Security Scans

JFrog and GitHub Integration Guide

ft:sourceType
Paligo

JFrog Frogbot scans your repositories for vulnerabilities, exposed secrets, and malware in dependencies. When it detects issues, it alerts you and can automatically create pull requests with suggested fixes to streamline remediation. This helps prevent unauthorized or risky code changes from being merged.

Additionally, Frogbot provides detailed reports and dashboards to assist with compliance and offer insights into your projects' security posture.

  • Results are displayed on the GitHub Advanced Security Dashboard and in JFrog Xray's Scan List section (SaaS only) for branch commits. To learn more, refer to View Xray Scan Results.

  • Pull request scans provide findings as comments within the pull request. Detected issues cover SCA (Software Composition Analysis) concerns like vulnerable dependencies, malicious packages, and licensing violations. To learn more, refer to Software Composition Analysis.Software Composition Analysis

  • JFrog Advanced Security issues include the following checks:

    To learn more, refer to JFrog Advanced SecurityJFrog Advanced Security