Frogbot performs both full repository scans and pull request (PR) scans to detect security issues. Results from full scans are posted directly to the GitHub Security dashboard, allowing developers to stay within their native GitHub workflow.
Before You Begin
It is essential that you enable GitHub code scanning for the repositories you wish to scan.
Procedure
- In GitHub, go to the repository scanned by Frogbot and click the Security tab.
- In the left pane, select Code scanning alerts.
- (Optional) Use the Tool filter to narrow down results.
The Frogbot tools to filter with are:
- JFrog SAST
- JFrog Secrets scanner
- JFrog Terraform scanner
- JFrog Xray scanner
- Click an issue to view its details.