Try JFrog
Guides
Contact SupportTry JFrog
  1. source-code
  2. Frogbot V3
  3. How To Consume Results

JFrog Platform

All Frogbot scan results are uploaded to the JFrog Platform and are available under Xray Scans List. This provides a centralized view of security findings across all your Git repositories.

Viewing Results

  1. Navigate to Application > Xray > Scans List.
  2. Select the Git Repositories tab.
  3. Select a repository to view its scan history.

The results are organized into two sub-tabs:

  • Commits
  • Pull Requests

Displays results from commit scans (repository scans).
Each entry shows:

  • The scanned commit and branch
  • Vulnerability counts by severity: Critical, High, Medium, Low
  • Exposure findings: Secrets, IaC, SAST
  • Scan timestamp

Click on a specific commit to see the full scan details, including:

  • Security Issues — individual CVEs with severity, CVSS scores, affected components, and fix versions
  • SBOM — component inventory with license information
  • Policy Violations — violations triggered by Xray Watches and Policies

Scan Summary Dashboard

The scan summary provides:

  • Total vulnerabilities by severity: Critical, High, Medium, Low
  • Policy violations by type: Security, License, Operational
  • SBOM details: package types, licenses
  • Validated Runtime Risks (when JFrog Runtime is installed): Detected CVEs, Critical & Applicable CVEs, Malicious Packages, Integrity Violations

Applying Policies with Watches

To enforce security policies on Frogbot scan results:

  1. Create a Security Policy in Xray > Watches & Policies with the desired rules
    (e.g., block on Critical vulnerabilities, fail on malicious packages).
  2. Create a Watch that targets your Git repositories.

Centralized Configuration from the Platform

Configuration changes apply to subsequent Frogbot scans automatically.

  1. Go to Administration > Xray Settings > Indexed Resources > Git Repositories.
    The table shows all connected git servers, folders, and repositories with their configuration status (Default, Custom, or Inherited).
  2. Click on any entry to open the Frogbot Configuration drawer with three tabs:
    • Scans Configuration — enable/disable scanners, set exclusion paths
    • Auto-Fix — enable auto-fix PRs, group fixes, customize templates
    • PR Decorations — show all findings, skip empty comments

Updated 30 days ago