From dd9b2f6ac35810ff02a255d82886c09a03d53bf7 Mon Sep 17 00:00:00 2001
From: nirpel-sys <nirpel@jfrog.com>
Date: Fri, 30 Jan 2026 15:49:52 +0200
Subject: [PATCH] Add files via upload

Signed-off-by: nirpel-sys <nirpel@jfrog.com>
---
 .../workflows/frogbot-scan-pull-request.yaml  | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 .github/workflows/frogbot-scan-pull-request.yaml

diff --git a/.github/workflows/frogbot-scan-pull-request.yaml b/.github/workflows/frogbot-scan-pull-request.yaml
new file mode 100644
index 000000000..680d083d7
--- /dev/null
+++ b/.github/workflows/frogbot-scan-pull-request.yaml
@@ -0,0 +1,30 @@
+name: "Frogbot Scan Pull Request"
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+permissions:
+  pull-requests: write
+  contents: read
+  id-token: write
+jobs:
+  scan-pull-request:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: jfrog/frogbot@v2
+        env:
+          # [Mandatory]
+          JF_URL: ${{ secrets.JF_URL }}
+
+          # [Mandatory]
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # [Optional] Xray Watches to apply
+          JF_WATCHES: "build-watch"
+
+          # [Optional] Show all vulnerabilities, not just the ones introduced in the PR
+          JF_INCLUDE_ALL_VULNERABILITIES: "true"
+
+        # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
+        with:
+          oidc-provider-name: yanirw/CI-demo@github
+