Adding Frogbot to your GitHub repository enables pull request checks based on Frogbot code scanning, preventing unauthorized or risky code changes from being merged.
Example Usage
Here is an example snippet of GitHub Action workflow for PR scan using Frogbot.
name: "Frogbot Scan Pull Request"
on:
pull_request_target:
types: [ opened, synchronize ]
permissions:
pull-requests: write
contents: read
id-token: write
jobs:
scan-pull-request:
runs-on: ubuntu-latest
# A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
# "frogbot" GitHub environment can approve the pull request to be scanned.
# Read more here (Install Frogbot Using GitHub Actions): https://github.com/jfrog/frogbot/blob/master/docs/install-github.md
environment: frogbot
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
# IMPORTANT:
# 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix
# 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md
- uses: jfrog/frogbot@v2
with:
oidc-provider-name: jfrog-github-oidc
env:
JFROG_CLI_LOG_LEVEL: DEBUG
# JFrog platform URL
JF_URL: https://${{ vars.JF_URL }}/
JF_PROJECT: ${{ vars.JF_PROJECT }}
# The GitHub token automatically generated for the job
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
To learn more, refer to the following: