Comments (7)
Hi @mangeishp,
Thanks for reporting this issue.
Frogbot detects the technology type by the descriptor files (package.json / yarn.lock / etc..) on your project's root directory.
Can you please provide your project's root dir files list?
from frogbot.
I do not have such descriptor file as I was executing this on my package management workflow repository where I have only requirement.txt file. is there any other way to solve this. or it only with project repositories
from frogbot.
Hi @mangeishp and thank you for the update. For such cases, we have a specific environment variable.
Add the following environment to your YAML file:
JF_REQUIREMENTS_FILE: "requirements.txt"
Please let me know if it worked for you. Thank you!
from frogbot.
It proceed further and detect package type as pip however it give invalid token, However the same token I can use for package download from jfrog repo
from frogbot.
Hi @mangeishp,
can you share the logs?
I am guessing that you used Identity or Reference Token,
Unfortunately, Identity/Reference tokens are currently not supported by JFrog CLI package manager commands because they need a username in addition to the token.
You can use:
- JFrog Access Token
- User + Password
- set the Reference/Identity Token as a password ( supported by Saas Artifactory 7.42.0 / onPrem Artifactory 7.43.0, on earlier versions use the following workaround - jfrog/jfrog-cli#1616 (comment)
from frogbot.
from frogbot.
@sverdlov93 Hi, I managed get authenticated with jfrog however now it failed with below errors, can you help
panic: runtime error: index out of range [4] with length 4
goroutine 1 [running]:
github.com/jfrog/frogbot/commands.createNewIssuesRows({0xc0001cc780, 0x4, 0x0?}, {0xc0003f8000, 0xc, 0x0?})
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8[58](https://github.com/telia-company/cirrus-poc-package-scanning/actions/runs/3226321380/jobs/5279697855#step:5:59)3230/dependencyState/resources/frogbotGit/commands/scanpullrequest.go:90 +0x4c6
github.com/jfrog/frogbot/commands.scanPullRequest(0xc0001fa400, {0x10e4b98, 0xc000330ab0})
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/scanpullrequest.go:58 +0x211
github.com/jfrog/frogbot/commands.ScanPullRequestCmd.Run(...)
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/scanpullrequest.go:30
github.com/jfrog/frogbot/commands.Exec({0x10dc380, 0x1848b68}, {0xf4f7e9, 0x11})
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/commands.go:28 +0x1ef
github.com/jfrog/frogbot/commands.GetCommands.func1(0xc00033c3[60](https://github.com/telia-company/cirrus-poc-package-scanning/actions/runs/3226321380/jobs/5279697855#step:5:61)?)
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/commands/commands.go:44 +0x32
github.com/urfave/cli/v2.(*Command).Run(0xc00033c360, 0xc00030cbc0)
/root/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:173 +0x6a2
github.com/urfave/cli/v2.(*App).RunContext(0xc00018a8c0, {0x10e0998?, 0xc00013e000}, {0xc00012e000, 0x2, 0x2})
/root/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:382 +0xfb5
github.com/urfave/cli/v2.(*App).Run(...)
/root/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:251
main.ExecMain()
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/main.go:27 +0x158
main.main()
/var/opt/jfrog/pipelines/data/release_frogbot/runs/1129469/steps/Release/8583230/dependencyState/resources/frogbotGit/main.go:16 +0x1e
Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x[64](https://github.com/telia-company/cirrus-poc-package-scanning/actions/runs/3226321380/jobs/5279697855#step:5:65)/frogbot' failed with exit code 2
my workflow
name: "Frogbot Scan Pull Request"
on:
pull_request_target:
types: [opened, synchronize]
permissions:
pull-requests: write
contents: read
jobs:
scan-pull-request:
runs-on: ubuntu-latest
# A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
# "frogbot" GitHub environment can approve the pull request to be scanned.
environment: frogbot
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
# Install prerequisites
- uses: actions/setup-python@v3
with:
python-version: "3.7"
- uses: jfrog/frogbot@v2
env:
# [Mandatory]
# JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
JF_URL: ${{ secrets.JF_URL }}
# [Mandatory if JF_ACCESS_TOKEN is not provided]
# JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
JF_USER: ${{ secrets.JF_USER }}
# [Mandatory if JF_ACCESS_TOKEN is not provided]
# JFrog password. Must be provided with JF_USER
JF_PASSWORD: ${{ secrets.JF_ACCESS_TOKEN }}
# [Mandatory]
# The GitHub token automatically generated for the job
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# [Optional, default: "."]
# Relative path to the project in the git repository
JF_REQUIREMENTS_FILE: "requirements.txt"
#JF_WORKING_DIR: cirrus-ml-experimentation/src/project_template/
from frogbot.
Related Issues (20)
- Incorrect request made to Bitbucket Server API HOT 2
- frogbot scan-pull-request fails HOT 4
- Regression for "scan-and-fix-repos" in Azure DevOps server since version 2.11.5 HOT 3
- frogbot scan-pull-requests is scanning all the active pull requests but i wanted to scan only the based on the source branch and buildid is it possible to do that HOT 2
- frogbot scan pull request issue in Azure devops HOT 32
- Please add instructions for teamcity and automatic PR creation in bitbucket server
- Enable download of Maven Gav Reader using Gitlab virtual repository HOT 4
- avoid frogbot from overwriting the comment section as part of every scan HOT 19
- Fix for issue "Fix GoSec issues (#506)" broke the maven gav reader HOT 3
- Dependent project file was not found HOT 1
- Can't see results in the Code Scanning Alerts View (Github) HOT 13
- 'Found invalid token' when using access token generated from jfrogcli HOT 1
- I'm running Enterprise Plus, why does it says "isn't enabled on your system" HOT 2
- JF_INCLUDE_ALL_VULNERABILITIES: TRUE it is not displaying the vulnerabilities . Instead it always prints that the PR has no issues HOT 5
- Support MAVEN_ARGS in frogbot
- FrogBot: A title for comment is required. When there are too many builds in PR, The comments from xray scan are confusing HOT 18
- what to do if we have 2 dotnet .sln files in same directory HOT 7
- Add a JF_PLUGINS_REPO to complement JF_DEPS_REPO for Maven builds HOT 2
- How to get PR's created in Azure DevOps HOT 4
- Gitlab SAAS 401 issues HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frogbot.