Scan Repositories

Automatic pull requests creation

Frogbot scans your Git repositories periodically and automatically creates pull requests for upgrading vulnerable dependencies to a version with a fix.
NOTE: The pull request fix is presently unavailable for older NuGet projects that use the package.config file instead of the PackageReference syntax.

Adding Security Alerts

For GitHub repositories, issues that are found during Frogbot's periodic scans are also added to the Security Alerts view in the UI.
The following alert types are supported:
1. CVEs on vulnerable dependencies
2. Secrets that are exposed in the code
3. Infrastructure as Code (Iac) issues on Terraform packages
4. Static Application Security Testing (Sast) vulnerabilities
5. Validate Allowed Licenses
When Frogbot scans the repository periodically, it checks the licenses of any project dependencies. If Frogbot identifies licenses that are not listed in a predefined set of approved licenses, it adds an alert. The list of allowed licenses is set up as a variable within the Frogbot workflow.
© 2023 JFrog Ltd All Rights Reserved