Publish Scan Results to Gitlab Dashboards by orto17 · Pull Request #1268 · jfrog/frogbot

orto17 · 2026-04-12T06:49:45Z

All tests passed. If this feature is not already covered by the tests, I added new tests.
This pull request is on the dev branch.
I used gofmt for formatting the code before submitting the pull request.
Update documentation about new features / new supported technologies

Frogbot can now write scan output to a directory when it runs against GitLab, using the JF_SCAN_RESULTS_OUTPUT_DIR environment variable. The directory gets cyclonedx.json (SBOM) and gl-dependency-scanning-report.json in GitLab’s dependency-scanning format, so pipelines can publish them to GitLab’s security UI. This runs alongside the existing repository scan flow (detection and auto-fix behavior are unchanged when enabled).

attiasas

Nice work! check out my comments

orto17 requested a deployment to frogbot April 12, 2026 06:49 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot April 12, 2026 07:02 — with GitHub Actions Waiting

orto17 added the safe to test Approve running integration tests on a pull request label Apr 12, 2026

github-actions Bot removed the safe to test Approve running integration tests on a pull request label Apr 12, 2026

orto17 requested a deployment to frogbot April 12, 2026 07:12 — with GitHub Actions Waiting

orto17 changed the title ~~save results in gitlab format~~ Publish Scan Results to Gitlab Dashboards Apr 12, 2026

orto17 added the safe to test Approve running integration tests on a pull request label Apr 12, 2026

github-actions Bot removed the safe to test Approve running integration tests on a pull request label Apr 12, 2026

orto17 requested a deployment to frogbot April 13, 2026 11:10 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot April 28, 2026 08:52 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot April 28, 2026 09:37 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot April 28, 2026 09:55 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot April 29, 2026 08:27 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot April 29, 2026 09:28 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot April 30, 2026 08:05 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot May 7, 2026 06:52 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot May 7, 2026 06:59 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot May 7, 2026 07:36 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot May 7, 2026 07:42 — with GitHub Actions Waiting

orto17 requested a deployment to frogbot May 7, 2026 07:52 — with GitHub Actions Waiting

orto17 added the safe to test Approve running integration tests on a pull request label May 7, 2026

orto17 requested a deployment to frogbot May 7, 2026 07:52 — with GitHub Actions Waiting

github-actions Bot removed the safe to test Approve running integration tests on a pull request label May 7, 2026

attiasas approved these changes May 7, 2026

View reviewed changes

Comment thread scanrepository/scanrepository.go Outdated

Comment thread utils/utils.go Outdated

Comment thread utils/utils.go

orto17 requested a deployment to frogbot May 10, 2026 08:00 — with GitHub Actions Waiting

orto17 added the safe to test Approve running integration tests on a pull request label May 10, 2026

orto17 requested a deployment to frogbot May 10, 2026 08:01 — with GitHub Actions Waiting

github-actions Bot removed the safe to test Approve running integration tests on a pull request label May 10, 2026

orto17 added 16 commits May 10, 2026 12:20

save results in gitlab format

06ad0dc

with tests

259501d

static analysis fix

619fb40

with applicability status

56bed2e

update Identifier column with cve id

f0d9ee6

reachable column

cff4ae1

with cwe

64c46bd

fixed format issues

08ef8ec

with reachability field

d613486

with reachability field

40cd99f

fix Reachabe field

d37fb99

test fix

2d6fd36

after cr

2525f73

after cr

276ec1d

after cr

3e2c9e2

after cr

19d638a

orto17 force-pushed the publish-results-gitlab branch from e839858 to 19d638a Compare May 10, 2026 09:20

orto17 requested a deployment to frogbot May 10, 2026 09:20 — with GitHub Actions Waiting

orto17 added the safe to test Approve running integration tests on a pull request label May 10, 2026

orto17 requested a deployment to frogbot May 10, 2026 09:22 — with GitHub Actions Waiting

github-actions Bot removed the safe to test Approve running integration tests on a pull request label May 10, 2026

orto17 merged commit c030e32 into jfrog:v3_er May 10, 2026
21 of 33 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Publish Scan Results to Gitlab Dashboards#1268

Publish Scan Results to Gitlab Dashboards#1268
orto17 merged 16 commits intojfrog:v3_erfrom
orto17:publish-results-gitlab

orto17 commented Apr 12, 2026 •

edited

Loading

Uh oh!

attiasas left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

orto17 commented Apr 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

attiasas left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

orto17 commented Apr 12, 2026 •

edited

Loading