Adding Frogbot to your GitHub repository enables pull request checks based on Frogbot code scanning, preventing unauthorized or risky code changes from being merged.
Example Usage
Here is an example snippet of GitHub Action workflow for PR scan using Frogbot.
name: "Frogbot Scan Pull Request" on: pull_request_target: types: [ opened, synchronize ] permissions: pull-requests: write contents: read id-token: write jobs: scan-pull-request: runs-on: ubuntu-latest # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the # "frogbot" GitHub environment can approve the pull request to be scanned. # Read more here (Install Frogbot Using GitHub Actions): https://github.com/jfrog/frogbot/blob/master/docs/install-github.md environment: frogbot steps: - uses: actions/checkout@v2 with: ref: ${{ github.event.pull_request.head.sha }} # IMPORTANT: # 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix # 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md - uses: jfrog/frogbot@v2 with: oidc-provider-name: jfrog-github-oidc env: JFROG_CLI_LOG_LEVEL: DEBUG # JFrog platform URL JF_URL: https://${{ vars.JF_URL }}/ JF_PROJECT: ${{ vars.JF_PROJECT }} # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
To learn more, refer to the following: