Try JFrog
Guides
Contact SupportTry JFrog
  1. Integrations
  2. JFrog Integration with GitHub

GitHub Actions: Frogbot installation using GitHub App

You can perform Source code security scanning with JFrog Frogbot for SCA, CVE Contextual analysis, SAST, Secrets, and IaC scanning. Using JFrog App for GitHub, you can simplify the deployment of JFrog Frogbot across multiple GitHub repositories, enabling consistent security scanning at scale.


How to configure

This procedure guides you through integrating JFrog Frogbot with your GitHub repositories by creating GitHub Actions workflow files using the JFrog GitHub App. By completing this integration, Frogbot will be configured to continuously monitor your selected repositories, decorating PRs for newly added security issues and creating fix pull requests for vulnerable dependencies during full repository scans.

📘

Requirements:

  • JFrog GitHub App is installed
  • Xray version 3.128.3 and above
  • GitHub Organization. Personal repositories under individual user accounts are not supported

  1. Navigate to Administration > Xray Settings > Indexed Resources, and open the Git Repositories tab.
  2. Select Add Git Repositories and choose Automatic Integration Use the JFrog GitHub App to automatically configure Frogbot with GitHub Actions.
  3. Under the Select GitHub Repositories tab, choose the repositories you want Frogbot to integrate with and scan. JFrog will handle the setup of the GitHub action workflow automatically, including:
    • Opening a pull request in each selected repository with the Frogbot workflow YAML file.
    • Adding the required secrets needed for Frogbot execution.
  4. (Optional): Choose whether to Automatically merge the Frogbot YAML file into your repositories:
    • If enabled, the workflow file will be merged automatically once the pull request is created.
    • If disabled, you will need to manually review and approve each pull request before Frogbot becomes active in the repository.
  5. To begin the integration process, select Integrate Frogbot.
  6. The View Pull Requests tab opens. Here, you can:
    • See whether each pull request was successfully merged or failed.
    • Select any item in the table to open the corresponding commit page on GitHub.

Updated 2 months ago