# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # Frogbot Scan and Fix does the following: # Automatically creates pull requests with fixes for vulnerable project dependencies. # Uses JFrog Xray to scan the project. # Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot # Frogbot uses a frogbot-config.yml file to run. The following article will guide you through the process of creating this file: # https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md name: "Frogbot Scan and Fix" on: push: branches: [ $default-branch ] permissions: contents: write pull-requests: write security-events: write jobs: create-fix-pull-requests: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 # IMPORTANT: # 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix # 2. Frogbot requires a frogbot-config.yml to run. Read more about in the following link - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md - uses: jfrog/frogbot@8daba7e9515dbc898012367c71c1018449cd7716 env: # [Mandatory] # JFrog platform URL JF_URL: ${{ secrets.JF_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} # [Mandatory] # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD # JF_USER: ${{ secrets.JF_USER }} # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog password. Must be provided with JF_USER # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}