GitHub Security Alerts! Support for Yarn 2... Improved workflow and more!! Try it out: https://github.com/jfrog/frogbot

Frogbot scans every pull request created for security vulnerabilities with JFrog Xray and in version 2.3.2 it even opens pull requests for upgrading vulnerable dependencies to a version with a fix!

With Frogbot installed, you can make sure that new pull requests don’t add new security vulnerabilities to your code base alongside them. If they do, the creator of the pull request has the opportunity to change the code before it is merged.

Frogbot reports its findings directly in the git UI. It simply adds a comment with its findings. You can think of Frogbot as your new team member, keeping your code safe.

If by some reason a vulnerable dependency finds its way into your repository, Frogbot can create pull requests automatically to upgrade to a new version that fixes said dependency.

Learn more:
JFrog Frogbot https://github.com/jfrog/frogbot
JFrog Xray https://jfrog.com/xray/
JFrog CLI developer plugins registry https://github.com/jfrog/jfrog-cli-plugins-reg
JFrog blog https://jfrog.com/blog/secure-your-git-repository-with-frogbot-the-git-bot/