Does the PR scan open new PRs?

[jasminjohal-els]

I noticed the following setting in the template frogbot-scan-pull-request.yml file:

          # [Optional, Default: "FALSE"]
          # If TRUE, Frogbot creates a single pull request with all the fixes.
          # If false, Frogbot creates a separate pull request for each fix.
          # JF_GIT_AGGREGATE_FIXES: "FALSE"

https://github.com/jfrog/documentation/blob/77008ab7c9402ea1a7eb6b99c016074cd1ada5fe/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml#L116-L119

This implies it will create PRs to resolve issues detected by the PR scan. Is this actually the case? Shouldn't this only be true for the repo scan?

Also, since the default value is already "FALSE", perhaps # JF_GIT_AGGREGATE_FIXES: "FALSE" should be changed to # JF_GIT_AGGREGATE_FIXES: "TRUE". frogbot-scan-repository.yml would also need to be updated with this change.

[eranturgeman]

Hello @jasminjohal-els, thank you for getting in touch.
Setting JF_GIT_AGGREGATE_FIXES to TRUE doesn't imply the creation of a PR for the scan-pr results.
When this flag is TRUE, it signifies that if multiple vulnerabilities are identified, their fixes will be consolidated into a single PR. Conversely, if set to FALSE, each vulnerability will be addressed in individual PRs.
Hence, the default value is FALSE, and it should stay that way for the time being.