Comments (4)
RotemNayaxUser
commented on September 28, 2024
1
Hi Omerzi
Thanks, The new version is working properly. v2.11.7
from frogbot.
EyalDelarea
commented on September 28, 2024
Hello @RotemNayaxUser,
We appreciate your usage of Frogbot and bringing this matter to our attention.
Could you kindly supply us with debug level logs? These logs will greatly aid us in pinpointing the underlying issue. Additionally, sharing the YAML workflow file would assist us in identifying the source of the "XXXXX" variable.
Best Regards,
Eyal Delarea.
from frogbot.
RotemNayaxUser
commented on September 28, 2024
Hi,
Theses are the debug log before it fails:
11:54:58 [Info] Scanning 125 nuget dependencies ... 11:54:58 [Debug] Sending HTTP POST request to: https://my_repo_url.jfrog.io/xray/api/v1/scan/graph?watch=Sec-watch&scan_type=dependency 11:54:58 [Info] Waiting for scan to complete on JFrog Xray... 11:54:58 [Debug] Sending HTTP GET request to: https://my_repo_url.jfrog.io/xray/api/v1/scan/graph/3b57df66-c789-49e1-43a8-7202a2c83300 11:54:58 [Debug] Get Dependencies Scan results... (Attempt 1) 11:55:03 [Debug] Sending HTTP GET request to: https://my_repo_url.jfrog.io/xray/api/v1/scan/graph/3b57df66-c789-49e1-43a8-7202a2c83300 11:55:04 [Info] Frogbot is configured to show all vulnerabilities 11:55:04 [Debug] Looking for an existing Frogbot pull request comment. Deleting it if it exists... 11:55:04 [Error] GET https://my_repo_url/api/v4/projects/develop/services/devops-sandbox/merge_requests/41057/notes: 404 {message: 404 Not found}
The YAML:
`.frogbot-dotnet-scan:
image: ${DOTNET_SDK_NODE_IMAGE}
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
variables:
FROGBOT_CMD: "scan-pull-request"
JF_GIT_BASE_BRANCH: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME
variables:
JF_URL: ${JF_URL}
JFROG_CLI_LOG_LEVEL: DEBUG
JF_USER: ${JF_USER}
JF_PASSWORD: ${JF_PASSWORD}
JF_GIT_TOKEN: ${JF_GIT_TOKEN}
# Predefined GitLab variables. There's no need to set them.
JF_GIT_PROVIDER: gitlab
JF_GIT_OWNER: $CI_PROJECT_NAMESPACE
JF_GIT_REPO: $CI_PROJECT_NAME
JF_GIT_PULL_REQUEST_ID: $CI_MERGE_REQUEST_IID
# [Optional, default: https://gitlab.com]
# API endpoint to GitLab
JF_GIT_API_ENDPOINT: https://my_git_repo
# [Optional]
# If the machine that runs Frogbot has no access to the internet, set the name of a remote repository
# in Artifactory, which proxies https://releases.jfrog.io
# The 'frogbot' executable and other tools it needs will be downloaded through this repository.
# JF_RELEASES_REPO: ""
##########################################################################
## If your project uses a 'frogbot-config.yml' file, you can define ##
## the following variables inside the file, instead of here. ##
##########################################################################
# [Mandatory if the two conditions below are met]
# 1. The project uses npm, yarn 2, NuGet or .NET to download its dependencies
# 2. The `installCommand` variable isn't set in your frogbot-config.yml file.
#
# The command that installs the project dependencies (e.g "npm i", "nuget restore" or "dotnet restore")
JF_INSTALL_DEPS_CMD: "dotnet restore ${CSPROJ_PATH}"
# [Optional, default: "."]
# Relative path to the root of the project in the Git repository
# JF_WORKING_DIR: path/to/project/dir
# [Optional]
# Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
JF_WATCHES: Sec-watch
# [Optional]
# JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
# JF_PROJECT: DevopsSandbox.sln
# [Optional, default: "FALSE"]
# Displays all existing vulnerabilities, including the ones that were added by the pull request.
JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"
# [Optional, default: "TRUE"]
# Fails the Frogbot task if any security issue is found.
JF_FAIL: "FALSE"
# [Optional]
# Relative path to a Pip requirements.txt file. If not set, the python project's dependencies are determined and scanned using the project setup.py file.
# JF_REQUIREMENTS_FILE: ""
# [Optional, Default: "TRUE"]
# Use Gradle wrapper.
# JF_USE_WRAPPER: "FALSE"
# [Optional]
# Frogbot will download the project dependencies if they're not cached locally. To download the
# dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
# need to set this value, if it is set in the frogbot-config.yml file.
# JF_DEPS_REPO: ""
For Linux / MacOS runner:
- curl "https://releases.jfrog.io/artifactory/frogbot/v2/\[RELEASE\]/getFrogbot.sh" --output ./getFrogbot.sh
- ls .
- chmod 777 ./getFrogbot.sh
- ./getFrogbot.sh 2.11.1
- curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh
- ./frogbot ${FROGBOT_CMD}
# For Windows runner:
# iwr https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe
# .\frogbot.exe ${FROGBOT_CMD}
# For Windows runner using Artifactory remote repository:
# iwr $JF_URL/artifactory/$JF_RELEASES_REPO/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe
# .\frogbot.exe ${FROGBOT_CMD}
allow_failure: true
tags:
- kubernetes
`
from frogbot.
omerzi
commented on September 28, 2024
Hey @RotemNayaxUser, Frogbot v2.11.7 has been released with a fix. Please let me know if it works for you. Thank you once again for sharing this issue.
from frogbot.
Related Issues (20)
- How does frogbot decide when to create a pull request? HOT 2
- [Urgent] : Use frogbot-config.yml in Project HOT 9
- Does frogbot require Advanced Security? HOT 6
- Add Support for Swift Package Scanning HOT 1
- The latest version of FrogBot is not detecting DotNet and NuGet
- Generate PR comment from published buildinfo
- Maven scan-repository fails in air-gapped environment HOT 2
- Does the PR scan open new PRs? HOT 1
- Duplicate Dependencies in Scan output HOT 1
- Scan-and-fix PR needs to resolve from Artifactory for all package managers
- scan-multiple-repositories always clones source repo on Azure DevOps HOT 3
- Avoid creating PRs HOT 1
- [dotnet] Support for Central Package Management HOT 1
- v2.19.9 Frogbot unable to pull snapshot dependencies HOT 2
- Error occured to integrate frogbot using jenkins HOT 5
- Python files are excluded during frogbot PR Scan HOT 2
- Is there a ENV variable to delete the previous comments in Frogbot and have only the current comment ? HOT 11
- Branch creation (PR) failing at the end for Repository Scans, for a monorepo. HOT 2
- Using Repository Scans without GitHub Advanced Security HOT 11
- Failing to run JFrog Bot Scan HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frogbot.