Introducing the newest member of the JFrog ecosystem team – Frogbot. This new git bot tool works for you by protecting your git projects, as they are being developed, from security vulnerabilities.
How does Frogbot work?
The concept is simple. Frogbot scans every pull request created for security vulnerabilities with JFrog Xray. With Frogbot installed, you can make sure that new pull requests don’t add new security vulnerabilities to your code base alongside them. If they do, the creator of the pull request has the opportunity to change the code before it is merged.
How does Frogbot report its findings?
Frogbot reports its findings directly in the git UI. It simply adds a comment with its findings. You can think of Frogbot as your new team member, keeping your code safe.
GitHub and GitLab are supported. Bitbucket will be supported soon. Projects that use one of the following tools to download their dependencies are currently supported:
Frogbot is available for FREE
All you need to set up Frogbot is a JFrog environment.
More developer tools
We’re excited to make Frogbot and the following open source tools available for developers to use and get started with:
- JFrog CLI – A compact and smart client that provides a simple interface that automates access to JFrog products
- JFrog IDE integrations – Developer plugins and extensions, including VS Code, IntelliJ IDE, Eclipse and more, enabling developers to discover and remediate security vulnerabilities early on in the development stage.
- JFrog Build Integrations – Developer plugins and extensions, including JenkinsCI, TeamCity, Bamboo and more, enabling developers through integration to CI systems.
As always, we’re happy to help! and welcome pull requests from the community to improve these tools. Frogbot is open source, your contribution is always welcome.
Get started today and give these tools a try!