Coder Social home page Coder Social logo

Comments (6)

omerzi avatar omerzi commented on July 22, 2024

Hello @rsi-mrobinson, Frogbot specifically needs advanced security settings solely for accessing JFrog Advanced Security features like Contextual Analysis, Secrets Detection, SAST, and IaC. However, for license and vulnerability scans, Frogbot solely relies on Xray abilities. Could you kindly provide the complete debug logs? This will help us investigate your issues during the vulnerability scan.

from frogbot.

rsi-mrobinson avatar rsi-mrobinson commented on July 22, 2024

Here's the debug logs:

  17:22:58 [Info] Frogbot version: 2.19.4
  17:22:58 [Debug] Reading config from file system. Looking for .frogbot/frogbot-config.yml
  17:22:58 [Debug] frogbot-config.yml wasn't found in /home/runner/_work/proto-hastur-ui/proto-hastur-ui/.frogbot/frogbot-config.yml. Searching for it in upstream directories
  17:22:58 [Debug] Attempting to download frogbot-config.yml from orgname/proto-hastur-ui
  17:22:58 [Debug] The frogbot-config.yml will be downloaded from main branch
  17:22:58 [Info] Successfully downloaded frogbot-config.yml file from <orgname/proto-hastur-ui/main>
  17:22:58 [Debug] The content of frogbot-config.yml that will be used is:
  - params:
      git:
        repoName: proto-hastur-ui
        branches:
          - main
      scan:
        projects:
          - installCommand: "npm install"
      jfrogPlatform:
      jfrogProjectKey: "proj_key"
  17:22:58 [Debug] Sending HTTP HEAD request to: 'https://github.com/jfrog/frogbot'
  17:22:58 [Debug] Locking config file to run config AddOrEdit command.
  17:22:58 [Debug] Creating lock in: /tmp/jfrog.cli.temp.-1702488178-1625234196/locks/config
  17:22:58 [Debug] Releasing lock: /tmp/jfrog.cli.temp.-1702488178-1625234196/locks/config/jfrog-cli.conf.lck.86.1702488178830231779
  17:22:58 [Debug] Config AddOrEdit command completed successfully. config file is released.
  17:22:58 [Debug] Usage Report: Sending info...
  17:22:58 [Info] Running Frogbot "scan-repository" command
  17:22:58 [Debug] Sending HTTP POST request to: https://usage-ecosystem.jfrog.io/api/usage/report
  17:22:58 [Debug] Sending HTTP GET request to: https://company.jfrog.io/xray/api/v1/system/version
  17:22:58 [Debug] Sending HTTP GET request to: https://company.jfrog.io/artifactory/api/system/version
  17:22:58 [Debug] JFrog Xray version is: 3.86.4
  17:22:58 [Debug] Sending HTTP POST request to: https://company.jfrog.io/xray/api/v1/usage/events/send
  17:22:58 [Debug] Artifactory response: 200 
  17:22:58 [Debug] JFrog Artifactory version is: 7.75.4
  17:22:58 [Debug] Sending HTTP POST request to: https://company.jfrog.io/artifactory/api/system/usage
  17:22:59 [Debug] Setting timeout for go-git to 120 seconds ...
  17:22:59 [Debug] Created temp working directory: /tmp/jfrog.cli.temp.-1702488179-3490226136
  17:22:59 [Debug] Cloning <https://github.com/orgname/proto-hastur-ui.git/origin/refs/heads/main>...
  17:23:12 [Debug] Project cloned from https://github.com/orgname/proto-hastur-ui.git to /tmp/jfrog.cli.temp.-1702488179-3490226136
  17:23:12 [Debug] Sending HTTP GET request to: https://company.jfrog.io/xray/api/v1/system/version
  17:23:12 [Debug] Sending HTTP GET request to: https://company.jfrog.io/xray/api/v1/entitlements/feature/contextual_analysis
  Error: 2 [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis:
  server response: 404 Not Found
  Error: The process '/home/runner/_work/_tool/frogbot/[RELEASE]/x64/frogbot' failed with exit code 1```

from frogbot.

rsi-mrobinson avatar rsi-mrobinson commented on July 22, 2024

Any indication what I may have done wrong @omerzi ?

from frogbot.

eyalbe4 avatar eyalbe4 commented on July 22, 2024

@rsi-mrobinson,
Will you be able to open a ticket JFrog Support, so that they can investigate why this error - [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis: server response: 404 Not Found is received when Frogbot attempts to access the Entitlement endpoint? This isn't something we're expecting or seeing for other setups.

from frogbot.

jghal avatar jghal commented on July 22, 2024

Was there a resolution here? I'm seeing a similar error message but with a 401 response code. Using version 2.20.1.

$ /usr/local/bin/frogbot ${FROGBOT_CMD}
13:09:06 [Info] Frogbot version: 2.20.1
13:09:06 [Info] Running Frogbot "scan-pull-request" command
13:09:07 [Info] Scanning Pull Request #104 (from source branch: <path/to/project/branch> to target branch: <path/to/project/main>)
13:09:07 [Info] -----------------------------------------------------------
13:09:09 [Info] common repository downloaded successfully. Starting with repository extraction...
13:09:09 [Info] Extracted repository successfully
13:09:09 [Info] Scanning source branch...
13:09:09 [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis:
server response: 401 Unauthorized
{
  "error": "Found invalid token"
}

I can use the same token for API calls with curl.

$ jtoken=$(glab variable get -g path/to/project ART_TOKEN)
$ curl -H "Authorization: Bearer ${jtoken}" https://art.example.com/api/system/ping
OK
$

from frogbot.

mcavey-arch avatar mcavey-arch commented on July 22, 2024

Was there a resolution here? I'm seeing a similar error message but with a 401 response code. Using version 2.20.1.

$ /usr/local/bin/frogbot ${FROGBOT_CMD}
13:09:06 [Info] Frogbot version: 2.20.1
13:09:06 [Info] Running Frogbot "scan-pull-request" command
13:09:07 [Info] Scanning Pull Request #104 (from source branch: <path/to/project/branch> to target branch: <path/to/project/main>)
13:09:07 [Info] -----------------------------------------------------------
13:09:09 [Info] common repository downloaded successfully. Starting with repository extraction...
13:09:09 [Info] Extracted repository successfully
13:09:09 [Info] Scanning source branch...
13:09:09 [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis:
server response: 401 Unauthorized
{
  "error": "Found invalid token"
}

I can use the same token for API calls with curl.

$ jtoken=$(glab variable get -g path/to/project ART_TOKEN)
$ curl -H "Authorization: Bearer ${jtoken}" https://art.example.com/api/system/ping
OK
$

Same for me - running scan pull request I also get a 401 while attempting to get JFrog Xray entitlements for contextual_analysis.

Any updates?

from frogbot.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.