Try JFrog
Guides
Contact SupportTry JFrog
  1. Integrations
  2. JFrog Integration with GitHub

GitHub Copilot: Secure Coding and Agentic Remediation


πŸ“˜

Note: Available for EnterpriseX and Enterprise+ with Unified Security package

Value

Enhances GitHub Copilot within the VSC IDE plugin with JFrog security and catalog intelligence to enable secure coding and automated remediation suggestions.

Helps developers select approved packages and resolve vulnerabilities faster using AI-assisted workflows.

How it Works

  • GitHub Copilot is enhanced with JFrog Remote MCP to utilize JFrog Catalog, Curation, and JFrog Research security data.

Use case 1: Autofix JFrog Advanced Security findings within JFrog VSC IDE Plugin:

  • Install the JFrog IDE Plugin in VSC.
  • Scan your project using the IDE plugin and see JAS findings (like SAST issues and applicable CVEs)
  • Right-click on the findings and click on "Ask Copilot to Fix"

Use case 2: Utilize JFrog MCP for assisting Copilot to choose compliant packages:

  • Configure JFrog remote MCP
  • Add to copilot instructions a requirement to use JFrog Curation tool to validate OSS packages before using them.

Use case 3: Interact with SAST findings using JFrog Local SAST MCP:

  • Run JFrog local SAST mcp as described here.

Additional Information

Requirements:

  • GitHub Copilot
  • JFrog MCP Server configured

Updated about 2 months ago