GitHub PR Scans and Advanced Security

JFrog and GitHub Integration Guide

ft:sourceType
Paligo

Adding Frogbot to your GitHub repository enables pull request checks based on Frogbot code scanning, preventing unauthorized or risky code changes from being merged.

Example Usage

Here is an example snippet of GitHub Action workflow for PR scan using Frogbot.

name: "Frogbot Scan Pull Request"
on:
  pull_request_target:
    types: [ opened, synchronize ]
permissions:
  pull-requests: write
  contents: read
  id-token: write
jobs:
  scan-pull-request:
    runs-on: ubuntu-latest
    # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
    # "frogbot" GitHub environment can approve the pull request to be scanned.
    # Read more here (Install Frogbot Using GitHub Actions): https://github.com/jfrog/frogbot/blob/master/docs/install-github.md
    environment: frogbot
    steps:
      - uses: actions/checkout@v2
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      #  IMPORTANT:
      #  1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix
      #  2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md

      - uses: jfrog/frogbot@v2
        with:
          oidc-provider-name: jfrog-github-oidc
        env:
          JFROG_CLI_LOG_LEVEL: DEBUG
          # JFrog platform URL
          JF_URL: https://${{ vars.JF_URL }}/
          JF_PROJECT: ${{ vars.JF_PROJECT }}
          # The GitHub token automatically generated for the job
          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}

To learn more, refer to the following: