diff --git a/.frogbot/forgbot-config.yml b/.frogbot/forgbot-config.yml new file mode 100644 index 0000000..361343e --- /dev/null +++ b/.frogbot/forgbot-config.yml @@ -0,0 +1,49 @@ +- params: + git: + repoName: jfrog-github-example + branches: + - byron-test + - main + # Frogbot scanning parameters + scan: + # [Default: false] + # Frogbot displays all existing vulnerabilities, including the ones that were not added by the pull request + includeAllVulnerabilities: true + + # [Default: true] + # Frogbot does not fail the task if security issues are found and this parameter is set to false + # failOnSecurityIssues: false + + # List of subprojects / project dirs inside the Git repository + projects: + # [Mandatory for projects which use npm, yarn 2, nuget and dotnet to download their dependencies] + # Installation command (e.g. npm i, nuget restore) + # - installCommand: "" + + # [Default: root directory] + # List of relative path's to the projects directories in the git repository + # workingDirs: + # - "." + + # [Mandatory for pip only if using requirements file, Default: pip install .] + # The requirements file name that used to install dependencies in case of pip package manager + # pipRequirementsFile: "" + + # [Default: true] + # Use Gradle Wrapper (gradlew/gradlew.bat) to run Gradle + # useWrapper: true + + # [Optional] + # Name of a Virtual Repository in Artifactory to resolve (download) the project dependencies from + # repository: "" + + # JFrog Platform parameters + jfrogPlatform: + # [Optional] + # JFrog project key. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Projects) + # jfrogProjectKey: "" + + # [Optional] + # Xray Watches. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches) + # watches: + # - "" diff --git a/.github/workflows/forgbot-scan-repository.yml b/.github/workflows/forgbot-scan-repository.yml new file mode 100644 index 0000000..8e03ef6 --- /dev/null +++ b/.github/workflows/forgbot-scan-repository.yml @@ -0,0 +1,50 @@ +name: "Frogbot Scan Repository" +on: + workflow_dispatch: + schedule: + # The repository will be scanned once a day at 00:00 GMT. + - cron: "0 0 * * *" +permissions: + contents: write + pull-requests: write + security-events: write + # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # id-token: write +jobs: + scan-repository: + runs-on: ubuntu-latest + strategy: + matrix: + # The repository scanning will be triggered periodically on the following branches. + branch: ["byron-test"] + steps: + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL + JF_URL: ${{ secrets.JF_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + # JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token is automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory] + # The name of the branch on which Frogbot will perform the scan + JF_GIT_BASE_BRANCH: ${{ matrix.branch }} + + # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD + # with: + # oidc-provider-name: ""