Frequently Asked Questions
Everything you need to know about Bullfrog Security
How does Bullfrog differ from other security tools?
Bullfrog specifically focuses on egress filtering for CI/CD pipelines, which is a critical but often overlooked attack vector. Unlike general security scanners, we provide real-time network monitoring and blocking capabilities that prevent data exfiltration during your builds.
Will Bullfrog slow down my CI/CD pipelines?
No. Bullfrog is designed to have negligible performance impact. Our agent runs in the background and intercept network requests using Netfilter, which is highly efficient. Most users see less than 1% overhead on their build times.
Do I need to modify my existing workflows?
You only need to add a single step to your workflow files. All your existing steps continue to work exactly as before. The Bullfrog action runs transparently in the background.
What happens if a connection is blocked?
If a connection is blocked, you will see the blocked connection in the job summary or in the bullfrog control plane. You can then either add the domain/IP to your allowlist if it's legitimate, or investigate if it's a security threat.
Can I test Bullfrog before blocking connections?
Yes! Bullfrog has an "audit mode" where it monitors and logs all connections without blocking them. This lets you see what connections your workflows are making and build your allowlist before switching to blocking mode.
Is my data secure?
Absolutely. Bullfrog only sees network connection metadata (IPs, domains, ports) and process metadata (process name, arguments and executable path). We never capture the actual data being transmitted. All data is encrypted in transit and at rest.
Which runners does Bullfrog support?
Bullfrog currently works with GitHub-hosted runners running Ubuntu (ubuntu-latest, ubuntu-22.04, ubuntu-20.04). Support for other operating systems and self-hosted runners is on our roadmap. Contact us if you need support for specific runner configurations.
What features are coming soon?
We're actively developing: (1) Comprehensive risk assessment including workflow-level security analysis, complete inventory of third-party actions, and risk scoring for actions and workflows, and (2) Multi-channel alerting with intelligent filtering (email, Slack, webhooks). These features will be available in the coming months. Join our reddit community or follow us on GitHub to stay updated.