Blog Home

Secure your git repository with Frogbot the git bot

Frogbot - New automatic pull request vulnerability scanning in Git

Eyal Ben Moshe

By Eyal Ben Moshe

3 min read

Introducing Frogbot the git bot

Introducing the newest member of the JFrog ecosystem team – Frogbot. This new git bot tool works for you by protecting your git projects, as they are being developed, from security vulnerabilities.

Register for my talk “Bots to Protect your Source Code”

How does Frogbot work?

The concept is simple. Frogbot scans every pull request created for security vulnerabilities with JFrog Xray. With Frogbot installed, you can make sure that new pull requests don’t add new security vulnerabilities to your code base alongside them. If they do, the creator of the pull request has the opportunity to change the code before it is merged.

JFrog Frogbot scan successful

How does Frogbot report its findings?

Frogbot reports its findings directly in the git UI. It simply adds a comment with its findings. You can think of Frogbot as your new team member, keeping your code safe.

Read more about Frogbot >

JFrog Frogbot scan with issues

What’s supported?

GitHub, GitLab and Bitbucket Server are supported. Projects that use one of the following tools to download their dependencies are currently supported:

  • Npm
  • Maven
  • Gradle
  • Go
  • Pip
  • Pipenv
  • Nuget
  • Dotnet

Frogbot is available for FREE

All you need to set up Frogbot is a JFrog environment.

Get started with a developer friendly setup >

More developer tools

We’re excited to make Frogbot and the following open source tools available for developers to use and get started with:

  • JFrog CLI – A compact and smart client that provides a simple interface that automates access to JFrog products
  • JFrog IDE integrations – Developer plugins and extensions, including VS Code, IntelliJ IDE, Eclipse and more, enabling developers to discover and remediate security vulnerabilities early on in the development stage.
  • JFrog Build Integrations – Developer plugins and extensions, including JenkinsCI, TeamCity, Bamboo and more, enabling developers through integration to CI systems.

As always, we’re happy to help! and welcome pull requests from the community to improve these tools. Frogbot is open source, your contribution is always welcome.

Get started today and give these tools a try!

Popular Tags

Try the JFrog Platform

In the cloud or self-hosted

Start Free

or Book a Demo