Who can use this feature?
JFrog Binary Security Insights in GitHub Advanced Security is available to Enterprise/Enterprise+ customers with JFrog Advanced Security only. For a complete feature comparison by subscription type, refer to the JFrog and GitHub Integration Features Matrix.
Developers can view detected secrets in Docker image scans directly in the GitHub Advanced Security dashboard under the Code Scanning section. This integration, JFrog's secrets scanner with GitHub Actions, provides additional visibility into binary scanning results before uploading binaries to Artifactory.
What does it do?
Automatic Reporting: Sends results from Docker image scans to the GitHub Advanced Security dashboard within the Code Scanning section.
Enhanced Visibility: Shows detected secrets alongside code vulnerabilities for a comprehensive security overview.
Why is it important?
CISO: Provides integrated visibility into both code and binary vulnerabilities, allowing for more effective security management.