From 24d903dcfa2e5d608284182fcf1316f918728398 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni Date: Wed, 12 Jul 2023 14:43:23 +0300 Subject: [PATCH 1/2] Promoted version to 2.43.0 --- build/npm/v2-jf/package-lock.json | 2 +- build/npm/v2-jf/package.json | 2 +- build/npm/v2/package-lock.json | 2 +- build/npm/v2/package.json | 2 +- go.mod | 8 ++++---- go.sum | 13 ++++--------- utils/cliutils/cli_consts.go | 2 +- 7 files changed, 13 insertions(+), 18 deletions(-) diff --git a/build/npm/v2-jf/package-lock.json b/build/npm/v2-jf/package-lock.json index 6a02eeb2a..416e139e4 100644 --- a/build/npm/v2-jf/package-lock.json +++ b/build/npm/v2-jf/package-lock.json @@ -1,5 +1,5 @@ { "name": "jfrog-cli-v2-jf", - "version": "2.42.1", + "version": "2.43.0", "lockfileVersion": 1 } diff --git a/build/npm/v2-jf/package.json b/build/npm/v2-jf/package.json index eaef6b839..c669ef233 100644 --- a/build/npm/v2-jf/package.json +++ b/build/npm/v2-jf/package.json @@ -1,6 +1,6 @@ { "name": "jfrog-cli-v2-jf", - "version": "2.42.1", + "version": "2.43.0", "description": "🐸 Command-line interface for JFrog Artifactory, Xray, Distribution, Pipelines and Mission Control 🐸", "homepage": "https://github.com/jfrog/jfrog-cli", "preferGlobal": true, diff --git a/build/npm/v2/package-lock.json b/build/npm/v2/package-lock.json index 47f24e3de..1520f7b1a 100644 --- a/build/npm/v2/package-lock.json +++ b/build/npm/v2/package-lock.json @@ -1,5 +1,5 @@ { "name": "jfrog-cli-v2", - "version": "2.42.1", + "version": "2.43.0", "lockfileVersion": 1 } diff --git a/build/npm/v2/package.json b/build/npm/v2/package.json index 0c66a040e..2225f9679 100644 --- a/build/npm/v2/package.json +++ b/build/npm/v2/package.json @@ -1,6 +1,6 @@ { "name": "jfrog-cli-v2", - "version": "2.42.1", + "version": "2.43.0", "description": "🐸 Command-line interface for JFrog Artifactory, Xray, Distribution, Pipelines and Mission Control 🐸", "homepage": "https://github.com/jfrog/jfrog-cli", "preferGlobal": true, diff --git a/go.mod b/go.mod index 54ef69c82..36f39aade 100644 --- a/go.mod +++ b/go.mod @@ -9,8 +9,8 @@ require ( github.com/gocarina/gocsv v0.0.0-20230616125104-99d496ca653d github.com/jfrog/build-info-go v1.9.6 github.com/jfrog/gofrog v1.3.0 - github.com/jfrog/jfrog-cli-core/v2 v2.37.1 - github.com/jfrog/jfrog-client-go v1.31.0 + github.com/jfrog/jfrog-cli-core/v2 v2.38.0 + github.com/jfrog/jfrog-client-go v1.31.1 github.com/jszwec/csvutil v1.8.0 github.com/mholt/archiver/v3 v3.5.1 github.com/pkg/errors v0.9.1 @@ -123,8 +123,8 @@ require ( // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230705084348-c7d33487e393 +// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230705084348-c7d33487e393 // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27 -replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230705083849-6fd087a5e228 +// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230705083849-6fd087a5e228 diff --git a/go.sum b/go.sum index 4f993c508..e6f01b8bd 100644 --- a/go.sum +++ b/go.sum @@ -222,7 +222,6 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gookit/color v1.5.3 h1:twfIhZs4QLCtimkP7MOxlF3A0U/5cDPseRT9M/+2SCE= github.com/gookit/color v1.5.3/go.mod h1:NUzwzeehUfl7GIb36pqId+UGmRfQcU/WiiyTTeNjHtE= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= @@ -239,10 +238,10 @@ github.com/jfrog/build-info-go v1.9.6 h1:lCJ2j5uXAlJsSwDe5J8WD7Co1f/hUlZvMfwfb5A github.com/jfrog/build-info-go v1.9.6/go.mod h1:GbuFS+viHCKZYx9nWHYu7ab1DgQkFdtVN3BJPUNb2D4= github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk= github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230705084348-c7d33487e393 h1:zIaBtAjalQ7HLwiYcR3OSU9Jglpmhtw8rg6piYervNU= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230705084348-c7d33487e393/go.mod h1:DnamqHWhKmrmWlCRG3i3z8Wn0JRtNFMC+Bu8TCFzSPY= -github.com/jfrog/jfrog-client-go v1.28.1-0.20230705083849-6fd087a5e228 h1:bkOkjb6sVqo6Jgw9eYSH58jIFPOJvFvwt+jIXvef7QM= -github.com/jfrog/jfrog-client-go v1.28.1-0.20230705083849-6fd087a5e228/go.mod h1:qEJxoe68sUtqHJ1YhXv/7pKYP/9p1D5tJrruzJKYeoI= +github.com/jfrog/jfrog-cli-core/v2 v2.38.0 h1:lHylMjp0+IbZAUKVWi++keVktpyvI/0UwewIdbCoI/A= +github.com/jfrog/jfrog-cli-core/v2 v2.38.0/go.mod h1:Ws5UvSUITSZGuVVNNb/lDFPG0UAyiwpKv5o86M8By9I= +github.com/jfrog/jfrog-client-go v1.31.1 h1:lmunA5ZpRsrWTXgEGvnvVPIfwEqB3gn6+eVNpV2VBzU= +github.com/jfrog/jfrog-client-go v1.31.1/go.mod h1:qEJxoe68sUtqHJ1YhXv/7pKYP/9p1D5tJrruzJKYeoI= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jszwec/csvutil v1.8.0 h1:G7vS2LGdpZZDH1HmHeNbxOaJ/ZnJlpwGFvOkTkJzzNk= @@ -742,8 +741,6 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef h1:uQ2vjV/sHTsWSqdKeLqmwitzgvjMl7o4IdtHwUDXSJY= -google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w= google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -762,8 +759,6 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= -google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= diff --git a/utils/cliutils/cli_consts.go b/utils/cliutils/cli_consts.go index 9ce4b4c2c..79b624260 100644 --- a/utils/cliutils/cli_consts.go +++ b/utils/cliutils/cli_consts.go @@ -4,7 +4,7 @@ import "time" const ( // General CLI constants - CliVersion = "2.42.1" + CliVersion = "2.43.0" ClientAgent = "jfrog-cli-go" // CLI base commands constants: From 3016abb9f601d837f6e6cea5d8269e04bbd049f7 Mon Sep 17 00:00:00 2001 From: Michael Sverdlov Date: Thu, 24 Aug 2023 20:40:03 +0300 Subject: [PATCH 2/2] Add test to validate jas scanner inside paths that contain 'test' (#2160) --- .github/workflows/frogbot-scan-and-fix.yml | 42 ------ .github/workflows/frogbot-scan-pr.yml | 38 ------ .../workflows/frogbot-scan-pull-request.yml | 126 ++++++++++++++++++ .github/workflows/frogbot-scan-repository.yml | 124 +++++++++++++++++ .../{jas => jas-test}/iac/azure/vpc/module.tf | 0 .../iac/azure/vpc/outputs.tf | 0 .../iac/azure/vpc/variables.tf | 0 .../iac/azure/vpc/versions.tf | 0 .../iac/azure/vpc_pp/module.tf | 0 .../iac/azure/vpc_pp/outputs.tf | 0 .../iac/azure/vpc_pp/variables.tf | 0 .../iac/azure/vpc_pp/versions.tf | 0 .../iac/gcp/k8s-oss/files/chk_k8s_nat | 0 .../iac/gcp/k8s-oss/module.tf | 0 .../iac/gcp/k8s-oss/outputs.tf | 0 .../iac/gcp/k8s-oss/variables.tf | 0 .../iac/gcp/k8s-oss/versions.tf | 0 .../gcp/k8s-pipelines-bp/files/chk_k8s_nat | 0 .../iac/gcp/k8s-pipelines-bp/module.tf | 0 .../iac/gcp/k8s-pipelines-bp/outputs.tf | 0 .../iac/gcp/k8s-pipelines-bp/rbac.tf | 0 .../iac/gcp/k8s-pipelines-bp/variables.tf | 0 .../iac/gcp/k8s-pipelines-bp/versions.tf | 0 testdata/xray/{jas => jas-test}/main.py | 0 .../xray/{jas => jas-test}/requirements.txt | 0 .../secrets/more_secrets/key | 0 .../secrets/more_secrets/sequence | 0 .../secrets/secret_generic/blacklist | 0 .../secrets/secret_generic/gibberish | 0 xray_test.go | 4 +- 30 files changed, 252 insertions(+), 82 deletions(-) delete mode 100644 .github/workflows/frogbot-scan-and-fix.yml delete mode 100644 .github/workflows/frogbot-scan-pr.yml create mode 100644 .github/workflows/frogbot-scan-pull-request.yml create mode 100644 .github/workflows/frogbot-scan-repository.yml rename testdata/xray/{jas => jas-test}/iac/azure/vpc/module.tf (100%) rename testdata/xray/{jas => jas-test}/iac/azure/vpc/outputs.tf (100%) rename testdata/xray/{jas => jas-test}/iac/azure/vpc/variables.tf (100%) rename testdata/xray/{jas => jas-test}/iac/azure/vpc/versions.tf (100%) rename testdata/xray/{jas => jas-test}/iac/azure/vpc_pp/module.tf (100%) rename testdata/xray/{jas => jas-test}/iac/azure/vpc_pp/outputs.tf (100%) rename testdata/xray/{jas => jas-test}/iac/azure/vpc_pp/variables.tf (100%) rename testdata/xray/{jas => jas-test}/iac/azure/vpc_pp/versions.tf (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-oss/files/chk_k8s_nat (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-oss/module.tf (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-oss/outputs.tf (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-oss/variables.tf (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-oss/versions.tf (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-pipelines-bp/files/chk_k8s_nat (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-pipelines-bp/module.tf (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-pipelines-bp/outputs.tf (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-pipelines-bp/rbac.tf (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-pipelines-bp/variables.tf (100%) rename testdata/xray/{jas => jas-test}/iac/gcp/k8s-pipelines-bp/versions.tf (100%) rename testdata/xray/{jas => jas-test}/main.py (100%) rename testdata/xray/{jas => jas-test}/requirements.txt (100%) rename testdata/xray/{jas => jas-test}/secrets/more_secrets/key (100%) rename testdata/xray/{jas => jas-test}/secrets/more_secrets/sequence (100%) rename testdata/xray/{jas => jas-test}/secrets/secret_generic/blacklist (100%) rename testdata/xray/{jas => jas-test}/secrets/secret_generic/gibberish (100%) diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml deleted file mode 100644 index 5de072c16..000000000 --- a/.github/workflows/frogbot-scan-and-fix.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: "Frogbot Scan and Fix" -on: - schedule: - # The repository will be scanned once a day at 00:00 GMT. - - cron: "0 0 * * *" -permissions: - contents: write - pull-requests: write - security-events: write -jobs: - create-fix-pull-requests: - runs-on: ubuntu-latest - strategy: - matrix: - # The repository scanning will be triggered periodically on the following branches. - branch: [ "dev" ] - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ matrix.branch }} - - # Install prerequisites - - name: Setup Go - uses: actions/setup-go@v3 - with: - go-version: 1.20.x - - - uses: jfrog/frogbot@v2 - env: - # [Mandatory] - # JFrog platform URL - JF_URL: ${{ secrets.FROGBOT_URL }} - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} - - # [Mandatory] - # The GitHub token automatically generated for the job - JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - JFROG_CLI_LOG_LEVEL: "DEBUG" - diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml deleted file mode 100644 index 575d843e6..000000000 --- a/.github/workflows/frogbot-scan-pr.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: "Frogbot Scan Pull Request" -on: - pull_request_target: - types: [opened, synchronize] -permissions: - pull-requests: write - contents: read -jobs: - scan-pull-request: - runs-on: ubuntu-latest - # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the - # "frogbot" GitHub environment can approve the pull request to be scanned. - environment: frogbot - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} - - # Install prerequisites - - name: Setup Go - uses: actions/setup-go@v3 - with: - go-version: 1.20.x - - - uses: jfrog/frogbot@v2 - env: - # [Mandatory] - # JFrog platform URL - JF_URL: ${{ secrets.FROGBOT_URL }} - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} - - # [Mandatory] - # The GitHub token automatically generated for the job - JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - JFROG_CLI_LOG_LEVEL: "DEBUG" diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml new file mode 100644 index 000000000..2bf08dbb9 --- /dev/null +++ b/.github/workflows/frogbot-scan-pull-request.yml @@ -0,0 +1,126 @@ +name: "Frogbot Scan Pull Request" +on: + pull_request_target: + types: [ opened, synchronize ] +permissions: + pull-requests: write + contents: read +jobs: + scan-pull-request: + runs-on: ubuntu-latest + # A pull request needs to be approved before Frogbot scans it. Any GitHub user who is associated with the + # "frogbot" GitHub environment can approve the pull request to be scanned. + environment: frogbot + steps: + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + JF_URL: ${{ secrets.FROGBOT_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + # JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token is automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Optional, default: https://api.github.com] + # API endpoint to GitHub + # JF_GIT_API_ENDPOINT: https://github.example.com + + # [Optional] + # By default, the Frogbot workflows download the Frogbot executable as well as other tools + # needed from https://releases.jfrog.io + # If the machine that runs Frogbot has no access to the internet, follow these steps to allow the + # executable to be downloaded from an Artifactory instance, which the machine has access to: + # + # 1. Login to the Artifactory UI, with a user who has admin credentials. + # 2. Create a Remote Repository with the following properties set. + # Under the 'Basic' tab: + # Package Type: Generic + # URL: https://releases.jfrog.io + # Under the 'Advanced' tab: + # Uncheck the 'Store Artifacts Locally' option + # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created. + # JF_RELEASES_REPO: "" + + # [Optional] + # Configure the SMTP server to enable Frogbot to send emails with detected secrets in pull request scans. + # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080) + # JF_SMTP_SERVER: "" + + # [Mandatory if JF_SMTP_SERVER is set] + # The username required for authenticating with the SMTP server. + # JF_SMTP_USER: "" + + # [Mandatory if JF_SMTP_SERVER is set] + # The password associated with the username required for authentication with the SMTP server. + # JF_SMTP_PASSWORD: "" + + ########################################################################## + ## If your project uses a 'frogbot-config.yml' file, you can define ## + ## the following variables inside the file, instead of here. ## + ########################################################################## + + # [Mandatory if the two conditions below are met] + # 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies + # 2. The `installCommand` variable isn't set in your frogbot-config.yml file. + # + # The command that installs the project dependencies (e.g "nuget restore") + # JF_INSTALL_DEPS_CMD: "" + + # [Optional, default: "."] + # Relative path to the root of the project in the Git repository + # JF_WORKING_DIR: path/to/project/dir + + # [Optional] + # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches + # JF_WATCHES: ,... + + # [Optional] + # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects + # JF_PROJECT: + + # [Optional, default: "FALSE"] + # Displays all existing vulnerabilities, including the ones that were added by the pull request. + # JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" + + # [Optional, default: "TRUE"] + # Fails the Frogbot task if any security issue is found. + # JF_FAIL: "FALSE" + + # [Optional] + # Frogbot will download the project dependencies if they're not cached locally. To download the + # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no + # need to set this value, if it is set in the frogbot-config.yml file. + # JF_DEPS_REPO: "" + + # [Optional, Default: "FALSE"] + # If TRUE, Frogbot creates a single pull request with all the fixes. + # If false, Frogbot creates a separate pull request for each fix. + # JF_GIT_AGGREGATE_FIXES: "FALSE" + + # [Optional, Default: "FALSE"] + # Handle vulnerabilities with fix versions only + # JF_FIXABLE_ONLY: "TRUE" + + # [Optional] + # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests + # The following values are accepted: Low, Medium, High or Critical + # JF_MIN_SEVERITY: "" + + # [Optional] + # List of comma separated email addresses to receive email notifications about secrets + # detected during pull request scanning. The notification is also sent to the email set + # in the committer git profile regardless of whether this variable is set or not. + # JF_EMAIL_RECEIVERS: "" \ No newline at end of file diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml new file mode 100644 index 000000000..c75a19114 --- /dev/null +++ b/.github/workflows/frogbot-scan-repository.yml @@ -0,0 +1,124 @@ +name: "Frogbot Scan Repository" +on: + workflow_dispatch: + schedule: + # The repository will be scanned once a day at 00:00 GMT. + - cron: "0 0 * * *" +permissions: + contents: write + pull-requests: write + security-events: write +jobs: + scan-repository: + runs-on: ubuntu-latest + strategy: + matrix: + # The repository scanning will be triggered periodically on the following branches. + branch: [ "dev" ] + steps: + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + JF_URL: ${{ secrets.FROGBOT_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + # JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token is automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory] + # The name of the branch on which Frogbot will perform the scan + JF_GIT_BASE_BRANCH: ${{ matrix.branch }} + + # [Optional, default: https://api.github.com] + # API endpoint to GitHub + # JF_GIT_API_ENDPOINT: https://github.example.com + + # [Optional] + # By default, the Frogbot workflows download the Frogbot executable as well as other tools + # needed from https://releases.jfrog.io + # If the machine that runs Frogbot has no access to the internet, follow these steps to allow the + # executable to be downloaded from an Artifactory instance, which the machine has access to: + # + # 1. Login to the Artifactory UI, with a user who has admin credentials. + # 2. Create a Remote Repository with the following properties set. + # Under the 'Basic' tab: + # Package Type: Generic + # URL: https://releases.jfrog.io + # Under the 'Advanced' tab: + # Uncheck the 'Store Artifacts Locally' option + # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created. + # JF_RELEASES_REPO: "" + + ########################################################################## + ## If your project uses a 'frogbot-config.yml' file, you can define ## + ## the following variables inside the file, instead of here. ## + ########################################################################## + + # [Optional, default: "."] + # Relative path to the root of the project in the Git repository + # JF_WORKING_DIR: path/to/project/dir + + # [Optional] + # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches + # JF_WATCHES: ,... + + # [Optional] + # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects + # JF_PROJECT: + + # [Optional, default: "TRUE"] + # Fails the Frogbot task if any security issue is found. + # JF_FAIL: "FALSE" + + # [Optional] + # Frogbot will download the project dependencies, if they're not cached locally. To download the + # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no + # need to set this value, if it is set in the frogbot-config.yml file. + # JF_DEPS_REPO: "" + + # [Optional] + # Template for the branch name generated by Frogbot when creating pull requests with fixes. + # The template must include ${BRANCH_NAME_HASH}, to ensure that the generated branch name is unique. + # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables. + # JF_BRANCH_NAME_TEMPLATE: "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}" + + # [Optional] + # Template for the commit message generated by Frogbot when creating pull requests with fixes + # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables. + # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}" + + # [Optional] + # Template for the pull request title generated by Frogbot when creating pull requests with fixes. + # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables. + # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}" + + # [Optional, Default: "FALSE"] + # If TRUE, Frogbot creates a single pull request with all the fixes. + # If FALSE, Frogbot creates a separate pull request for each fix. + # JF_GIT_AGGREGATE_FIXES: "FALSE" + + # [Optional, Default: "FALSE"] + # Handle vulnerabilities with fix versions only + # JF_FIXABLE_ONLY: "TRUE" + + # [Optional] + # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests + # The following values are accepted: Low, Medium, High or Critical + # JF_MIN_SEVERITY: "" + + # [Optional, Default: eco-system+frogbot@jfrog.com] + # Set the email of the commit author + # JF_GIT_EMAIL_AUTHOR: "" \ No newline at end of file diff --git a/testdata/xray/jas/iac/azure/vpc/module.tf b/testdata/xray/jas-test/iac/azure/vpc/module.tf similarity index 100% rename from testdata/xray/jas/iac/azure/vpc/module.tf rename to testdata/xray/jas-test/iac/azure/vpc/module.tf diff --git a/testdata/xray/jas/iac/azure/vpc/outputs.tf b/testdata/xray/jas-test/iac/azure/vpc/outputs.tf similarity index 100% rename from testdata/xray/jas/iac/azure/vpc/outputs.tf rename to testdata/xray/jas-test/iac/azure/vpc/outputs.tf diff --git a/testdata/xray/jas/iac/azure/vpc/variables.tf b/testdata/xray/jas-test/iac/azure/vpc/variables.tf similarity index 100% rename from testdata/xray/jas/iac/azure/vpc/variables.tf rename to testdata/xray/jas-test/iac/azure/vpc/variables.tf diff --git a/testdata/xray/jas/iac/azure/vpc/versions.tf b/testdata/xray/jas-test/iac/azure/vpc/versions.tf similarity index 100% rename from testdata/xray/jas/iac/azure/vpc/versions.tf rename to testdata/xray/jas-test/iac/azure/vpc/versions.tf diff --git a/testdata/xray/jas/iac/azure/vpc_pp/module.tf b/testdata/xray/jas-test/iac/azure/vpc_pp/module.tf similarity index 100% rename from testdata/xray/jas/iac/azure/vpc_pp/module.tf rename to testdata/xray/jas-test/iac/azure/vpc_pp/module.tf diff --git a/testdata/xray/jas/iac/azure/vpc_pp/outputs.tf b/testdata/xray/jas-test/iac/azure/vpc_pp/outputs.tf similarity index 100% rename from testdata/xray/jas/iac/azure/vpc_pp/outputs.tf rename to testdata/xray/jas-test/iac/azure/vpc_pp/outputs.tf diff --git a/testdata/xray/jas/iac/azure/vpc_pp/variables.tf b/testdata/xray/jas-test/iac/azure/vpc_pp/variables.tf similarity index 100% rename from testdata/xray/jas/iac/azure/vpc_pp/variables.tf rename to testdata/xray/jas-test/iac/azure/vpc_pp/variables.tf diff --git a/testdata/xray/jas/iac/azure/vpc_pp/versions.tf b/testdata/xray/jas-test/iac/azure/vpc_pp/versions.tf similarity index 100% rename from testdata/xray/jas/iac/azure/vpc_pp/versions.tf rename to testdata/xray/jas-test/iac/azure/vpc_pp/versions.tf diff --git a/testdata/xray/jas/iac/gcp/k8s-oss/files/chk_k8s_nat b/testdata/xray/jas-test/iac/gcp/k8s-oss/files/chk_k8s_nat similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-oss/files/chk_k8s_nat rename to testdata/xray/jas-test/iac/gcp/k8s-oss/files/chk_k8s_nat diff --git a/testdata/xray/jas/iac/gcp/k8s-oss/module.tf b/testdata/xray/jas-test/iac/gcp/k8s-oss/module.tf similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-oss/module.tf rename to testdata/xray/jas-test/iac/gcp/k8s-oss/module.tf diff --git a/testdata/xray/jas/iac/gcp/k8s-oss/outputs.tf b/testdata/xray/jas-test/iac/gcp/k8s-oss/outputs.tf similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-oss/outputs.tf rename to testdata/xray/jas-test/iac/gcp/k8s-oss/outputs.tf diff --git a/testdata/xray/jas/iac/gcp/k8s-oss/variables.tf b/testdata/xray/jas-test/iac/gcp/k8s-oss/variables.tf similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-oss/variables.tf rename to testdata/xray/jas-test/iac/gcp/k8s-oss/variables.tf diff --git a/testdata/xray/jas/iac/gcp/k8s-oss/versions.tf b/testdata/xray/jas-test/iac/gcp/k8s-oss/versions.tf similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-oss/versions.tf rename to testdata/xray/jas-test/iac/gcp/k8s-oss/versions.tf diff --git a/testdata/xray/jas/iac/gcp/k8s-pipelines-bp/files/chk_k8s_nat b/testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/files/chk_k8s_nat similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-pipelines-bp/files/chk_k8s_nat rename to testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/files/chk_k8s_nat diff --git a/testdata/xray/jas/iac/gcp/k8s-pipelines-bp/module.tf b/testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/module.tf similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-pipelines-bp/module.tf rename to testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/module.tf diff --git a/testdata/xray/jas/iac/gcp/k8s-pipelines-bp/outputs.tf b/testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/outputs.tf similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-pipelines-bp/outputs.tf rename to testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/outputs.tf diff --git a/testdata/xray/jas/iac/gcp/k8s-pipelines-bp/rbac.tf b/testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/rbac.tf similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-pipelines-bp/rbac.tf rename to testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/rbac.tf diff --git a/testdata/xray/jas/iac/gcp/k8s-pipelines-bp/variables.tf b/testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/variables.tf similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-pipelines-bp/variables.tf rename to testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/variables.tf diff --git a/testdata/xray/jas/iac/gcp/k8s-pipelines-bp/versions.tf b/testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/versions.tf similarity index 100% rename from testdata/xray/jas/iac/gcp/k8s-pipelines-bp/versions.tf rename to testdata/xray/jas-test/iac/gcp/k8s-pipelines-bp/versions.tf diff --git a/testdata/xray/jas/main.py b/testdata/xray/jas-test/main.py similarity index 100% rename from testdata/xray/jas/main.py rename to testdata/xray/jas-test/main.py diff --git a/testdata/xray/jas/requirements.txt b/testdata/xray/jas-test/requirements.txt similarity index 100% rename from testdata/xray/jas/requirements.txt rename to testdata/xray/jas-test/requirements.txt diff --git a/testdata/xray/jas/secrets/more_secrets/key b/testdata/xray/jas-test/secrets/more_secrets/key similarity index 100% rename from testdata/xray/jas/secrets/more_secrets/key rename to testdata/xray/jas-test/secrets/more_secrets/key diff --git a/testdata/xray/jas/secrets/more_secrets/sequence b/testdata/xray/jas-test/secrets/more_secrets/sequence similarity index 100% rename from testdata/xray/jas/secrets/more_secrets/sequence rename to testdata/xray/jas-test/secrets/more_secrets/sequence diff --git a/testdata/xray/jas/secrets/secret_generic/blacklist b/testdata/xray/jas-test/secrets/secret_generic/blacklist similarity index 100% rename from testdata/xray/jas/secrets/secret_generic/blacklist rename to testdata/xray/jas-test/secrets/secret_generic/blacklist diff --git a/testdata/xray/jas/secrets/secret_generic/gibberish b/testdata/xray/jas-test/secrets/secret_generic/gibberish similarity index 100% rename from testdata/xray/jas/secrets/secret_generic/gibberish rename to testdata/xray/jas-test/secrets/secret_generic/gibberish diff --git a/xray_test.go b/xray_test.go index 857c8da1f..a59e356b0 100644 --- a/xray_test.go +++ b/xray_test.go @@ -328,7 +328,7 @@ func TestXrayAuditMultiProjects(t *testing.T) { assert.NoError(t, fileutils.CopyDir(multiProject, tempDirPath, true, nil)) workingDirsFlag := fmt.Sprintf("--working-dirs=%s, %s ,%s, %s", filepath.Join(tempDirPath, "maven"), filepath.Join(tempDirPath, "nuget", "single"), - filepath.Join(tempDirPath, "python", "pip"), filepath.Join(tempDirPath, "jas")) + filepath.Join(tempDirPath, "python", "pip"), filepath.Join(tempDirPath, "jas-test")) // Configure a new server named "default" createJfrogHomeConfig(t, true) defer cleanTestsHomeEnv() @@ -667,7 +667,7 @@ func TestXrayOfflineDBSyncV3(t *testing.T) { } func TestXrayAuditJasSimpleJson(t *testing.T) { - output := testXrayAuditJas(t, string(utils.SimpleJson), "jas") + output := testXrayAuditJas(t, string(utils.SimpleJson), "jas-test") verifySimpleJsonJasResults(t, output, 9, 7, 2, 1) }