Skip to content

chore: workflow hardening — pinact + zizmor [automated] #21

chore: workflow hardening — pinact + zizmor [automated]

chore: workflow hardening — pinact + zizmor [automated] #21

Workflow file for this run

# workflow-hardening: 1 finding needs manual review — see PR description
name: "Frogbot Security Scan"
on:
pull_request_target:
types: [opened, synchronize]
push:
branches:
- main
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
permissions:
pull-requests: write
contents: write
security-events: write
jobs:
frogbot-scan:
runs-on: ubuntu-latest
strategy:
matrix:
branch: ["main"]
steps:
- uses: jfrog/frogbot@v2
env:
JF_URL: ${{ secrets.JF_URL }}
JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JF_GIT_BASE_BRANCH: ${{ matrix.branch }}