Comments (2)
@brijeshsch,
Thanks for reporting this issue!
We take seriously security issues. It sounds like the issue appears in the Typescript/Javascript code of the GitHub Action. However, In the GitHub action code, we only download the Frogbot executable from https://releases.jfrog.io/artifactory/frogbot.
It is possible that the HTTP protocol you see is in use in one of the dependencies.
Do you have any more information about this error, such as stacktrace or anything that may imply in which dependency this problem occurs?
Thanks!
from frogbot.
@yahavi I dont have any stacktrace as this scan was done on the repository before we enabled this action on our Github Enterprise Server. Thanks
from frogbot.
Related Issues (20)
- scan-repository - invalid character '\x1b' looking for beginning of value HOT 7
- does frogbot download dependencies that are required? HOT 1
- Try to update to RC (release candidate) version instead of fixed version HOT 2
- How does frogbot decide when to create a pull request? HOT 2
- [Urgent] : Use frogbot-config.yml in Project HOT 9
- Does frogbot require Advanced Security? HOT 4
- Add Support for Swift Package Scanning
- The latest version of FrogBot is not detecting DotNet and NuGet
- Generate PR comment from published buildinfo
- Maven scan-repository fails in air-gapped environment HOT 2
- Does the PR scan open new PRs? HOT 1
- Duplicate Dependencies in Scan output HOT 1
- Scan-and-fix PR needs to resolve from Artifactory for all package managers
- scan-multiple-repositories always clones source repo on Azure DevOps HOT 3
- Avoid creating PRs HOT 1
- [dotnet] Support for Central Package Management
- v2.19.9 Frogbot unable to pull snapshot dependencies
- Error occured to integrate frogbot using jenkins HOT 2
- Python files are excluded during frogbot PR Scan HOT 1
- Is there a ENV variable to delete the previous comments in Frogbot and have only the current comment ? HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frogbot.