From af3ccdc154bcfb96e9580d863bffab9f66096133 Mon Sep 17 00:00:00 2001 From: byron-infomagnus <126528428+byron-infomagnus@users.noreply.github.com> Date: Mon, 10 Feb 2025 12:40:36 -0800 Subject: [PATCH 1/4] Create forgbot-scan-repository.yml --- .github/workflows/forgbot-scan-repository.yml | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/forgbot-scan-repository.yml diff --git a/.github/workflows/forgbot-scan-repository.yml b/.github/workflows/forgbot-scan-repository.yml new file mode 100644 index 0000000..35b496a --- /dev/null +++ b/.github/workflows/forgbot-scan-repository.yml @@ -0,0 +1,50 @@ +name: "Frogbot Scan Repository" +on: + workflow_dispatch: + schedule: + # The repository will be scanned once a day at 00:00 GMT. + - cron: "0 0 * * *" +permissions: + contents: write + pull-requests: write + security-events: write + # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # id-token: write +jobs: + scan-repository: + runs-on: ubuntu-latest + strategy: + matrix: + # The repository scanning will be triggered periodically on the following branches. + branch: ["dev"] + steps: + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL + JF_URL: ${{ secrets.JF_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + # JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token is automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory] + # The name of the branch on which Frogbot will perform the scan + JF_GIT_BASE_BRANCH: ${{ matrix.branch }} + + # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN] + # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD + # with: + # oidc-provider-name: "" From 347d4340e8ffb0c1d29d59dc02c9961b856f42d7 Mon Sep 17 00:00:00 2001 From: byron-infomagnus <126528428+byron-infomagnus@users.noreply.github.com> Date: Mon, 10 Feb 2025 12:41:05 -0800 Subject: [PATCH 2/4] Update forgbot-scan-repository.yml --- .github/workflows/forgbot-scan-repository.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/forgbot-scan-repository.yml b/.github/workflows/forgbot-scan-repository.yml index 35b496a..8e03ef6 100644 --- a/.github/workflows/forgbot-scan-repository.yml +++ b/.github/workflows/forgbot-scan-repository.yml @@ -16,7 +16,7 @@ jobs: strategy: matrix: # The repository scanning will be triggered periodically on the following branches. - branch: ["dev"] + branch: ["byron-test"] steps: - uses: jfrog/frogbot@v2 env: From 24e6a0f7284c4476298a31685ab6cc56c64b77ec Mon Sep 17 00:00:00 2001 From: byron-infomagnus <126528428+byron-infomagnus@users.noreply.github.com> Date: Mon, 10 Feb 2025 12:45:42 -0800 Subject: [PATCH 3/4] Create forgbot-config.yml --- .frogbot/forgbot-config.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .frogbot/forgbot-config.yml diff --git a/.frogbot/forgbot-config.yml b/.frogbot/forgbot-config.yml new file mode 100644 index 0000000..b7b4cb6 --- /dev/null +++ b/.frogbot/forgbot-config.yml @@ -0,0 +1,6 @@ +- params: + git: + repoName: jfrog-github-example + branches: + - byron-test + - main From d7a6b3df8ff6729b71eed8bc320f3c6b0515f6e2 Mon Sep 17 00:00:00 2001 From: byron-infomagnus <126528428+byron-infomagnus@users.noreply.github.com> Date: Mon, 10 Feb 2025 12:48:28 -0800 Subject: [PATCH 4/4] Update forgbot-config.yml --- .frogbot/forgbot-config.yml | 43 +++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/.frogbot/forgbot-config.yml b/.frogbot/forgbot-config.yml index b7b4cb6..361343e 100644 --- a/.frogbot/forgbot-config.yml +++ b/.frogbot/forgbot-config.yml @@ -4,3 +4,46 @@ branches: - byron-test - main + # Frogbot scanning parameters + scan: + # [Default: false] + # Frogbot displays all existing vulnerabilities, including the ones that were not added by the pull request + includeAllVulnerabilities: true + + # [Default: true] + # Frogbot does not fail the task if security issues are found and this parameter is set to false + # failOnSecurityIssues: false + + # List of subprojects / project dirs inside the Git repository + projects: + # [Mandatory for projects which use npm, yarn 2, nuget and dotnet to download their dependencies] + # Installation command (e.g. npm i, nuget restore) + # - installCommand: "" + + # [Default: root directory] + # List of relative path's to the projects directories in the git repository + # workingDirs: + # - "." + + # [Mandatory for pip only if using requirements file, Default: pip install .] + # The requirements file name that used to install dependencies in case of pip package manager + # pipRequirementsFile: "" + + # [Default: true] + # Use Gradle Wrapper (gradlew/gradlew.bat) to run Gradle + # useWrapper: true + + # [Optional] + # Name of a Virtual Repository in Artifactory to resolve (download) the project dependencies from + # repository: "" + + # JFrog Platform parameters + jfrogPlatform: + # [Optional] + # JFrog project key. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Projects) + # jfrogProjectKey: "" + + # [Optional] + # Xray Watches. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches) + # watches: + # - ""