Using GitHub Actions pipeline, you can scan published builds for SCA issues, such as vulnerable dependencies, malicious packages, and license violations. Scan summaries are shown in the Job Summary, with detailed results in both the GitHub Action logs and the JFrog platform's Builds section.
To learn more, refer to Scan Published Builds and Understand Xray Scan Results.
Example Usage
steps: - name: Scan Published Build with Xray run: | jfrog xr scan --build="my-build-name" --build-number="18"