✓ From commit intelligence✕ Not available
Admin GUI with test button✓ Full Jenkins config UI✕ Config-as-code only
Usage
Two steps. Infinite flexibility.
Full Suite — Jenkinsfile
def report = forgeAI(
  analyzers: [
    'code-review', 'vulnerability',
    'architecture-drift', 'test-gaps',
    'dependency-risk', 'release-readiness'
  ],
  sourceGlob: 'src/**/*.java',
  contextInfo: 'Spring Boot, hexagonal arch',
  failOnCritical: true,
  criticalThreshold: 4
)
echo "Score: ${report.compositeScore}/10"
echo "Security: ${report['vulnerability-Score']}"
Targeted Scan — Single Analyzer
def sec = forgeAIScan(
  'vulnerability',
  source: readFile('src/App.java'),
  context: 'Java 17 REST API, PII data'
)
// returns: score, severity, summary,
// findingsCount, criticalCount, highCount
if (sec.criticalCount > 0) {
  error("${sec.criticalCount} critical vulns")
}
echo "Score: ${sec.score}/10 — ${sec.severity}"
Reporting
A report worth reading
Every build generates a self-contained HTML report with composite scoring, per-analyzer breakdowns, and actionable fixes.
Composite score
7.8/10
Verdict
SHIP IT
Total findings
12
Critical / High
1 / 3
Analyzers Run
6
Code Review8/10
Vulnerability6/10
Architecture Drift9/10
Test Gaps7/10
Dependency Risk8/10
Release Readiness8/10
Quick start
Up and running in 5 minutes
1

Install the plugin

Search for ForgeAI Pipeline Intelligence in Manage Jenkins → Plugins → Available, or download the .hpi from the plugin site.

plugins.jenkins.io/forgeai-pipeline-intelligence
2

Configure your LLM

Go to Manage Jenkins → System → ForgeAI. Pick your provider, enter your API key credential, and hit Test Connection.

OpenAI → gpt-4o
Claude → claude-opus-4-7
Ollama → codellama:13b
3

Add to your pipeline

One step in your Jenkinsfile. Eight dimensions of intelligence. A report on every build.

forgeAI analyzers: ['code-review',
'vulnerability', 'architecture-drift']
Origin story
Built with Claude by Anthropic
This plugin was designed, architected, and coded in collaboration with Claude — Anthropic's AI assistant. From the LLM provider abstraction to the prompt engineering for each analyzer, the entire codebase was pair-programmed with AI. A testament to what's possible when human architectural vision meets AI execution capability.
Pair-programmed with
Claude · Anthropic
Start forging smarter pipelines today

Open source. MIT License. Free forever.

Star on GitHub Install from Update Center