This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Frogbot Security Scan" | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize] # Triggers scan-pr flow for every opened/updated pull request | |
| push: # Triggers scan-repo flow for every push to the specified branches | |
| branches: | |
| - main | |
| schedule: | |
| - cron: "0 0 * * *" # The repository will be scanned once a day at 00:00 GMT. | |
| workflow_dispatch: # The repository will be scanned on demand | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| security-events: write | |
| # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] | |
| # id-token: write | |
| jobs: | |
| frogbot-scan: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| # The repository scanning will be triggered periodically on the following branches. | |
| branch: ["main"] | |
| steps: | |
| - uses: jfrog/frogbot@v2 | |
| # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN] | |
| # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD | |
| # with: | |
| # oidc-provider-name: "" | |
| env: | |
| JF_URL: ${{ secrets.JF_URL }} | |
| JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} | |
| JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| JF_GIT_BASE_BRANCH: ${{ matrix.branch }} # For repository scan action |