Describe the bug Iam trying to scan the PR for specific branch in

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-u

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

frogbot scan pull request issue in Azure devops,about jfrog/frogbot

EyalDelarea commented on June 26, 2024

Hey @nachammaichidambaram,

We appreciate your engagement with Frogbot and for initiating this matter.
At present, the functionality to filter specific source branches using the scan-pull-requests command is not available.
We can transform this matter into a feature request, and we're eager to address it once it aligns with our roadmap.

Meanwhile, you can achieve a similar outcome by utilizing the individual scan-pull-request command and supplying the pertinent filtered pull requests IDs.

Also about frogbot there is only limited details are available in documentation. I am expecting some more indepth of information

Could you kindly provide more details on the aspects that you find lacking or unclear in our documentation? We are dedicated to enhancing our documentation and your insights would greatly assist us in achieving that goal.

Thank you for your support.

Best regards,
Eyal Delarea

from frogbot.

eyalbe4 commented on June 26, 2024

@nachammaichidambaram,
Adding to @EyalDelarea's reply, we've just added to our features backlog the option of defining a list of branches for pull requests scanning.

from frogbot.

nachammaichidambaram commented on June 26, 2024

@EyalDelarea

When I try to execute ./frogbot scan-pull-request 7701 it always fails with error as The requested pull request was not found

If you plan to work with one of those package managers, please provide a username.
08:45:46 [Info] Running Frogbot "scan-pull-request" command
08:45:46 [Error] TF401180: The requested pull request was not found.

from frogbot.

eyalbe4 commented on June 26, 2024

@nachammaichidambaram,
We recommend using the templates included as part of the documentation. Will you be able to ensure your template is identical to the documented template?

from frogbot.

nachammaichidambaram commented on June 26, 2024

Hi I have used same template

…

On Wed, 16 Aug 2023 at 11:16 PM, Eyal Ben Moshe ***@***.***> wrote: @nachammaichidambaram <https://github.com/nachammaichidambaram>, We recommend using the templates included as part of the documentation. Will you be able to ensure your template is identical to the documented template? — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJCPAAEQDGIEJLTES4DXVUBO3ANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

eyalbe4 commented on June 26, 2024

@nachammaichidambaram,
Will you be able to share your entire workflow here? We'll help you get it to work properly.

from frogbot.

nachammaichidambaram commented on June 26, 2024

Hi displayName: 'Download and Run Frogbot' env: JF_GIT_PROJECT: $(System.TeamProject) JF_GIT_API_ENDPOINT: $(System.CollectionUri) JF_GIT_TOKEN: JF_URL: JF_ACCESS_TOKEN: JF_CLI_LOG_LEVEL: "DEBUG" JF_GIT_OWNER: "" JF_GIT_REPO: " JF_GIT_PROVIDER: "azureRepos" JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" JF_WORKING_DIR: ../../../$(system.DefaultWorkingDirectory)/ inputs: script: | curl -fLg " https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh echo $(Build.SourceBranch) ./frogbot scan-pull-requests $(Build.SourceBranch) #./frogbot scan-and-fix-repos $(Build.SourceBranch) This is the entire code I got from template

…

On Wed, 16 Aug 2023 at 11:22 PM, Eyal Ben Moshe ***@***.***> wrote: @nachammaichidambaram <https://github.com/nachammaichidambaram>, Will you be able to share your entire workflow here? We'll help you get it to work properly. — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJA6TSXHHFIML6GME4DXVUCFNANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

eyalbe4 commented on June 26, 2024

Thanks @nachammaichidambaram.
Will you be able to use the template included in section 7 in this documentation page?

from frogbot.

nachammaichidambaram commented on June 26, 2024

This template does not make any difference inputs: script: | getFrogbotScriptPath=$( [[ -z "$JF_RELEASES_REPO" ]] && echo "https://releases.jfrog.io" || echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}" ) curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh ./frogbot scan-all-pull-requests ./frogbot scan-multiple-repositories 1. It scan all pull requests 1.

…

On Thu, 17 Aug 2023 at 12:17 AM, Eyal Ben Moshe ***@***.***> wrote: Thanks @nachammaichidambaram <https://github.com/nachammaichidambaram>. Will you be able to use the template included in section 7 in this <https://github.com/jfrog/frogbot/blob/master/docs/install-azure-pipelines.md> documentation page? — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJC5UGWT5W46VM23WVDXVUIUVANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

omerzi commented on June 26, 2024

Hi @nachammaichidambaram,

As @eyalbe4 and @EyalDelarea mentioned, currently, running scan-all-pull-requests for a specific branch by providing a parameter is currently not supported.

However, I have just released improved documentation for Azure repos, which can be found here: https://github.com/jfrog/frogbot/blob/master/docs/install-azure-pipelines.md

Please follow these steps for scan-pull-request, use the provided template, and configure the relevant branch policies. The complete instructions for scan-pull-request are located within Scanning pull requests expandable section (Step 7).

Please let me know if this solution works for you. Thank you.

from frogbot.

nachammaichidambaram commented on June 26, 2024

Hi I followed the documentation and tried configuring pull requests scan As expected it checks only for the source and target branches based on PR Id But the scan failed with 404 error since my branch name is in the following format”users/release/X-ray” during scan it ignores all the slashes(“/“) and took branch name as X-ray alone Can you suggest a fix for this please

…

On Thu, 17 Aug 2023 at 11:41 AM, Omer Zidkoni ***@***.***> wrote: Hi @nachammaichidambaram <https://github.com/nachammaichidambaram>, As @eyalbe4 <https://github.com/eyalbe4> and @EyalDelarea <https://github.com/EyalDelarea> mentioned, currently, running scan-all-pull-requests for a specific branch by providing a parameter is not supported. However, I have just released improved documentation for Azure repos, which can be found here: https://github.com/jfrog/frogbot/blob/master/docs/install-azure-pipelines.md Please follow these steps for scan-pull-request, use the provided template, and configure the relevant branch policies. The complete instructions for scan-pull-request are located within Scanning pull requests expandable section (Step 7). Please let me know if this solution works for you. Thank you. — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJBQ2GDAXLUJNHRX233XVWY2XANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

omerzi commented on June 26, 2024

Thank you for reporting this, @nachammaichidambaram.

We do need some more information in order to understand the root cause and resolve the issue. Could you please provide your pipeline file and debug logs? To enable debug logs, add the JFROG_CLI_LOG_LEVEL environment variable and set it to DEBUG. Thank you!

from frogbot.

nachammaichidambaram commented on June 26, 2024

Hi, I have enabled debug log. Please find the same 2023-08-17T10:53:32.0598934Z 03:53:32 [Debug] Downloading <users/xxxx/xray> to: '/tmp/jfrog.cli.temp.-1692269612-3705472641' 2023-08-17T10:53:32.0601592Z 03:53:32 [Debug] Download url: https://dev.azure.com/test/test/_apis/git/repositories/SDK2/items/items?path=/&versionDescriptor[version]=xray&$format=zip 2023-08-17T10:53:32.0911048Z 03:53:32 [Debug] Artifactory response: 200 2023-08-17T10:53:32.0912294Z 03:53:32 [Debug] JFrog Artifactory version is: 7.63.11 2023-08-17T10:53:32.0916147Z 03:53:32 [Debug] Sending HTTP POST request to: https://artifactory/artifactory/api/system/usage 2023-08-17T10:53:32.0982708Z 03:53:32 [Debug] Usage Report: Usage info sent successfully. Artifactory response: 200 2023-08-17T10:53:32.1250392Z 03:53:32 [Error] failed to download branch: <users/xxxx/xray> with error: server response: 404 Not Found 2023-08-17T10:53:32.1251778Z { 2023-08-17T10:53:32.1252449Z "$id": "1", 2023-08-17T10:53:32.1253219Z "innerException": null, 2023-08-17T10:53:32.1255376Z "message": "TF401175:The version descriptor <Branch: xray > could not be resolved to a version in the repository SDK2", 2023-08-17T10:53:32.1257180Z "typeName": "Microsoft.TeamFoundation.Git.Server.GitUnresolvableToCommitException, Microsoft.TeamFoundation.Git.Server", 2023-08-17T10:53:32.1258612Z "typeKey": "GitUnresolvableToCommitException", 2023-08-17T10:53:32.1259519Z "errorCode": 0, 2023-08-17T10:53:32.1260268Z "eventId": 3000 2023-08-17T10:53:32.1260945Z }

…

On Thu, 17 Aug 2023 at 16:05, Omer Zidkoni ***@***.***> wrote: Thank you for reporting this, @nachammaichidambaram <https://github.com/nachammaichidambaram>. We do need some more information in order to understand the root cause and resolve the issue. Could you please provide your pipeline file and debug logs? To enable debug logs, add the JFROG_CLI_LOG_LEVEL environment variable and set it to DEBUG. Thank you! — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJDEBRQU7KR6ZLMZKOLXVXXYXANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

nachammaichidambaram commented on June 26, 2024

any update on this? On Thu, 17 Aug 2023 at 16:27, Nachammai Chidambaram < ***@***.***> wrote:

…

Hi, I have enabled debug log. Please find the same 2023-08-17T10:53:32.0598934Z 03:53:32 [Debug] Downloading <users/xxxx/xray> to: '/tmp/jfrog.cli.temp.-1692269612-3705472641' 2023-08-17T10:53:32.0601592Z 03:53:32 [Debug] Download url: https://dev.azure.com/test/test/_apis/git/repositories/SDK2/items/items?path=/&versionDescriptor[version]=xray&$format=zip 2023-08-17T10:53:32.0911048Z <https://dev.azure.com/test/test/_apis/git/repositories/SDK2/items/items?path=/&versionDescriptor[version]=xray&$format=zip%0D2023-08-17T10:53:32.0911048Z> 03:53:32 [Debug] Artifactory response: 200 2023-08-17T10:53:32.0912294Z 03:53:32 [Debug] JFrog Artifactory version is: 7.63.11 2023-08-17T10:53:32.0916147Z 03:53:32 [Debug] Sending HTTP POST request to: https://artifactory/artifactory/api/system/usage 2023-08-17T10:53:32.0982708Z <https://artifactory/artifactory/api/system/usage%0D2023-08-17T10:53:32.0982708Z> 03:53:32 [Debug] Usage Report: Usage info sent successfully. Artifactory response: 200 2023-08-17T10:53:32.1250392Z 03:53:32 [Error] failed to download branch: <users/xxxx/xray> with error: server response: 404 Not Found 2023-08-17T10:53:32.1251778Z { 2023-08-17T10:53:32.1252449Z "$id": "1", 2023-08-17T10:53:32.1253219Z "innerException": null, 2023-08-17T10:53:32.1255376Z "message": "TF401175:The version descriptor <Branch: xray > could not be resolved to a version in the repository SDK2", 2023-08-17T10:53:32.1257180Z "typeName": "Microsoft.TeamFoundation.Git.Server.GitUnresolvableToCommitException, Microsoft.TeamFoundation.Git.Server", 2023-08-17T10:53:32.1258612Z "typeKey": "GitUnresolvableToCommitException", 2023-08-17T10:53:32.1259519Z "errorCode": 0, 2023-08-17T10:53:32.1260268Z "eventId": 3000 2023-08-17T10:53:32.1260945Z } On Thu, 17 Aug 2023 at 16:05, Omer Zidkoni ***@***.***> wrote: > Thank you for reporting this, @nachammaichidambaram > <https://github.com/nachammaichidambaram>. > > We do need some more information in order to understand the root cause > and resolve the issue. Could you please provide your pipeline file and > debug logs? To enable debug logs, add the JFROG_CLI_LOG_LEVEL > environment variable and set it to DEBUG. Thank you! > > — > Reply to this email directly, view it on GitHub > <#446 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/A2LNBJDEBRQU7KR6ZLMZKOLXVXXYXANCNFSM6AAAAAA3SOZXFA> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

from frogbot.

eyalbe4 commented on June 26, 2024

@nachammaichidambaram,
To help ua gain better understanding of the issue, will you also be able to share here your entire Frogbot pipeline?

from frogbot.

nachammaichidambaram commented on June 26, 2024

Hello, Please find the same steps: - task: ***@***.*** # condition: eq(variables['Build.Reason'], 'PullRequest') displayName: 'Download and Run Frogbot' env: JF_GIT_PULL_REQUEST_ID: 7713 JF_GIT_BASE_BRANCH: $(System.PullRequest.TargetBranch) JF_GIT_PROJECT: $(System.TeamProject) JF_GIT_API_ENDPOINT: $(System.CollectionUri) JF_GIT_TOKEN: <AZurerepotoken> JF_URL: https://artifactorydev.com JF_ACCESS_TOKEN: <artifactorytoken> JFROG_CLI_LOG_LEVEL: "DEBUG" JF_GIT_OWNER: "GPG" JF_GIT_REPO: "SDK2" JF_RELEASES_REPO: "" JF_GIT_PROVIDER: "azureRepos" JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" JF_WORKING_DIR: ../../../$(system.DefaultWorkingDirectory)/sds inputs: script: | getFrogbotScriptPath=$(if [ -z "$JF_RELEASES_REPO" ]; then echo " https://releases.jfrog.io "; else echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}"; fi) curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh ./frogbot spr ./frogbot scan-and-fix-repos $(Build.SourceBranch)

…

On Fri, 18 Aug 2023 at 15:15, Eyal Ben Moshe ***@***.***> wrote: @nachammaichidambaram <https://github.com/nachammaichidambaram>, To help ua gain better understanding of the issue, will you also be able to share here your entire Frogbot pipeline? — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJCZMBWZXW2WCBJH3TDXV42TVANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

nachammaichidambaram commented on June 26, 2024

This is the only step I have as part of my PR pipeline On Fri, 18 Aug 2023 at 3:29 PM, Nachammai Chidambaram < ***@***.***> wrote:

…

Hello, Please find the same steps: - task: ***@***.*** # condition: eq(variables['Build.Reason'], 'PullRequest') displayName: 'Download and Run Frogbot' env: JF_GIT_PULL_REQUEST_ID: 7713 JF_GIT_BASE_BRANCH: $(System.PullRequest.TargetBranch) JF_GIT_PROJECT: $(System.TeamProject) JF_GIT_API_ENDPOINT: $(System.CollectionUri) JF_GIT_TOKEN: <AZurerepotoken> JF_URL: https://artifactorydev.com JF_ACCESS_TOKEN: <artifactorytoken> JFROG_CLI_LOG_LEVEL: "DEBUG" JF_GIT_OWNER: "GPG" JF_GIT_REPO: "SDK2" JF_RELEASES_REPO: "" JF_GIT_PROVIDER: "azureRepos" JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" JF_WORKING_DIR: ../../../$(system.DefaultWorkingDirectory)/sds inputs: script: | getFrogbotScriptPath=$(if [ -z "$JF_RELEASES_REPO" ]; then echo " https://releases.jfrog.io "; else echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}"; fi) curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh ./frogbot spr ./frogbot scan-and-fix-repos $(Build.SourceBranch) On Fri, 18 Aug 2023 at 15:15, Eyal Ben Moshe ***@***.***> wrote: > @nachammaichidambaram <https://github.com/nachammaichidambaram>, > To help ua gain better understanding of the issue, will you also be able > to share here your entire Frogbot pipeline? > > — > Reply to this email directly, view it on GitHub > <#446 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/A2LNBJCZMBWZXW2WCBJH3TDXV42TVANCNFSM6AAAAAA3SOZXFA> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

from frogbot.

omerzi commented on June 26, 2024

@nachammaichidambaram, thank you for sharing.

I'd like to point out a couple of things:

You don't need to manually configure the JF_GIT_PULL_RQUEST_ID. Since it's running within the context of a pull request, please keep it as $(System.PullRequest.PullRequestId).
Have you followed the template and added a branch policy to your required branch?
Assuming you've done everything mentioned in the first two points, has this worked for you with other branches that don't have slashes?

Thanks.

from frogbot.

nachammaichidambaram commented on June 26, 2024

Yes I did whatever you have mentioned in first two steps. For the branch name without slash it works fine

…

On Sun, 20 Aug 2023 at 10:44 AM, Omer Zidkoni ***@***.***> wrote: @nachammaichidambaram <https://github.com/nachammaichidambaram>, thank you for sharing. I'd like to point out a couple of things: 1. You don't need to manually configure the JF_GIT_PULL_RQUEST_ID. Since it's running within the context of a pull request, please keep it as $(System.PullRequest.PullRequestId). 2. Have you followed the template and added a branch policy to your required branch? 3. Assuming you've done everything mentioned in the first two points, has this worked for you with other branches that don't have slashes? Thanks. — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJFFF7UFGWRXXMDQZ5TXWGMKZANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

omerzi commented on June 26, 2024

@nachammaichidambaram, thank you for the clarification. We will investigate this matter and keep you updated as soon as we make progress in resolving this issue.

from frogbot.

omerzi commented on June 26, 2024

Hey @nachammaichidambaram,

We have opened a pull request that addresses this issue:
jfrog/froggit-go#113

Once it is merged, we will release the updated versions of Froggit-go and Frogbot as soon as possible and keep you updated. Thank you for reporting this issue to us and for your cooperation.

from frogbot.

nachammaichidambaram commented on June 26, 2024

Hi Thanks for this I am facing one more issue now , the PR’s which is scanned by frogbot doesn’t provide any report instead it just prints a message as “found the pr did not add vulnerable dependencies “ what does this mean?

…

On Mon, 21 Aug 2023 at 11:49 AM, Omer Zidkoni ***@***.***> wrote: Hey @nachammaichidambaram <https://github.com/nachammaichidambaram>, We have opened a pull request that addresses this issue: jfrog/froggit-go#113 <jfrog/froggit-go#113> Once it is merged, we will release the updated versions of Froggit-go and Frogbot as soon as possible and keep you updated. Thank you for reporting this issue to us and for your cooperation. — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJHPFT5SOBXCRBKR4Z3XWL4YDANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

omerzi commented on June 26, 2024

@nachammaichidambaram, this comment indicates that Frogbot hasn't identified any new vulnerabilities that you are about to add in the pull request. It conducts a comparison between your source and target branches within the pull request. If it discovers that the source branch contains vulnerabilities not present in your target branch, it will post a comment that corresponds to those vulnerabilities. However, if no new vulnerabilities are detected in your source branch compared to your target branch, the comment will reflect that no new vulnerabilities were found.

If you wish to view all vulnerabilities, regardless of whether they are already included in your target branch, you can configure the JF_INCLUDE_ALL_VULNERABILITIES environment variable and set it to true.

from frogbot.

nachammaichidambaram commented on June 26, 2024

This variable is already set

…

On Mon, 21 Aug 2023 at 13:29, Omer Zidkoni ***@***.***> wrote: @nachammaichidambaram <https://github.com/nachammaichidambaram>, this comment indicates that Frogbot hasn't identified any vulnerabilities that you intend to add to the pull request. It conducts a comparison between your source and target branches within the pull request. If it discovers that the source branch contains vulnerabilities not present in your target branch, it will post a comment that corresponds to those vulnerabilities. However, if no new vulnerabilities are detected in your source branch compared to your target branch, the comment will reflect that no new vulnerabilities were found. If you wish to view all vulnerabilities, regardless of whether they are already included in your target branch, you can configure the JF_INCLUDE_ALL_VULNERABILITIES environment variable and set it to true. — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJHU3MXXKEC4POKRWKDXWMINVANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

nachammaichidambaram commented on June 26, 2024

Do you know by when this PR will be merged? On Mon, 21 Aug 2023 at 14:19, Nachammai Chidambaram < ***@***.***> wrote:

…

This variable is already set On Mon, 21 Aug 2023 at 13:29, Omer Zidkoni ***@***.***> wrote: > @nachammaichidambaram <https://github.com/nachammaichidambaram>, this > comment indicates that Frogbot hasn't identified any vulnerabilities that > you intend to add to the pull request. It conducts a comparison between > your source and target branches within the pull request. If it discovers > that the source branch contains vulnerabilities not present in your target > branch, it will post a comment that corresponds to those vulnerabilities. > However, if no new vulnerabilities are detected in your source branch > compared to your target branch, the comment will reflect that no new > vulnerabilities were found. > > If you wish to view all vulnerabilities, regardless of whether they are > already included in your target branch, you can configure the > JF_INCLUDE_ALL_VULNERABILITIES environment variable and set it to true. > > — > Reply to this email directly, view it on GitHub > <#446 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/A2LNBJHU3MXXKEC4POKRWKDXWMINVANCNFSM6AAAAAA3SOZXFA> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

from frogbot.

omerzi commented on June 26, 2024

This variable is already set
…
On Mon, 21 Aug 2023 at 13:29, Omer Zidkoni @.> wrote: @nachammaichidambaram https://github.com/nachammaichidambaram, this comment indicates that Frogbot hasn't identified any vulnerabilities that you intend to add to the pull request. It conducts a comparison between your source and target branches within the pull request. If it discovers that the source branch contains vulnerabilities not present in your target branch, it will post a comment that corresponds to those vulnerabilities. However, if no new vulnerabilities are detected in your source branch compared to your target branch, the comment will reflect that no new vulnerabilities were found. If you wish to view all vulnerabilities, regardless of whether they are already included in your target branch, you can configure the JF_INCLUDE_ALL_VULNERABILITIES environment variable and set it to true. — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJHU3MXXKEC4POKRWKDXWMINVANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.>

Do you have vulnerabilities in your repository? If you do, please attach the complete debug logs.
About the fix, it will be merged soon. Frogbot will be released as soon as possible, and I'll let you know.

from frogbot.

omerzi commented on June 26, 2024

Accidentally closed.

from frogbot.

nachammaichidambaram commented on June 26, 2024

By When can we expect this fix to be available?

from frogbot.

omerzi commented on June 26, 2024

Hey @nachammaichidambaram,

Frogbot v2.12.2 has been released, which should address your issue. Please let me know if everything is working well now. Thank you for reporting this issue to us.

from frogbot.

nachammaichidambaram commented on June 26, 2024

Hey Omer, Thanks for your reply. Branch name issue is sorted out. But I got the following error 21:08:01 [Info] Frogbot is configured to show all vulnerabilities 21:08:01 [Debug] Looking for an existing Frogbot pull request comment. Deleting it if it exists... 21:08:01 [Error] couldn't add pull request comment: A discussion comment cannot be longer than 150000 characters. Parameter name: comment.Content 21:08:01 [Info] Frogbot version: 2.12.2 Regards, Nachammai

…

On Thu, 24 Aug 2023 at 10:04 PM, Omer Zidkoni ***@***.***> wrote: Hey @nachammaichidambaram <https://github.com/nachammaichidambaram>, Frogbot v2.12.2 has been released, which should address your issue. Please let me know if everything is working well now. Thank you for reporting this issue to us. — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2LNBJAX65HWNPBHM3U6UVLXW57BTANCNFSM6AAAAAA3SOZXFA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from frogbot.

nachammaichidambaram commented on June 26, 2024

Probably you might need to increase the comment.Content maximum length? On Fri, 25 Aug 2023 at 09:39, Nachammai Chidambaram < ***@***.***> wrote:

…

Hey Omer, Thanks for your reply. Branch name issue is sorted out. But I got the following error 21:08:01 [Info] Frogbot is configured to show all vulnerabilities 21:08:01 [Debug] Looking for an existing Frogbot pull request comment. Deleting it if it exists... 21:08:01 [Error] couldn't add pull request comment: A discussion comment cannot be longer than 150000 characters. Parameter name: comment.Content 21:08:01 [Info] Frogbot version: 2.12.2 Regards, Nachammai On Thu, 24 Aug 2023 at 10:04 PM, Omer Zidkoni ***@***.***> wrote: > Hey @nachammaichidambaram <https://github.com/nachammaichidambaram>, > > Frogbot v2.12.2 has been released, which should address your issue. > Please let me know if everything is working well now. Thank you for > reporting this issue to us. > > — > Reply to this email directly, view it on GitHub > <#446 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/A2LNBJAX65HWNPBHM3U6UVLXW57BTANCNFSM6AAAAAA3SOZXFA> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

from frogbot.

omerzi commented on June 26, 2024

Hi @nachammaichidambaram,

The content length isn't defined by us, it's a limitation on the Azure side for a pull request comment length. In regular usage of the scan pull request, you probably won't have so many issues in a single pull request that you are about to add. Therefore, this is a very rare scenario.

However, we will consider a solution for these cases and add it to our backlog for future improvements.

from frogbot.

frogbot scan pull request issue in Azure devops about frogbot HOT 32 OPEN

Comments (32)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent