GITBOOK-126: change request with no subject merged in GitBook

linad87 · gitbook-bot · commit 4bcb677ecc52 · 2024-03-26T12:33:33.000Z
diff --git a/jfrog-applications/SUMMARY.md b/jfrog-applications/SUMMARY.md
@@ -76,7 +76,8 @@
     * [Scan Azure Repos Pull Request](jfrog-applications/frogbot/scan-pull-requests/scan-azure-repos-pull-request.md)
     * [Scan Bitbucket Server Pull Request](jfrog-applications/frogbot/scan-pull-requests/scan-bitbucket-server-pull-request.md)
     * [Pull Request Scan Results](jfrog-applications/frogbot/scan-pull-requests/pull-request-scan-results.md)
-  * [Scan Repositories](frogbot/scan-repositories.md)
+  * [Scan Git Repositories](jfrog-applications/frogbot/scan-repositories/README.md)
+    * [View Security Alerts on Github](jfrog-applications/frogbot/scan-repositories/view-security-alerts-on-github.md)
   * [Frogbot Badge](frogbot/frogbot-badge.md)
 
 ## CI & SDKs
diff --git a/jfrog-applications/frogbot/scan-repositories.md b/jfrog-applications/frogbot/scan-repositories.md
diff --git a/jfrog-applications/jfrog-applications/frogbot/scan-repositories/README.md b/jfrog-applications/jfrog-applications/frogbot/scan-repositories/README.md
@@ -0,0 +1,9 @@
+# Scan Git Repositories
+
+Frogbot scans your Git repositories periodically and automatically creates pull requests for upgrading vulnerable dependencies to a version with a fix.
+
+![](../../../.gitbook/assets/fix-pr.png)
+
+_**NOTE:**_ The pull request fix is presently unavailable for older NuGet projects that use the package.config file instead of the PackageReference syntax.
+
+####
diff --git a/jfrog-applications/jfrog-applications/frogbot/scan-repositories/view-security-alerts-on-github.md b/jfrog-applications/jfrog-applications/frogbot/scan-repositories/view-security-alerts-on-github.md
@@ -0,0 +1,29 @@
+# View Security Alerts on Github
+
+For GitHub repositories, issues that are found during Frogbot's periodic scans are also added to the [Security Alerts](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository) view in the UI.
+
+![](../../../.gitbook/assets/github-code-scanning.png)
+
+The following alert types are supported:
+
+**1. CVEs on vulnerable dependencies**
+
+![](../../../.gitbook/assets/github-code-scanning-content.png)
+
+**2. Secrets that are exposed in the code**
+
+![](../../../.gitbook/assets/github-code-scanning-secrets-content.png)
+
+**3. Infrastructure as Code (Iac) issues on Terraform packages**
+
+![](../../../.gitbook/assets/github-code-scanning-iac-content.png)
+
+**4. Static Application Security Testing (Sast) vulnerabilities**
+
+![](../../../.gitbook/assets/github-code-scanning-sast-content.png)
+
+**5. Validate Allowed Licenses**
+
+When Frogbot scans the repository periodically, it checks the licenses of any project dependencies. If Frogbot identifies licenses that are not listed in a predefined set of approved licenses, it adds an alert. The list of allowed licenses is set up as a variable within the Frogbot workflow.
+
+![](../../../.gitbook/assets/github-code-scanning-license-violation-content.png)
