Create frogbot-scan-and-fix.yml

Signed-off-by: Marcel Raschke <42359664+MarcelRaschke@users.noreply.github.com>

.github/workflows/frogbot-scan-and-fix.yml

@@ -0,0 +1,56 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# Frogbot Scan and Fix does the following:
+# Automatically creates pull requests with fixes for vulnerable project dependencies.
+# Uses JFrog Xray to scan the project.
+# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot
+
+name: "Frogbot Scan and Fix"
+on:
+  push:
+    branches: [ "master" ]
+permissions:
+  contents: write
+  pull-requests: write
+  security-events: write
+jobs:
+  create-fix-pull-requests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      # Install prerequisites - uncomment the relevant one
+
+      # - uses: actions/setup-go@v3
+      #   with:
+      #     go-version: 1.17.x
+
+      # - uses: actions/setup-java@v3
+      #    with:
+      #      java-version: "11"
+      #      distribution: "temurin"
+
+      # - uses: actions/setup-node@v3
+      #    with:
+      #      node-version: "16.x"
+
+
+      - uses: jfrog/frogbot@b92e53d9631139a697cb71d9e70229a70ca56694
+        env:
+          # [Mandatory]
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
+          JF_URL: ${{ secrets.FROGBOT_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
+
+          # [Mandatory]
+          # The GitHub token automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # [Mandatory if using npm]
+          # The command that installs the dependencies
+          # JF_INSTALL_DEPS_CMD: "npm i"