For GitHub repositories, issues that are found during Frogbot's periodic scans are also added to the Security Alerts view in the UI.

The following alert types are supported:

1. CVEs on vulnerable dependencies

2. Secrets that are exposed in the code

3. Infrastructure as Code (Iac) issues on Terraform packages

4. Static Application Security Testing (Sast) vulnerabilities

5. Validate Allowed Licenses

When Frogbot scans the repository periodically, it checks the licenses of any project dependencies. If Frogbot identifies licenses that are not listed in a predefined set of approved licenses, it adds an alert. The list of allowed licenses is set up as a variable within the Frogbot workflow.