Comments (32)
We appreciate your engagement with Frogbot and for initiating this matter.
At present, the functionality to filter specific source branches using the scan-pull-requests
command is not available.
We can transform this matter into a feature request, and we're eager to address it once it aligns with our roadmap.
Meanwhile, you can achieve a similar outcome by utilizing the individual scan-pull-request
command and supplying the pertinent filtered pull requests IDs.
Also about frogbot there is only limited details are available in documentation. I am expecting some more indepth of information
Could you kindly provide more details on the aspects that you find lacking or unclear in our documentation? We are dedicated to enhancing our documentation and your insights would greatly assist us in achieving that goal.
Thank you for your support.
Best regards,
Eyal Delarea
from frogbot.
@nachammaichidambaram,
Adding to @EyalDelarea's reply, we've just added to our features backlog the option of defining a list of branches for pull requests scanning.
from frogbot.
When I try to execute ./frogbot scan-pull-request 7701 it always fails with error as The requested pull request was not found
If you plan to work with one of those package managers, please provide a username.
08:45:46 [Info] Running Frogbot "scan-pull-request" command
08:45:46 [Error] TF401180: The requested pull request was not found.
from frogbot.
@nachammaichidambaram,
We recommend using the templates included as part of the documentation. Will you be able to ensure your template is identical to the documented template?
from frogbot.
from frogbot.
@nachammaichidambaram,
Will you be able to share your entire workflow here? We'll help you get it to work properly.
from frogbot.
from frogbot.
Thanks @nachammaichidambaram.
Will you be able to use the template included in section 7 in this documentation page?
from frogbot.
from frogbot.
As @eyalbe4 and @EyalDelarea mentioned, currently, running scan-all-pull-requests for a specific branch by providing a parameter is currently not supported.
However, I have just released improved documentation for Azure repos, which can be found here: https://github.com/jfrog/frogbot/blob/master/docs/install-azure-pipelines.md
Please follow these steps for scan-pull-request, use the provided template, and configure the relevant branch policies. The complete instructions for scan-pull-request are located within Scanning pull requests
expandable section (Step 7).
Please let me know if this solution works for you. Thank you.
from frogbot.
from frogbot.
Thank you for reporting this, @nachammaichidambaram.
We do need some more information in order to understand the root cause and resolve the issue. Could you please provide your pipeline file and debug logs? To enable debug logs, add the JFROG_CLI_LOG_LEVEL
environment variable and set it to DEBUG
. Thank you!
from frogbot.
from frogbot.
from frogbot.
@nachammaichidambaram,
To help ua gain better understanding of the issue, will you also be able to share here your entire Frogbot pipeline?
from frogbot.
from frogbot.
from frogbot.
@nachammaichidambaram, thank you for sharing.
I'd like to point out a couple of things:
-
You don't need to manually configure the
JF_GIT_PULL_RQUEST_ID
. Since it's running within the context of a pull request, please keep it as$(System.PullRequest.PullRequestId)
. -
Have you followed the template and added a branch policy to your required branch?
-
Assuming you've done everything mentioned in the first two points, has this worked for you with other branches that don't have slashes?
Thanks.
from frogbot.
from frogbot.
@nachammaichidambaram, thank you for the clarification. We will investigate this matter and keep you updated as soon as we make progress in resolving this issue.
from frogbot.
We have opened a pull request that addresses this issue:
jfrog/froggit-go#113
Once it is merged, we will release the updated versions of Froggit-go and Frogbot as soon as possible and keep you updated. Thank you for reporting this issue to us and for your cooperation.
from frogbot.
from frogbot.
@nachammaichidambaram, this comment indicates that Frogbot hasn't identified any new vulnerabilities that you are about to add in the pull request. It conducts a comparison between your source and target branches within the pull request. If it discovers that the source branch contains vulnerabilities not present in your target branch, it will post a comment that corresponds to those vulnerabilities. However, if no new vulnerabilities are detected in your source branch compared to your target branch, the comment will reflect that no new vulnerabilities were found.
If you wish to view all vulnerabilities, regardless of whether they are already included in your target branch, you can configure the JF_INCLUDE_ALL_VULNERABILITIES
environment variable and set it to true
.
from frogbot.
from frogbot.
from frogbot.
This variable is already set
…
On Mon, 21 Aug 2023 at 13:29, Omer Zidkoni @.> wrote: @nachammaichidambaram https://github.com/nachammaichidambaram, this comment indicates that Frogbot hasn't identified any vulnerabilities that you intend to add to the pull request. It conducts a comparison between your source and target branches within the pull request. If it discovers that the source branch contains vulnerabilities not present in your target branch, it will post a comment that corresponds to those vulnerabilities. However, if no new vulnerabilities are detected in your source branch compared to your target branch, the comment will reflect that no new vulnerabilities were found. If you wish to view all vulnerabilities, regardless of whether they are already included in your target branch, you can configure the JF_INCLUDE_ALL_VULNERABILITIES environment variable and set it to true. — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJHU3MXXKEC4POKRWKDXWMINVANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.>
Do you have vulnerabilities in your repository? If you do, please attach the complete debug logs.
About the fix, it will be merged soon. Frogbot will be released as soon as possible, and I'll let you know.
from frogbot.
Accidentally closed.
from frogbot.
By When can we expect this fix to be available?
from frogbot.
Frogbot v2.12.2 has been released, which should address your issue. Please let me know if everything is working well now. Thank you for reporting this issue to us.
from frogbot.
from frogbot.
from frogbot.
The content length isn't defined by us, it's a limitation on the Azure side for a pull request comment length. In regular usage of the scan pull request, you probably won't have so many issues in a single pull request that you are about to add. Therefore, this is a very rare scenario.
However, we will consider a solution for these cases and add it to our backlog for future improvements.
from frogbot.
Related Issues (20)
- The latest version of FrogBot is not detecting DotNet and NuGet
- Generate PR comment from published buildinfo
- Maven scan-repository fails in air-gapped environment HOT 2
- Does the PR scan open new PRs? HOT 1
- Duplicate Dependencies in Scan output HOT 1
- Scan-and-fix PR needs to resolve from Artifactory for all package managers
- scan-multiple-repositories always clones source repo on Azure DevOps HOT 3
- Avoid creating PRs HOT 1
- [dotnet] Support for Central Package Management
- v2.19.9 Frogbot unable to pull snapshot dependencies
- Error occured to integrate frogbot using jenkins HOT 2
- Python files are excluded during frogbot PR Scan HOT 1
- Is there a ENV variable to delete the previous comments in Frogbot and have only the current comment ? HOT 9
- Branch creation (PR) failing at the end for Repository Scans, for a monorepo. HOT 2
- Using Repository Scans without GitHub Advanced Security HOT 9
- Failing to run JFrog Bot Scan HOT 3
- frogbot-config.yml for Gitlab HOT 1
- Frogbot does not create PR after scan-repository in a monorepo HOT 1
- git clone failed with error: authentication required HOT 2
- License violations don't include Severity. Also lots of licenses get reported as Unknown. HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frogbot.