From 3025a81c1a318c01f3a646f486f6011ea67b99eb Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 12:13:57 +0530
Subject: [PATCH 01/20] Update ci.yml
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a429a2a98..ffd77d816 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -31,7 +31,7 @@ jobs:
- name: Build and Push Docker Image
uses: mr-smithers-excellent/docker-build-push@v4
with:
- image: nanajanashia/demo-app
+ image: binal92/mydockerhub
registry: docker.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
From 6737ce09cae2ee1513f95071852753ece65d2151 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 12:14:58 +0530
Subject: [PATCH 02/20] Update ci.yml
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ffd77d816..79a45a9d0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,7 +1,7 @@
# This workflow will build a Java project with Gradle
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
-name: Java CI with Gradle
+name: Java CI with Gradle Binal
on:
push:
From a54670c10d22993d70e525b3467f34a55de9c009 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 12:17:26 +0530
Subject: [PATCH 03/20] Update ci.yml
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 79a45a9d0..7a552be0e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -31,7 +31,7 @@ jobs:
- name: Build and Push Docker Image
uses: mr-smithers-excellent/docker-build-push@v4
with:
- image: binal92/mydockerhub
+ image: binal92/demo-app
registry: docker.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
From 5a658af9e2d7e78ebfdf77be035e5150a83ce874 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 12:31:51 +0530
Subject: [PATCH 04/20] Update ci.yml
---
.github/workflows/ci.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7a552be0e..bc6e1185d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,10 +15,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v4
- name: Set up JDK 1.8
- uses: actions/setup-java@v1
+ uses: actions/setup-java@v4
with:
java-version: 1.8
@@ -29,7 +29,7 @@ jobs:
run: ./gradlew build
- name: Build and Push Docker Image
- uses: mr-smithers-excellent/docker-build-push@v4
+ uses: mr-smithers-excellent/docker-build-push@v6
with:
image: binal92/demo-app
registry: docker.io
From 71584b9fd5fdb31fde69201c7f235b520fba4f96 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 12:34:30 +0530
Subject: [PATCH 05/20] Update ci.yml
---
.github/workflows/ci.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bc6e1185d..3f1fbc9c3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,6 +20,7 @@ jobs:
- name: Set up JDK 1.8
uses: actions/setup-java@v4
with:
+ distribution: 'temurin'
java-version: 1.8
- name: Grant execute permission for gradlew
From 16263cf499597051036d2c59087cc6db910f93d4 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 12:36:13 +0530
Subject: [PATCH 06/20] Update ci.yml
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3f1fbc9c3..fd32621d4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ jobs:
uses: actions/setup-java@v4
with:
distribution: 'temurin'
- java-version: 1.8
+ java-version: 8.0.402+6
- name: Grant execute permission for gradlew
run: chmod +x gradlew
From e26da7aab4bcc72425ed4332dcaff94a62802a35 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 12:43:05 +0530
Subject: [PATCH 07/20] Update ci.yml
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fd32621d4..f11a2349b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -30,7 +30,7 @@ jobs:
run: ./gradlew build
- name: Build and Push Docker Image
- uses: mr-smithers-excellent/docker-build-push@v6
+ uses: mr-smithers-excellent/docker-build-push@v6.2
with:
image: binal92/demo-app
registry: docker.io
From 0b4d65afdc5534135c816e8de4675d2d68ff54af Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 13:04:23 +0530
Subject: [PATCH 08/20] Update Dockerfile
---
Dockerfile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index d2b1dc574..4c7764d89 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM openjdk:8-jre-alpine
EXPOSE 8080
-COPY ./build/libs/my-app-1.0-SNAPSHOT.jar /usr/app/
+COPY ./README.md /usr/app/
WORKDIR /usr/app
-ENTRYPOINT ["java", "-jar", "my-app-1.0-SNAPSHOT.jar"]
+ENTRYPOINT ["java", "--version"]
From 29e45e510f395844a514cf8e6977a684ee2f37f3 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 13:06:20 +0530
Subject: [PATCH 09/20] Update README.md
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 6a6245acc..11c8cd42c 100644
--- a/README.md
+++ b/README.md
@@ -10,3 +10,4 @@
docker tag java-app demo-app:java-1.0
+Add new text
From 484e939ae50dcb13b66051586f6605c997c63d3b Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 14:59:06 +0530
Subject: [PATCH 10/20] Create jfrog.yml
---
.github/workflows/jfrog.yml | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
create mode 100644 .github/workflows/jfrog.yml
diff --git a/.github/workflows/jfrog.yml b/.github/workflows/jfrog.yml
new file mode 100644
index 000000000..ef8ab2f6f
--- /dev/null
+++ b/.github/workflows/jfrog.yml
@@ -0,0 +1,32 @@
+name: "JFrog CLI Example"
+on: push
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Setup JFrog CLI
+ uses: jfrog/setup-jfrog-cli@v3
+ env:
+ # JFrog platform url (for example: https://acme.jfrog.io)
+ JF_URL: ${{ secrets.JF_URL }}
+
+ # JFrog Platform access token
+ JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
+ # Basic authentication credentials
+ ## JF_USER: ${{ secrets.JF_USER }}
+ ## JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
+
+ - name: Run JFrog CLI
+ run: |
+ # Ping the server
+ jf rt ping
+ # Collect environment variables for the build
+ jf rt bce
+ # Collect VCS details from git and add them to the build
+ jf rt bag
+ # Publish build info
+ jf rt bp
From b1554ac027e516582c9bee54d2b2625072e7ba47 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 15:19:57 +0530
Subject: [PATCH 11/20] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 11c8cd42c..c1f5079a4 100644
--- a/README.md
+++ b/README.md
@@ -10,4 +10,4 @@
docker tag java-app demo-app:java-1.0
-Add new text
+Add new line
From 454c7b46f843165b04228e62cd574bbd99534f0f Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 16:01:22 +0530
Subject: [PATCH 12/20] Update README.md
---
README.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/README.md b/README.md
index c1f5079a4..6067a4dc9 100644
--- a/README.md
+++ b/README.md
@@ -11,3 +11,5 @@
docker tag java-app demo-app:java-1.0
Add new line
+
+[](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)
From 96752dff0fcaa0fa75d5be380317c0a29d3d616c Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 17:36:53 +0530
Subject: [PATCH 13/20] Create frogbot-scan-repository.yml
---
.github/workflows/frogbot-scan-repository.yml | 142 ++++++++++++++++++
1 file changed, 142 insertions(+)
create mode 100644 .github/workflows/frogbot-scan-repository.yml
diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml
new file mode 100644
index 000000000..7d89f4a3b
--- /dev/null
+++ b/.github/workflows/frogbot-scan-repository.yml
@@ -0,0 +1,142 @@
+name: "Frogbot Scan Repository"
+on:
+ workflow_dispatch:
+ schedule:
+ # The repository will be scanned once a day at 00:00 GMT.
+ - cron: "0 0 * * *"
+permissions:
+ contents: write
+ pull-requests: write
+ security-events: write
+jobs:
+ scan-repository:
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ # The repository scanning will be triggered periodically on the following branches.
+ branch: ["dev"]
+ steps:
+ - uses: jfrog/frogbot@v2
+ env:
+ # [Mandatory]
+ # JFrog platform URL
+ JF_URL: ${{ secrets.JF_URL }}
+
+ # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+ # JFrog access token with 'read' permissions on Xray service
+ JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
+ # [Mandatory if JF_ACCESS_TOKEN is not provided]
+ # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
+ # JF_USER: ${{ secrets.JF_USER }}
+
+ # [Mandatory if JF_ACCESS_TOKEN is not provided]
+ # JFrog password. Must be provided with JF_USER
+ # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
+
+ # [Mandatory]
+ # The GitHub token is automatically generated for the job
+ JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ # [Mandatory]
+ # The name of the branch on which Frogbot will perform the scan
+ JF_GIT_BASE_BRANCH: ${{ matrix.branch }}
+
+ # [Optional, default: https://api.github.com]
+ # API endpoint to GitHub
+ # JF_GIT_API_ENDPOINT: https://github.example.com
+
+ # [Optional]
+ # By default, the Frogbot workflows download the Frogbot executable as well as other tools
+ # needed from https://releases.jfrog.io
+ # If the machine that runs Frogbot has no access to the internet, follow these steps to allow the
+ # executable to be downloaded from an Artifactory instance, which the machine has access to:
+ #
+ # 1. Login to the Artifactory UI, with a user who has admin credentials.
+ # 2. Create a Remote Repository with the following properties set.
+ # Under the 'Basic' tab:
+ # Package Type: Generic
+ # URL: https://releases.jfrog.io
+ # Under the 'Advanced' tab:
+ # Uncheck the 'Store Artifacts Locally' option
+ # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created.
+ # JF_RELEASES_REPO: ""
+
+ ##########################################################################
+ ## If your project uses a 'frogbot-config.yml' file, you can define ##
+ ## the following variables inside the file, instead of here. ##
+ ##########################################################################
+
+ # [Optional, default: "."]
+ # Relative path to the root of the project in the Git repository. If left empty (without providing "." yourself as default), a recursive scan is triggered from the root directory of the project.
+ # JF_WORKING_DIR: path/to/project/dir
+
+ # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"]
+ # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+ # JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*"
+
+ # [Optional]
+ # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
+ # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
+
+ # [Optional]
+ # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
+ # JF_PROJECT: <project-key>
+
+ # [Optional, default: "TRUE"]
+ # Fails the Frogbot task if any security issue is found.
+ # JF_FAIL: "FALSE"
+
+ # [Optional]
+ # Frogbot will download the project dependencies, if they're not cached locally. To download the
+ # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
+ # need to set this value, if it is set in the frogbot-config.yml file.
+ # JF_DEPS_REPO: ""
+
+ # [Optional]
+ # Template for the branch name generated by Frogbot when creating pull requests with fixes.
+ # The template must include {BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
+ # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
+ # JF_BRANCH_NAME_TEMPLATE: "frogbot-{IMPACTED_PACKAGE}-{BRANCH_NAME_HASH}"
+
+ # [Optional]
+ # Template for the commit message generated by Frogbot when creating pull requests with fixes
+ # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
+ # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+
+ # [Optional]
+ # Template for the pull request title generated by Frogbot when creating pull requests with fixes.
+ # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
+ # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+
+ # [Optional, Default: "FALSE"]
+ # If TRUE, Frogbot creates a single pull request with all the fixes.
+ # If FALSE, Frogbot creates a separate pull request for each fix.
+ # JF_GIT_AGGREGATE_FIXES: "FALSE"
+
+ # [Optional, Default: "FALSE"]
+ # Handle vulnerabilities with fix versions only
+ # JF_FIXABLE_ONLY: "TRUE"
+
+ # [Optional]
+ # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
+ # The following values are accepted: Low, Medium, High or Critical
+ # JF_MIN_SEVERITY: ""
+
+ # [Optional, Default: eco-system+frogbot@jfrog.com]
+ # Set the email of the commit author
+ # JF_GIT_EMAIL_AUTHOR: ""
+
+ # [Optional]
+ # Set the list of allowed licenses
+ # The full list of licenses can be found in:
+ # https://github.com/jfrog/frogbot/blob/master/docs/licenses.md
+ # JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
+
+ # [Optional]
+ # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+ # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
+ # [Optional]
+ # Add a title to pull request comments generated by Frogbot.
+ # JF_PR_COMMENT_TITLE: ""
From eeeadfec1d7647504423898276f0ba3b6d67a3c2 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Thu, 1 Feb 2024 18:03:38 +0530
Subject: [PATCH 14/20] Create frogbot-scan-pull-request.yml
---
.../workflows/frogbot-scan-pull-request.yml | 148 ++++++++++++++++++
1 file changed, 148 insertions(+)
create mode 100644 .github/workflows/frogbot-scan-pull-request.yml
diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml
new file mode 100644
index 000000000..eae619cc4
--- /dev/null
+++ b/.github/workflows/frogbot-scan-pull-request.yml
@@ -0,0 +1,148 @@
+name: "Frogbot Scan Pull Request"
+on:
+ pull_request_target:
+ types: [opened, synchronize]
+permissions:
+ pull-requests: write
+ contents: read
+jobs:
+ scan-pull-request:
+ runs-on: ubuntu-latest
+ # A pull request needs to be approved before Frogbot scans it. Any GitHub user who is associated with the
+ # "frogbot" GitHub environment can approve the pull request to be scanned.
+ environment: frogbot
+ steps:
+ - uses: jfrog/frogbot@v2
+ env:
+ # [Mandatory]
+ # JFrog platform URL
+ JF_URL: ${{ secrets.JF_URL }}
+
+ # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+ # JFrog access token with 'read' permissions on Xray service
+ JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
+ # [Mandatory if JF_ACCESS_TOKEN is not provided]
+ # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
+ # JF_USER: ${{ secrets.JF_USER }}
+
+ # [Mandatory if JF_ACCESS_TOKEN is not provided]
+ # JFrog password. Must be provided with JF_USER
+ # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
+
+ # [Mandatory]
+ # The GitHub token is automatically generated for the job
+ JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ # [Optional, default: https://api.github.com]
+ # API endpoint to GitHub
+ # JF_GIT_API_ENDPOINT: https://github.example.com
+
+ # [Optional]
+ # By default, the Frogbot workflows download the Frogbot executable as well as other tools
+ # needed from https://releases.jfrog.io
+ # If the machine that runs Frogbot has no access to the internet, follow these steps to allow the
+ # executable to be downloaded from an Artifactory instance, which the machine has access to:
+ #
+ # 1. Login to the Artifactory UI, with a user who has admin credentials.
+ # 2. Create a Remote Repository with the following properties set.
+ # Under the 'Basic' tab:
+ # Package Type: Generic
+ # URL: https://releases.jfrog.io
+ # Under the 'Advanced' tab:
+ # Uncheck the 'Store Artifacts Locally' option
+ # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created.
+ # JF_RELEASES_REPO: ""
+
+ # [Optional]
+ # Configure the SMTP server to enable Frogbot to send emails with detected secrets in pull request scans.
+ # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080)
+ # JF_SMTP_SERVER: ""
+
+ # [Mandatory if JF_SMTP_SERVER is set]
+ # The username required for authenticating with the SMTP server.
+ # JF_SMTP_USER: ""
+
+ # [Mandatory if JF_SMTP_SERVER is set]
+ # The password associated with the username required for authentication with the SMTP server.
+ # JF_SMTP_PASSWORD: ""
+
+ ##########################################################################
+ ## If your project uses a 'frogbot-config.yml' file, you can define ##
+ ## the following variables inside the file, instead of here. ##
+ ##########################################################################
+
+ # [Mandatory if the two conditions below are met]
+ # 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies
+ # 2. The `installCommand` variable isn't set in your frogbot-config.yml file.
+ #
+ # The command that installs the project dependencies (e.g "nuget restore")
+ # JF_INSTALL_DEPS_CMD: ""
+
+ # [Optional, default: "."]
+ # Relative path to the root of the project in the Git repository. If left empty (without providing "." yourself as default), a recursive scan is triggered from the root directory of the project.
+ # JF_WORKING_DIR: path/to/project/dir
+
+ # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"]
+ # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+ # JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*"
+
+ # [Optional]
+ # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
+ # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
+
+ # [Optional]
+ # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
+ # JF_PROJECT: <project-key>
+
+ # [Optional, default: "FALSE"]
+ # Displays all existing vulnerabilities, including the ones that were added by the pull request.
+ # JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"
+
+ # [Optional, default: "FALSE"]
+ # When adding new comments on pull requests, keep old comments that were added by previous scans.
+ # JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION: "TRUE"
+
+ # [Optional, default: "TRUE"]
+ # Fails the Frogbot task if any security issue is found.
+ # JF_FAIL: "FALSE"
+
+ # [Optional]
+ # Frogbot will download the project dependencies if they're not cached locally. To download the
+ # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
+ # need to set this value, if it is set in the frogbot-config.yml file.
+ # JF_DEPS_REPO: ""
+
+ # [Optional, Default: "FALSE"]
+ # If TRUE, Frogbot creates a single pull request with all the fixes.
+ # If false, Frogbot creates a separate pull request for each fix.
+ # JF_GIT_AGGREGATE_FIXES: "FALSE"
+
+ # [Optional, Default: "FALSE"]
+ # Handle vulnerabilities with fix versions only
+ # JF_FIXABLE_ONLY: "TRUE"
+
+ # [Optional]
+ # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
+ # The following values are accepted: Low, Medium, High or Critical
+ # JF_MIN_SEVERITY: ""
+
+ # [Optional]
+ # List of comma separated email addresses to receive email notifications about secrets
+ # detected during pull request scanning. The notification is also sent to the email set
+ # in the committer git profile regardless of whether this variable is set or not.
+ # JF_EMAIL_RECEIVERS: ""
+
+ # [Optional]
+ # Set the list of allowed licenses
+ # The full list of licenses can be found in:
+ # https://github.com/jfrog/frogbot/blob/master/docs/licenses.md
+ # JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
+
+ # [Optional]
+ # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+ # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
+ # [Optional]
+ # Add a title to pull request comments generated by Frogbot.
+ # JF_PR_COMMENT_TITLE: ""
From a8ade7b0b7d75ac91f5e43c5fab0b8095f83fbcf Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Fri, 2 Feb 2024 11:56:30 +0530
Subject: [PATCH 15/20] Update README.md
---
README.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/README.md b/README.md
index 6067a4dc9..f7c01f632 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,5 @@
docker tag java-app demo-app:java-1.0
-Add new line
[](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)
From 0e4f8035869435dce9037f4eb49d887a6a32bd31 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Fri, 2 Feb 2024 11:58:51 +0530
Subject: [PATCH 16/20] Update frogbot-scan-repository.yml
---
.github/workflows/frogbot-scan-repository.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml
index 7d89f4a3b..158e66b56 100644
--- a/.github/workflows/frogbot-scan-repository.yml
+++ b/.github/workflows/frogbot-scan-repository.yml
@@ -3,7 +3,7 @@ on:
workflow_dispatch:
schedule:
# The repository will be scanned once a day at 00:00 GMT.
- - cron: "0 0 * * *"
+ - cron: "0 7 * * *"
permissions:
contents: write
pull-requests: write
From 414a79ebb8ea544be62ccfe5fc876ae08e4b48b7 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Fri, 2 Feb 2024 11:59:21 +0530
Subject: [PATCH 17/20] Update frogbot-scan-repository.yml
---
.github/workflows/frogbot-scan-repository.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml
index 158e66b56..9840b476e 100644
--- a/.github/workflows/frogbot-scan-repository.yml
+++ b/.github/workflows/frogbot-scan-repository.yml
@@ -3,7 +3,7 @@ on:
workflow_dispatch:
schedule:
# The repository will be scanned once a day at 00:00 GMT.
- - cron: "0 7 * * *"
+ - cron: "35 6 * * *"
permissions:
contents: write
pull-requests: write
From 39f31f43e0c5cd4bf6016299bd31859254a23db7 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Fri, 2 Feb 2024 13:54:49 +0530
Subject: [PATCH 18/20] Create frogbot-config.yml
---
.frogbot/frogbot-config.yml | 113 ++++++++++++++++++++++++++++++++++++
1 file changed, 113 insertions(+)
create mode 100644 .frogbot/frogbot-config.yml
diff --git a/.frogbot/frogbot-config.yml b/.frogbot/frogbot-config.yml
new file mode 100644
index 000000000..1af011988
--- /dev/null
+++ b/.frogbot/frogbot-config.yml
@@ -0,0 +1,113 @@
+# The "params" section includes the configuration of a single Git repository that needs to be scanned.
+# For Azure Repos, Bitbucket Server and GitHub with JFrog Pipelines or Jenkins, you can define multiple "params" sections one after the other, for scanning multiple
+# Git repositories in the same organization.
+- params:
+ # Git parameters
+ git:
+ # [Mandatory]
+ # Name of the git repository to scan
+ repoName: my-project
+
+ # [Mandatory]
+ # List of branches to scan
+ branches:
+ - master
+
+ # [Optional]
+ # Template for the branch name generated by Frogbot when creating pull requests with fixes.
+ # The template must include ${BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
+ # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+ # branchNameTemplate: "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}"
+
+ # [Optional]
+ # Template for the commit message generated by Frogbot when creating pull requests with fixes
+ # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+ # commitMessageTemplate: "Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"
+
+ # [Optional]
+ # Template for the pull request title generated by Frogbot when creating pull requests with fixes.
+ # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+ # pullRequestTitleTemplate: "[🐸 Frogbot] Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"
+
+ # [Optional, Default: false]
+ # If true, Frogbot creates a single pull request with all the fixes.
+ # If false, Frogbot creates a separate pull request for each fix.
+ # aggregateFixes: false
+
+ # [Optional, Default: eco-system+frogbot@jfrog.com]
+ # Set the email of the commit author
+ # emailAuthor: ""
+
+ # Frogbot scanning parameters
+ scan:
+ # [Default: false]
+ # Frogbot displays all existing vulnerabilities, including the ones that were not added by the pull request
+ includeAllVulnerabilities: true
+
+ # [Default: false]
+ # When adding new comments on pull requests, keep old comments that were added by previous scans.
+ # avoidPreviousPrCommentsDeletion: true
+
+ # [Default: true]
+ # Frogbot does not fail the task if security issues are found and this parameter is set to false
+ # failOnSecurityIssues: false
+
+ # [Default: false]
+ # Handle vulnerabilities with fix versions only
+ # fixableOnly: true
+
+ # [Optional]
+ # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
+ # The following values are accepted: Low, Medium, High or Critical
+ # minSeverity: ""
+
+ # [Optional]
+ # List of email addresses to receive emails about secrets that has been detected in a pull request scan.
+ # Applies only to servers that are entitled to JFrog Advanced Security.
+ # emailReceivers:
+ # - user@company.com
+
+ # List of subprojects / project dirs inside the Git repository
+ projects:
+ # [Mandatory if the two conditions below are met]
+ # 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies
+ # 2. The `installCommand` variable isn't set in your frogbot-config.yml file.
+ #
+ # The command that installs the project dependencies (e.g "nuget restore")
+ # - installCommand: ""
+
+ # [Default: root directory]
+ # List of relative path's to the projects directories in the git repository. If left empty (without providing "." yourself as the root directory's path), a recursive scan is triggered from the root directory of the project.
+ # workingDirs:
+ # - "."
+
+ # [Default: ["*.git*", "*node_modules*", "*target*", "*venv*", "*test*"]]
+ # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+ # pathExclusions:
+ # - "*node_modules*"
+ # - "*target*"
+ # - "*venv*"
+ # - "*test*"
+
+ # [Mandatory for pip only if using requirements file, Default: pip install .]
+ # The requirements file name that is used to install dependencies in case of pip package manager
+ # pipRequirementsFile: ""
+
+ # [Default: true]
+ # Use Gradle Wrapper (gradlew/gradlew.bat) to run Gradle
+ # useWrapper: true
+
+ # [Optional]
+ # Name of a Virtual Repository in Artifactory to resolve (download) the project dependencies from
+ # repository: ""
+
+ # JFrog Platform parameters
+ jfrogPlatform:
+ # [Optional]
+ # JFrog project key. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Projects)
+ # jfrogProjectKey: ""
+
+ # [Optional]
+ # Xray Watches. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches)
+ # watches:
+ # - ""
From cff1d8b1a06a5ebbc9ea28ae3c991daf649a3a47 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Fri, 2 Feb 2024 13:57:54 +0530
Subject: [PATCH 19/20] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index f7c01f632..aea62a4f0 100644
--- a/README.md
+++ b/README.md
@@ -10,5 +10,5 @@
docker tag java-app demo-app:java-1.0
-
+Test comment
[](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)
From 2d82a796f3f355325af23f3ca842796b22270d89 Mon Sep 17 00:00:00 2001
From: Binal92 <binal.chathuranga@gmail.com>
Date: Sat, 3 Feb 2024 10:46:57 +0530
Subject: [PATCH 20/20] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index aea62a4f0..37ab9d8f5 100644
--- a/README.md
+++ b/README.md
@@ -10,5 +10,5 @@
docker tag java-app demo-app:java-1.0
-Test comment
+Test
[](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)