mirror of
https://github.com/spring-projects/spring-petclinic.git
synced 2026-02-05 13:51:12 +00:00
c2a4fe6b95
Updated OIDC provider configuration in workflow. Signed-off-by: nirpel-sys <nirpel@jfrog.com>
33 lines
894 B
YAML
33 lines
894 B
YAML
name: "Frogbot Scan Pull Request"
|
|
on:
|
|
pull_request_target:
|
|
types: [opened, synchronize]
|
|
permissions:
|
|
pull-requests: write
|
|
contents: read
|
|
id-token: write
|
|
jobs:
|
|
scan-pull-request:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: jfrog/frogbot@v2
|
|
env:
|
|
# [Mandatory]
|
|
JF_URL: ${{ secrets.JF_URL }}
|
|
|
|
# [Mandatory]
|
|
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# [Optional] Xray Watches to apply
|
|
JF_WATCHES: "build-watch"
|
|
|
|
# [Optional] Show all vulnerabilities, not just the ones introduced in the PR
|
|
JF_INCLUDE_ALL_VULNERABILITIES: "true"
|
|
|
|
# [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
|
|
with:
|
|
# oidc-provider-name: yanirw/CI-demo@github
|
|
version: latest
|
|
oidc-provider-name: github-oidc
|
|
oidc-audience: jfrog-github
|
|
|