|
1 | 1 | # View Security Alerts on GitHub |
2 | 2 |
|
3 | | -For GitHub repositories, issues that are found during Frogbot's repository scans are also added to the [Security Alerts](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository) view in the UI. |
| 3 | +**The JFrog Security documentation has a new home!**\ |
| 4 | +You can now find it [here](https://jfrog.com/help/p/security-home), including sections on: |
4 | 5 |
|
5 | | -{% hint style="info" %} |
6 | | -This feature requires: |
7 | | - |
8 | | -* [GitHub code scanning](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) available. |
9 | | -{% endhint %} |
10 | | - |
11 | | - |
12 | | - |
13 | | -The following alert types are supported: |
14 | | - |
15 | | -**1. CVEs on vulnerable dependencies** |
16 | | - |
17 | | - |
18 | | - |
19 | | -**2. Secrets that are exposed in the code** |
20 | | - |
21 | | - |
22 | | - |
23 | | -**3. Infrastructure as Code (Iac) issues on Terraform packages** |
24 | | - |
25 | | - |
26 | | - |
27 | | -**4. Static Application Security Testing (Sast) vulnerabilities** |
28 | | - |
29 | | - |
30 | | - |
31 | | -**5. Validate Allowed Licenses** |
32 | | - |
33 | | -When Frogbot scans the repository periodically, it checks the licenses of any project dependencies. If Frogbot identifies licenses that are not listed in a predefined set of approved licenses, it adds an alert. The list of allowed licenses is set up as a variable within the Frogbot workflow. |
34 | | - |
35 | | - |
| 6 | +* [CLI](https://jfrog.com/help/r/jfrog-security-user-guide/developers/cli) |
| 7 | +* [Frogbot](https://jfrog.com/help/r/jfrog-security-user-guide/developers/frogbot) |
| 8 | +* [IDEs](https://jfrog.com/help/r/jfrog-security-user-guide/developers/ides) |
0 commit comments