Frogbot scans your repository periodically or on-demand for exposed secrets, malware, and vulnerabilities, alerting you through GitHub security advisories. Upon detecting vulnerabilities, Frogbot alerts you and can initiate pull requests with suggested fixes, simplifying remediation and preventing unauthorized or risky code merges.
Additionally, Frogbot offers detailed reports and dashboards to aid compliance and provide insights into your project's security posture.
Refer to Setup Frogbot Using GitHub Actions instructions on configuring Frogbot in GitHub.
- uses: jfrog/frogbot@v2 with: oidc-provider-name: jfrog-github-oidc env: JF_URL: https://${{ vars.JF_URL }}/ JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} JF_PROJECT: ${{ vars.JF_PROJECT }}
Refer to Frogbot Scan workflow for an example workflow.