Comments (6)
Hello @rsi-mrobinson, Frogbot specifically needs advanced security settings solely for accessing JFrog Advanced Security features like Contextual Analysis, Secrets Detection, SAST, and IaC. However, for license and vulnerability scans, Frogbot solely relies on Xray abilities. Could you kindly provide the complete debug logs? This will help us investigate your issues during the vulnerability scan.
from frogbot.
Here's the debug logs:
17:22:58 [Info] Frogbot version: 2.19.4
17:22:58 [Debug] Reading config from file system. Looking for .frogbot/frogbot-config.yml
17:22:58 [Debug] frogbot-config.yml wasn't found in /home/runner/_work/proto-hastur-ui/proto-hastur-ui/.frogbot/frogbot-config.yml. Searching for it in upstream directories
17:22:58 [Debug] Attempting to download frogbot-config.yml from orgname/proto-hastur-ui
17:22:58 [Debug] The frogbot-config.yml will be downloaded from main branch
17:22:58 [Info] Successfully downloaded frogbot-config.yml file from <orgname/proto-hastur-ui/main>
17:22:58 [Debug] The content of frogbot-config.yml that will be used is:
- params:
git:
repoName: proto-hastur-ui
branches:
- main
scan:
projects:
- installCommand: "npm install"
jfrogPlatform:
jfrogProjectKey: "proj_key"
17:22:58 [Debug] Sending HTTP HEAD request to: 'https://github.com/jfrog/frogbot'
17:22:58 [Debug] Locking config file to run config AddOrEdit command.
17:22:58 [Debug] Creating lock in: /tmp/jfrog.cli.temp.-1702488178-1625234196/locks/config
17:22:58 [Debug] Releasing lock: /tmp/jfrog.cli.temp.-1702488178-1625234196/locks/config/jfrog-cli.conf.lck.86.1702488178830231779
17:22:58 [Debug] Config AddOrEdit command completed successfully. config file is released.
17:22:58 [Debug] Usage Report: Sending info...
17:22:58 [Info] Running Frogbot "scan-repository" command
17:22:58 [Debug] Sending HTTP POST request to: https://usage-ecosystem.jfrog.io/api/usage/report
17:22:58 [Debug] Sending HTTP GET request to: https://company.jfrog.io/xray/api/v1/system/version
17:22:58 [Debug] Sending HTTP GET request to: https://company.jfrog.io/artifactory/api/system/version
17:22:58 [Debug] JFrog Xray version is: 3.86.4
17:22:58 [Debug] Sending HTTP POST request to: https://company.jfrog.io/xray/api/v1/usage/events/send
17:22:58 [Debug] Artifactory response: 200
17:22:58 [Debug] JFrog Artifactory version is: 7.75.4
17:22:58 [Debug] Sending HTTP POST request to: https://company.jfrog.io/artifactory/api/system/usage
17:22:59 [Debug] Setting timeout for go-git to 120 seconds ...
17:22:59 [Debug] Created temp working directory: /tmp/jfrog.cli.temp.-1702488179-3490226136
17:22:59 [Debug] Cloning <https://github.com/orgname/proto-hastur-ui.git/origin/refs/heads/main>...
17:23:12 [Debug] Project cloned from https://github.com/orgname/proto-hastur-ui.git to /tmp/jfrog.cli.temp.-1702488179-3490226136
17:23:12 [Debug] Sending HTTP GET request to: https://company.jfrog.io/xray/api/v1/system/version
17:23:12 [Debug] Sending HTTP GET request to: https://company.jfrog.io/xray/api/v1/entitlements/feature/contextual_analysis
Error: 2 [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis:
server response: 404 Not Found
Error: The process '/home/runner/_work/_tool/frogbot/[RELEASE]/x64/frogbot' failed with exit code 1```
from frogbot.
Any indication what I may have done wrong @omerzi ?
from frogbot.
@rsi-mrobinson,
Will you be able to open a ticket JFrog Support, so that they can investigate why this error - [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis: server response: 404 Not Found
is received when Frogbot attempts to access the Entitlement endpoint? This isn't something we're expecting or seeing for other setups.
from frogbot.
Was there a resolution here? I'm seeing a similar error message but with a 401 response code. Using version 2.20.1.
$ /usr/local/bin/frogbot ${FROGBOT_CMD}
13:09:06 [Info] Frogbot version: 2.20.1
13:09:06 [Info] Running Frogbot "scan-pull-request" command
13:09:07 [Info] Scanning Pull Request #104 (from source branch: <path/to/project/branch> to target branch: <path/to/project/main>)
13:09:07 [Info] -----------------------------------------------------------
13:09:09 [Info] common repository downloaded successfully. Starting with repository extraction...
13:09:09 [Info] Extracted repository successfully
13:09:09 [Info] Scanning source branch...
13:09:09 [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis:
server response: 401 Unauthorized
{
"error": "Found invalid token"
}
I can use the same token for API calls with curl.
$ jtoken=$(glab variable get -g path/to/project ART_TOKEN)
$ curl -H "Authorization: Bearer ${jtoken}" https://art.example.com/api/system/ping
OK
$
from frogbot.
Was there a resolution here? I'm seeing a similar error message but with a 401 response code. Using version 2.20.1.
$ /usr/local/bin/frogbot ${FROGBOT_CMD} 13:09:06 [Info] Frogbot version: 2.20.1 13:09:06 [Info] Running Frogbot "scan-pull-request" command 13:09:07 [Info] Scanning Pull Request #104 (from source branch: <path/to/project/branch> to target branch: <path/to/project/main>) 13:09:07 [Info] ----------------------------------------------------------- 13:09:09 [Info] common repository downloaded successfully. Starting with repository extraction... 13:09:09 [Info] Extracted repository successfully 13:09:09 [Info] Scanning source branch... 13:09:09 [Error] got unexpected server response while attempting to get JFrog Xray entitlements response for contextual_analysis: server response: 401 Unauthorized { "error": "Found invalid token" }I can use the same token for API calls with curl.
$ jtoken=$(glab variable get -g path/to/project ART_TOKEN) $ curl -H "Authorization: Bearer ${jtoken}" https://art.example.com/api/system/ping OK $
Same for me - running scan pull request I also get a 401 while attempting to get JFrog Xray entitlements for contextual_analysis.
Any updates?
from frogbot.
Related Issues (20)
- git clone failed with error: authentication required HOT 2
- License violations don't include Severity. Also lots of licenses get reported as Unknown. HOT 15
- Fails to scan custom python packages HOT 2
- can be deleted
- Support for yarn3 workspaces? HOT 2
- Question HOT 2
- How to exclude scanning the devDependencies for npm / js projects? HOT 2
- Update action to use node 20 HOT 1
- OIDC Support to Frogbot HOT 3
- Problems executing frogbot in Enterprise env without internet connection HOT 7
- Receiving error: ./frogbot: No such file or directory HOT 3
- JFrog reports a go.mod file as being in the root when it isn't HOT 5
- Skip problematic dependency update HOT 1
- Version 2.8.0-RC1 is not available for artifact commons-io:commons-io HOT 1
- Frogbot opened PRs not showing in bitbucket HOT 1
- Couldn't update "org.springframework.ws:spring-ws" to suggested fix version: Version 2.4.4 is not available for artifact HOT 1
- Code Scan is not working for C# project HOT 4
- Raising of GitHub Security events for vulnerable packages HOT 2
- When Frogbot Scan fails for any reason, no comment is added to PR HOT 3
- GitLab Pipeline Artifacts/Reports HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frogbot.