Go back to the main documentation page
- Go to your repository's settings tab and save the JFrog connection details as repository secrets with the following names:
- JF_URL (JFrog Platform URL - Example:
https://acme.jfrog.io) - JF_ACCESS_TOKEN (JFrog access token)
- JF_URL (JFrog Platform URL - Example:
You can also use JF_XRAY_URL and JF_ARTIFACTORY_URL instead of JF_URL, and JF_USER + JF_PASSWORD instead of JF_ACCESS_TOKEN
- Under Actions > General, check the Allow GitHub Actions to create and approve pull requests check box.
- For open-source projects: Create a new GitHub environment called frogbot and add people or public teams as reviewers. The chosen reviewers can trigger Frogbot scans on pull requests.
Use these templates to install Frogbot on your GitHub repository.
Push the workflow files to the .github/workflows directory at the root of your GitHub repository.
IMPORTANT: The workflow files must be pushed to the target branch before Frogbot is triggered. This means that if, for example, a pull request includes the workflow files and the target branch doesn't, Frogbot will fail to run.
Create a file named frogbot-scan-pull-request.yml with the content of this template.
This will allow Frogbot to scan pull requests for security issues when the pull requests are open, and before they are merged.
Create a file named frogbot-scan-repository.yml with the content of this template.
This will make Frogbot open pull requests with fixes for security vulnerabilities found in the GitHub repository.