From c25bdb3c4d0104a9c93a4939274d8f9ec565a1f9 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 15 Jan 2024 10:28:40 +0200 Subject: [PATCH 1/2] update yml and README files about recursive scan in no working directories are provided --- .../frogbot/scan-repositories.md | 2 +- .../templates/.frogbot/frogbot-config.yml | 2 +- .../frogbot-scan-pull-request.yml | 2 +- .../frogbot-scan-repository.yml | 2 +- .../scan-your-source-code.md | 56 +++++++++---------- 5 files changed, 32 insertions(+), 32 deletions(-) diff --git a/jfrog-applications/frogbot/scan-repositories.md b/jfrog-applications/frogbot/scan-repositories.md index a2db32a..ed0c704 100644 --- a/jfrog-applications/frogbot/scan-repositories.md +++ b/jfrog-applications/frogbot/scan-repositories.md @@ -6,7 +6,7 @@ Frogbot scans your Git repositories periodically and automatically creates pull ![](../.gitbook/assets/fix-pr.png) -_**NOTE:**_: The pull request fix is presently unavailable for older NuGet projects that use the package.config file instead of the PackageReference syntax. +_**NOTE:**_ The pull request fix is presently unavailable for older NuGet projects that use the package.config file instead of the PackageReference syntax. #### Adding Security Alerts diff --git a/jfrog-applications/frogbot/templates/.frogbot/frogbot-config.yml b/jfrog-applications/frogbot/templates/.frogbot/frogbot-config.yml index 1b2922b..7dce420 100644 --- a/jfrog-applications/frogbot/templates/.frogbot/frogbot-config.yml +++ b/jfrog-applications/frogbot/templates/.frogbot/frogbot-config.yml @@ -77,7 +77,7 @@ # - installCommand: "" # [Default: root directory] - # List of relative path's to the projects directories in the git repository + # List of relative path's to the projects directories in the git repository. If not specified, a recursive scan is triggered from the root directory of the project. # workingDirs: # - "." diff --git a/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml b/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml index 05495eb..04a2278 100644 --- a/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml +++ b/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml @@ -80,7 +80,7 @@ jobs: # JF_INSTALL_DEPS_CMD: "" # [Optional, default: "."] - # Relative path to the root of the project in the Git repository + # Relative path to the root of the project in the Git repository. If not specified, a recursive scan is triggered from the root directory of the project. # JF_WORKING_DIR: path/to/project/dir # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"] diff --git a/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-repository.yml b/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-repository.yml index 4ff9f58..3d228c6 100644 --- a/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-repository.yml +++ b/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-repository.yml @@ -68,7 +68,7 @@ jobs: ########################################################################## # [Optional, default: "."] - # Relative path to the root of the project in the Git repository + # Relative path to the root of the project in the Git repository. If not specified, a recursive scan is triggered from the root directory of the project. # JF_WORKING_DIR: path/to/project/dir # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"] diff --git a/jfrog-applications/jfrog-cli/cli-for-jfrog-security/scan-your-source-code.md b/jfrog-applications/jfrog-cli/cli-for-jfrog-security/scan-your-source-code.md index 6a76f1a..9a62630 100644 --- a/jfrog-applications/jfrog-cli/cli-for-jfrog-security/scan-your-source-code.md +++ b/jfrog-applications/jfrog-cli/cli-for-jfrog-security/scan-your-source-code.md @@ -34,35 +34,35 @@ This command also supports the following Advanced Scans with the **Advanced Secu #### Commands Params -| | | -| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **Command name** | audit | -| **Abbreviation** | aud | -| **Command options** | | -| --server-id |

[Optional]

Server ID configured using the jf c add command. If not specified, the default configured server is used.

| -| --project |

[Optional]

JFrog project key, to enable Xray to determine security violations accordingly. The command accepts this option only if the --repo-path and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| +| | | +| --------------------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Command name** | audit | +| **Abbreviation** | aud | +| **Command options** | | +| --server-id |

[Optional]

Server ID configured using the jf c add command. If not specified, the default configured server is used.

| +| --project |

[Optional]

JFrog project key, to enable Xray to determine security violations accordingly. The command accepts this option only if the --repo-path and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| | --repo-path |

[Optional]

Artifactory repository path in the form of <repository>/<path in the repository>, to enable Xray to determine violations accordingly. The command accepts this option only if the --project and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| -| --watches |

[Optional]

A comma-separated list of Xray watches, to enable Xray to determine violations accordingly. The command accepts this option only if the --repo-path and --repo-path options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| -| --licenses |

[Default: false]

Set if you'd also like the list of licenses to be displayed.

| -| --format |

[Default: table]

Defines the output format of the command. Acceptable values are: table and json.

| -| --fail |

[Default: true]

Set to false if you do not wish the command to return exit code 3, even if the 'Fail Build' rule is matched by Xray.

| -| --use-wrapper |

[Default: false] [Gradle]

Set to true if you'd like to use the Gradle wrapper.

| -| --dep-type |

[Default: all] [npm]

Defines npm dependencies type. Possible values are: all, devOnly and prodOnly

| -| --exclude-test-deps |

[Default: false] [Gradle]

Set to true if you'd like to exclude Gradle test dependencies from Xray scanning.

| -| --requirements-file |

[Optional] [Pip]

Defines pip requirements file name. For example: 'requirements.txt'

| -| --working-dirs |

[Optional]

A comma-separated list of relative working directories, to determine the audit targets locations.

| -| --exclusions |

[Default: *.git*;*node_modules*;*target*;*venv*;*test*]

List of exclusions separated by semicolons, utilized to skip sub-projects from undergoing an audit. These exclusions may incorporate the * and ? wildcards.

| -| --fixable-only |

[Optional]

Set to true if you wish to display issues that have a fix version only.

| -| --min-severity |

[Optional]

Set the minimum severity of issues to display. The following values are accepted: Low, Medium, High or Critical

| -| --go |

[Default: false]

Set to true to request audit for a Go project.

| -| --gradle |

[Default: false]

Set to true to request audit for a Gradle project.

| -| --mvn |

[Default: false]

Set to true to request audit for a Maven project.

| -| --npm |

[Default: false]

Set to true to request audit for a npm project.

| -| --nuget |

[Default: false]

Set to true to request audit for a .Net project.

| -| --pip |

[Default: false]

Set to true to request audit for a Pip project.

| -| --pipenv |

[Default: false]

Set to true to request audit for a Pipenv project.

| -| --yarn |

[Default: false]

Set to true to request audit for a Yarn project.

| -| **Command arguments** | The command accepts no arguments | +| --watches |

[Optional]

A comma-separated list of Xray watches, to enable Xray to determine violations accordingly. The command accepts this option only if the --repo-path and --repo-path options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| +| --licenses |

[Default: false]

Set if you'd also like the list of licenses to be displayed.

| +| --format |

[Default: table]

Defines the output format of the command. Acceptable values are: table and json.

| +| --fail |

[Default: true]

Set to false if you do not wish the command to return exit code 3, even if the 'Fail Build' rule is matched by Xray.

| +| --use-wrapper |

[Default: false] [Gradle]

Set to true if you'd like to use the Gradle wrapper.

| +| --dep-type |

[Default: all] [npm]

Defines npm dependencies type. Possible values are: all, devOnly and prodOnly

| +| --exclude-test-deps |

[Default: false] [Gradle]

Set to true if you'd like to exclude Gradle test dependencies from Xray scanning.

| +| --requirements-file |

[Optional] [Pip]

Defines pip requirements file name. For example: 'requirements.txt'

| +| --working-dirs |

[Optional]

A comma-separated list of relative working directories, to determine the audit targets locations.

If not specified, a recursive scan is triggered from the root directory of the project. | +| --exclusions |

[Default: *.git*;*node_modules*;*target*;*venv*;*test*]

List of exclusions separated by semicolons, utilized to skip sub-projects from undergoing an audit. These exclusions may incorporate the * and ? wildcards.

| +| --fixable-only |

[Optional]

Set to true if you wish to display issues that have a fix version only.

| +| --min-severity |

[Optional]

Set the minimum severity of issues to display. The following values are accepted: Low, Medium, High or Critical

| +| --go |

[Default: false]

Set to true to request audit for a Go project.

| +| --gradle |

[Default: false]

Set to true to request audit for a Gradle project.

| +| --mvn |

[Default: false]

Set to true to request audit for a Maven project.

| +| --npm |

[Default: false]

Set to true to request audit for a npm project.

| +| --nuget |

[Default: false]

Set to true to request audit for a .Net project.

| +| --pip |

[Default: false]

Set to true to request audit for a Pip project.

| +| --pipenv |

[Default: false]

Set to true to request audit for a Pipenv project.

| +| --yarn |

[Default: false]

Set to true to request audit for a Yarn project.

| +| **Command arguments** | The command accepts no arguments | #### **Output Example** From a6e64659fb873761258203a82df6fb2af7df2197 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Tue, 16 Jan 2024 12:06:33 +0200 Subject: [PATCH 2/2] fixed pr issues --- .../templates/.frogbot/frogbot-config.yml | 2 +- .../frogbot-scan-pull-request.yml | 2 +- .../frogbot-scan-repository.yml | 2 +- .../scan-your-source-code.md | 56 +++++++++---------- 4 files changed, 31 insertions(+), 31 deletions(-) diff --git a/jfrog-applications/frogbot/templates/.frogbot/frogbot-config.yml b/jfrog-applications/frogbot/templates/.frogbot/frogbot-config.yml index 7dce420..c5c2739 100644 --- a/jfrog-applications/frogbot/templates/.frogbot/frogbot-config.yml +++ b/jfrog-applications/frogbot/templates/.frogbot/frogbot-config.yml @@ -77,7 +77,7 @@ # - installCommand: "" # [Default: root directory] - # List of relative path's to the projects directories in the git repository. If not specified, a recursive scan is triggered from the root directory of the project. + # List of relative path's to the projects directories in the git repository. If left empty (without providing "." yourself as the root directory's path), a recursive scan is triggered from the root directory of the project. # workingDirs: # - "." diff --git a/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml b/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml index 04a2278..eae619c 100644 --- a/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml +++ b/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml @@ -80,7 +80,7 @@ jobs: # JF_INSTALL_DEPS_CMD: "" # [Optional, default: "."] - # Relative path to the root of the project in the Git repository. If not specified, a recursive scan is triggered from the root directory of the project. + # Relative path to the root of the project in the Git repository. If left empty (without providing "." yourself as default), a recursive scan is triggered from the root directory of the project. # JF_WORKING_DIR: path/to/project/dir # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"] diff --git a/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-repository.yml b/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-repository.yml index 3d228c6..7d89f4a 100644 --- a/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-repository.yml +++ b/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-repository.yml @@ -68,7 +68,7 @@ jobs: ########################################################################## # [Optional, default: "."] - # Relative path to the root of the project in the Git repository. If not specified, a recursive scan is triggered from the root directory of the project. + # Relative path to the root of the project in the Git repository. If left empty (without providing "." yourself as default), a recursive scan is triggered from the root directory of the project. # JF_WORKING_DIR: path/to/project/dir # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"] diff --git a/jfrog-applications/jfrog-cli/cli-for-jfrog-security/scan-your-source-code.md b/jfrog-applications/jfrog-cli/cli-for-jfrog-security/scan-your-source-code.md index 9a62630..c5837d4 100644 --- a/jfrog-applications/jfrog-cli/cli-for-jfrog-security/scan-your-source-code.md +++ b/jfrog-applications/jfrog-cli/cli-for-jfrog-security/scan-your-source-code.md @@ -34,35 +34,35 @@ This command also supports the following Advanced Scans with the **Advanced Secu #### Commands Params -| | | -| --------------------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Command name** | audit | -| **Abbreviation** | aud | -| **Command options** | | -| --server-id |

[Optional]

Server ID configured using the jf c add command. If not specified, the default configured server is used.

| -| --project |

[Optional]

JFrog project key, to enable Xray to determine security violations accordingly. The command accepts this option only if the --repo-path and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| +| | | +| --------------------- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Command name** | audit | +| **Abbreviation** | aud | +| **Command options** | | +| --server-id |

[Optional]

Server ID configured using the jf c add command. If not specified, the default configured server is used.

| +| --project |

[Optional]

JFrog project key, to enable Xray to determine security violations accordingly. The command accepts this option only if the --repo-path and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| | --repo-path |

[Optional]

Artifactory repository path in the form of <repository>/<path in the repository>, to enable Xray to determine violations accordingly. The command accepts this option only if the --project and --watches options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| -| --watches |

[Optional]

A comma-separated list of Xray watches, to enable Xray to determine violations accordingly. The command accepts this option only if the --repo-path and --repo-path options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| -| --licenses |

[Default: false]

Set if you'd also like the list of licenses to be displayed.

| -| --format |

[Default: table]

Defines the output format of the command. Acceptable values are: table and json.

| -| --fail |

[Default: true]

Set to false if you do not wish the command to return exit code 3, even if the 'Fail Build' rule is matched by Xray.

| -| --use-wrapper |

[Default: false] [Gradle]

Set to true if you'd like to use the Gradle wrapper.

| -| --dep-type |

[Default: all] [npm]

Defines npm dependencies type. Possible values are: all, devOnly and prodOnly

| -| --exclude-test-deps |

[Default: false] [Gradle]

Set to true if you'd like to exclude Gradle test dependencies from Xray scanning.

| -| --requirements-file |

[Optional] [Pip]

Defines pip requirements file name. For example: 'requirements.txt'

| -| --working-dirs |

[Optional]

A comma-separated list of relative working directories, to determine the audit targets locations.

If not specified, a recursive scan is triggered from the root directory of the project. | -| --exclusions |

[Default: *.git*;*node_modules*;*target*;*venv*;*test*]

List of exclusions separated by semicolons, utilized to skip sub-projects from undergoing an audit. These exclusions may incorporate the * and ? wildcards.

| -| --fixable-only |

[Optional]

Set to true if you wish to display issues that have a fix version only.

| -| --min-severity |

[Optional]

Set the minimum severity of issues to display. The following values are accepted: Low, Medium, High or Critical

| -| --go |

[Default: false]

Set to true to request audit for a Go project.

| -| --gradle |

[Default: false]

Set to true to request audit for a Gradle project.

| -| --mvn |

[Default: false]

Set to true to request audit for a Maven project.

| -| --npm |

[Default: false]

Set to true to request audit for a npm project.

| -| --nuget |

[Default: false]

Set to true to request audit for a .Net project.

| -| --pip |

[Default: false]

Set to true to request audit for a Pip project.

| -| --pipenv |

[Default: false]

Set to true to request audit for a Pipenv project.

| -| --yarn |

[Default: false]

Set to true to request audit for a Yarn project.

| -| **Command arguments** | The command accepts no arguments | +| --watches |

[Optional]

A comma-separated list of Xray watches, to enable Xray to determine violations accordingly. The command accepts this option only if the --repo-path and --repo-path options are not provided. If none of the three options are provided, the command will show all known vulnerabilities

| +| --licenses |

[Default: false]

Set if you'd also like the list of licenses to be displayed.

| +| --format |

[Default: table]

Defines the output format of the command. Acceptable values are: table and json.

| +| --fail |

[Default: true]

Set to false if you do not wish the command to return exit code 3, even if the 'Fail Build' rule is matched by Xray.

| +| --use-wrapper |

[Default: false] [Gradle]

Set to true if you'd like to use the Gradle wrapper.

| +| --dep-type |

[Default: all] [npm]

Defines npm dependencies type. Possible values are: all, devOnly and prodOnly

| +| --exclude-test-deps |

[Default: false] [Gradle]

Set to true if you'd like to exclude Gradle test dependencies from Xray scanning.

| +| --requirements-file |

[Optional] [Pip]

Defines pip requirements file name. For example: 'requirements.txt'

| +| --working-dirs |

[Optional]

A comma-separated list of relative working directories, to determine the audit targets locations.

If flag isn't provided, a recursive scan is triggered from the root directory of the project. | +| --exclusions |

[Default: *.git*;*node_modules*;*target*;*venv*;*test*]

List of exclusions separated by semicolons, utilized to skip sub-projects from undergoing an audit. These exclusions may incorporate the * and ? wildcards.

| +| --fixable-only |

[Optional]

Set to true if you wish to display issues that have a fix version only.

| +| --min-severity |

[Optional]

Set the minimum severity of issues to display. The following values are accepted: Low, Medium, High or Critical

| +| --go |

[Default: false]

Set to true to request audit for a Go project.

| +| --gradle |

[Default: false]

Set to true to request audit for a Gradle project.

| +| --mvn |

[Default: false]

Set to true to request audit for a Maven project.

| +| --npm |

[Default: false]

Set to true to request audit for a npm project.

| +| --nuget |

[Default: false]

Set to true to request audit for a .Net project.

| +| --pip |

[Default: false]

Set to true to request audit for a Pip project.

| +| --pipenv |

[Default: false]

Set to true to request audit for a Pipenv project.

| +| --yarn |

[Default: false]

Set to true to request audit for a Yarn project.

| +| **Command arguments** | The command accepts no arguments | #### **Output Example**