View Security Alerts on GitHub
Last updated
Last updated
© 2024 JFrog Ltd All Rights Reserved
For GitHub repositories, issues that are found during Frogbot's repository scans are also added to the Security Alerts view in the UI.
This feature requires:
JFrog Enterprise X or Enterprise+ license with the Advanced Security Add-on.
GitHub code scanning available.
The following alert types are supported:
1. CVEs on vulnerable dependencies
2. Secrets that are exposed in the code
3. Infrastructure as Code (Iac) issues on Terraform packages
4. Static Application Security Testing (Sast) vulnerabilities
5. Validate Allowed Licenses
When Frogbot scans the repository periodically, it checks the licenses of any project dependencies. If Frogbot identifies licenses that are not listed in a predefined set of approved licenses, it adds an alert. The list of allowed licenses is set up as a variable within the Frogbot workflow.