Scan Builds

JFrog and GitHub Integration Guide

ft:sourceType
Paligo

Using GitHub Actions pipeline, you can scan published builds for SCA issues, such as vulnerable dependencies, malicious packages, and license violations. Scan summaries are shown in the Job Summary, with detailed results in both the GitHub Action logs and the JFrog platform's Builds section.Inspect Builds

To learn more, refer to Scan Published Builds and Understand Xray Scan Results.Understand Xray Scan Results

Example Usage

    steps:
     - name: Scan Published Build with Xray
        run: |
          jfrog xr scan --build="my-build-name" --build-number="18"