The Git repository configuration reflects the actual hierarchy in your Source Control Management (SCM) system. It supports inheriting settings for future repositories and folders. When both repositories and folders coexist in the hierarchy, the JFrog Platform represents them using a virtual folder. In this view, all repositories that exist alongside folders at the same level are grouped under “/”. You can configure scanners to scan either SCM and downstream automatically or target custom repositories and folders directly.
Before You Begin
An initial Frogbot scan must be executed.
Configuration settings defined in the Frogbot YAML file and environment variables take precedence over any settings applied through the platform.
Configuring Git Repositories
- Navigate to Administration > Xray Settings > Indexed Resources, and select the Git Repositories tab.
- Select one or more Git Repositories and folders.
- From the actions menu, select Configure.
The Scan Configurations pop-up window opens. - Select one or more types of scans you wish to run on the selected Git Repositories:
SCA
Advanced Security:
- Vulnerabilities Contextual Analysis
- IaC
- Secrets
- SAST
(Optional: Exclude Path, using the following format:
**/*(venv,...,.venv)*)(Optional for SAST only: Exclude Rule)
- Click Apply.
The Folder table opens and displays the:
- Folder names within the Git repository
- Number of folders within each folder
- Last time the folder was scanned
- Configuration source, which may be the Git repository configuration (Inherited) or the folder itself (custom).