After you create a new pull request, the maintainer of the Git repository can trigger Frogbot to scan the pull request from the pull request UI.

NOTE: The scan output will include only new vulnerabilities added by the pull request. Vulnerabilities that aren't new, and existed in the code before the pull request was created, will not be included in the report. In order to include all the vulnerabilities in the report, including older ones that weren't added by this PR, use the includeAllVulnerabilities parameter in the frogbot-config.yml file.

The Frogbot GitHub scan workflow is:

1. The developer opens a pull request.

2. The Frogbot workflow automatically gets triggered and a GitHub environment named frogbot becomes pending for the maintainer's approval.

3. The maintainer of the repository reviews the pull request and approves the scan:

4. Frogbot can be triggered again following new commits, by repeating steps 2 and 3.