I got the below error, I used the github action template for Python package scanning</

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

I do not have such deor file as I was executing this on my package management wo

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Not able to scan PR with frogbot exited with error about frogbot HOT 7 OPEN

jfrog commented on May 28, 2024

Not able to scan PR with frogbot exited with error

from frogbot.

Comments (7)

sverdlov93 commented on May 28, 2024

Hi @mangeishp,
Thanks for reporting this issue.
Frogbot detects the technology type by the descriptor files (package.json / yarn.lock / etc..) on your project's root directory.
Can you please provide your project's root dir files list?

from frogbot.

mangeishp commented on May 28, 2024

I do not have such descriptor file as I was executing this on my package management workflow repository where I have only requirement.txt file. is there any other way to solve this. or it only with project repositories

from frogbot.

omerzi commented on May 28, 2024

Hi @mangeishp and thank you for the update. For such cases, we have a specific environment variable.
Add the following environment to your YAML file:
JF_REQUIREMENTS_FILE: "requirements.txt"

Please let me know if it worked for you. Thank you!

from frogbot.

mangeishp commented on May 28, 2024

It proceed further and detect package type as pip however it give invalid token, However the same token I can use for package download from jfrog repo

from frogbot.

sverdlov93 commented on May 28, 2024

Hi @mangeishp,
can you share the logs?
I am guessing that you used Identity or Reference Token,
Unfortunately, Identity/Reference tokens are currently not supported by JFrog CLI package manager commands because they need a username in addition to the token.

You can use:

JFrog Access Token
User + Password
set the Reference/Identity Token as a password ( supported by Saas Artifactory 7.42.0 / onPrem Artifactory 7.43.0, on earlier versions use the following workaround - jfrog/jfrog-cli#1616 (comment)

from frogbot.

mangeishp commented on May 28, 2024

Hi, As you suggested I have used the username and identity access toke generated on Jfrog ui. Here is the logs, Frogbot /opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot scan-pull-request 06:54:27 [Info] Running Frogbot "scan-pull-request" command 06:54:27 [Info] Auditing /runner/_work/cirrus-poc-package-scanning/cirrus-poc-package-scanning 06:54:27 [Info] Detected: pip. 06:57:18 [Info] JFrog Xray version is: 3.30.1 06:57:18 [Info] Scanning module imbalanced-learn:0.8.1... Error: 8 [Error] Scanning imbalanced-learn:0.8.1 failed with error: Found invalid token Error: 8 [Error] pip Audit command failed: Audit command failed due to Xray internal error Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot' failed with exit code 1

from frogbot.

mangeishp commented on May 28, 2024

@sverdlov93 Hi, I managed get authenticated with jfrog however now it failed with below errors, can you help

panic: runtime error: index out of range [4] with length 4
  
  goroutine 1 [running]:
  github.com/jfrog/frogbot/commands.createNewIssuesRows({0xc0001cc780, 0x4, 0x0?}, {0xc0003f8000, 0xc, 0x0?})
  	/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8[58](https://github.com/telia-company/cirrus-poc-package-scanning/actions/runs/3226321380/jobs/5279697855#step:5:59)3230/dependencyState/resources/frogbotGit/commands/scanpullrequest.go:90 +0x4c6
  github.com/jfrog/frogbot/commands.scanPullRequest(0xc0001fa400, {0x10e4b98, 0xc000330ab0})
  	/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/scanpullrequest.go:58 +0x211
  github.com/jfrog/frogbot/commands.ScanPullRequestCmd.Run(...)
  	/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/scanpullrequest.go:30
  github.com/jfrog/frogbot/commands.Exec({0x10dc380, 0x1848b68}, {0xf4f7e9, 0x11})
  	/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/commands.go:28 +0x1ef
  github.com/jfrog/frogbot/commands.GetCommands.func1(0xc00033c3[60](https://github.com/telia-company/cirrus-poc-package-scanning/actions/runs/3226321380/jobs/5279697855#step:5:61)?)
  	/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/commands.go:44 +0x32
  github.com/urfave/cli/v2.(*Command).Run(0xc00033c360, 0xc00030cbc0)
  	/root/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:173 +0x6a2
  github.com/urfave/cli/v2.(*App).RunContext(0xc00018a8c0, {0x10e0998?, 0xc00013e000}, {0xc00012e000, 0x2, 0x2})
  	/root/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:382 +0xfb5
  github.com/urfave/cli/v2.(*App).Run(...)
  	/root/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:251
  main.ExecMain()
  	/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/main.go:27 +0x158
  main.main()
  	/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/main.go:16 +0x1e
  Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x[64](https://github.com/telia-company/cirrus-poc-package-scanning/actions/runs/3226321380/jobs/5279697855#step:5:65)/frogbot' failed with exit code 2

my workflow

name: "Frogbot Scan Pull Request"
on:
  pull_request_target:
    types: [opened, synchronize]
permissions:
  pull-requests: write
  contents: read
jobs:
  scan-pull-request:
    runs-on: ubuntu-latest
    # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
    # "frogbot" GitHub environment can approve the pull request to be scanned.
    environment: frogbot
    steps:
      - uses: actions/checkout@v2
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      # Install prerequisites
      - uses: actions/setup-python@v3
        with:
          python-version: "3.7"

      - uses: jfrog/frogbot@v2
        env:
          # [Mandatory]
          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
          JF_URL: ${{ secrets.JF_URL }}
          
          # [Mandatory if JF_ACCESS_TOKEN is not provided]
          # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
          JF_USER: ${{ secrets.JF_USER }}

          # [Mandatory if JF_ACCESS_TOKEN is not provided]
          # JFrog password. Must be provided with JF_USER
          JF_PASSWORD: ${{ secrets.JF_ACCESS_TOKEN }}

          # [Mandatory]
          # The GitHub token automatically generated for the job
          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}

          # [Optional, default: "."]
          # Relative path to the project in the git repository
          JF_REQUIREMENTS_FILE: "requirements.txt"
          #JF_WORKING_DIR: cirrus-ml-experimentation/src/project_template/

from frogbot.

Not able to scan PR with frogbot exited with error about frogbot HOT 7 OPEN

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent