Comments (10)
Hi @Jan-Pleva,
Thanks a lot for the feedback. We're taking the feedback we receive for Frogbot very seriously and are constantly working to improve it.
To make the setup process easier, we have a feature planned, to allow creating the frogbot-config.yml automatically, and allow you to modify it if needed. Also, we're working on improving the scan-and-fix-repos command so that it won't scan repositories unless there has been a new commit. If you have additional suggestions for us to make the setup process easier, please let us know.
As for your feedback in regard to resource utilization, we'd like to understand it better. Will you be able to elaborate more on this? You mentioned that the build takes a long time. What type of projects is Frogbot scanning for you? Which part of the workflow takes a lot of time?
Thanks for helping Frogbot improve.
from frogbot.
Hi, some of our builds take 30minutes, it is maven, gradle.
The misunderstanding is, that Frogbot is trying to do build withnout the detail configuration.
How does work the JFrog IDE plugin? Is it also doing build behind?
from frogbot.
@Jan-Pleva,
I assume that the process takes 30 minutes for you because this is time it takes for your project depedencies to downloaded. This time can be reduced to zero by using a local cache. Which runtime are you using? Let ua know and we'll assist you avoid this download time.
The JFrog IDE integrations the cache on the local machine.
Can you also clarify what do you mean by the "detail configuration"?
from frogbot.
I mean this configuration https://github.com/jfrog/frogbot/blob/master/docs/install-azure-repos.md
So every project has to set-up. Then I dont see the different with the build settings...
from frogbot.
@Jan-Pleva thanks for your important feedback.
This setup can happen one time. You can scan multiple repositories with one task - just add the frogbot-config.yml file in a single repository containing the bare minimal info for each one of your repositories. For example:
- params:
git:
repoName: repo-1
branches:
- master
- params:
git:
repoName: repo-2
branches:
- master
- dev
- params:
git:
repoName: repo-3
branches:
- master
scan:
projects:
- pipRequirementsFile: requirements.txt
A word about the long scan time - I'd like to share that we had some progress for Gradle in Frogbot 2.6.4. This change should significantly improve the scan time for large Gradle projects by avoiding compiling the code.
We have plans to do the same for Maven in the near future.
We give Frogbot a lot of attention and keep improving it constantly. With that said, we'd appreciate your feedback and ideas for how to make it easier for you.
from frogbot.
Ok. Great tip.
But the main issue is that the use is not so easy as in plugin in IDE. The idea was to setup on one please for ALL our Azure DevOps projects, not separately in every project, because thats, what we do with the JFrog build process.
from frogbot.
@Jan-Pleva,
We're open to receiving feedback and improving the solution following it.
There's a chance there's a gap that I'm missing, so please forgive me if this is the case. My question is this:
Are you saying that you're not able to create a single Azure DevOps pipeline for scanning all of your repositories? Doesn't the solution! @yahavi proposed above allow just that?
from frogbot.
Hi, i would like to create just one set-up for all my DevOps projects and their repositories.
At the same time, I'm afraid that the build settings are very specific from project to project.
from frogbot.
Thanks for feedback. With your help we may be able to improve the setup!
I think I understand the issue you're describing @Jan-Pleva. Let me know what you think.
The Frogbot pipelines are currently bounded to a single Azure DevOps project.
This is because of this variable that the pipeline template includes -
JF_GIT_PROJECT: $(System.TeamProject)
If the template allowed including multiple projects, would that get us closer to simplifying the setup?
Also, did you set a value for the 'JF_GIT_OWNER' variable the template includes, or is this variable redundant for your setup?
from frogbot.
Sorry, after discovering the principle, we didnt try closer. But yes, I thing you now understand the point.
from frogbot.
Related Issues (20)
- Error occured to integrate frogbot using jenkins HOT 2
- Python files are excluded during frogbot PR Scan HOT 1
- Is there a ENV variable to delete the previous comments in Frogbot and have only the current comment ? HOT 9
- Branch creation (PR) failing at the end for Repository Scans, for a monorepo. HOT 2
- Using Repository Scans without GitHub Advanced Security HOT 9
- Failing to run JFrog Bot Scan HOT 2
- frogbot-config.yml for Gitlab HOT 1
- Frogbot does not create PR after scan-repository in a monorepo HOT 1
- git clone failed with error: authentication required HOT 2
- License violations don't include Severity. Also lots of licenses get reported as Unknown. HOT 13
- Fails to scan custom python packages HOT 1
- can be deleted
- Support for yarn3 workspaces? HOT 2
- Question HOT 1
- How to exclude scanning the devDependencies for npm / js projects? HOT 2
- Update action to use node 20 HOT 1
- OIDC Support to Frogbot HOT 2
- Problems executing frogbot in Enterprise env without internet connection HOT 7
- Receiving error: ./frogbot: No such file or directory HOT 1
- JFrog reports a go.mod file as being in the root when it isn't HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frogbot.