Comments (2)
orz25
commented on June 26, 2024
Hi @imranzunzani ,
In Frogbot we currently lack the option of excluding devDependencies from the scan.
However, this option is available on Jfrog Cli: in the Cli, If you want to change the dependency scanning type, you can use the following flag when trigger your scan: --dep-type
Meaning, you can trigger an audit scan locally on your machine by running the following command from your project directory: jf audit --dep-type prodOnly
When this flag is set to "prodOnly" the devDependencies will not be scanned.
In addition, you can add a feature request to the Frogbot project and our team will review it.
You can find more information regarding the different Cli Audit command flags here: https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli/cli-for-jfrog-security/scan-your-source-code
And can find more information regarding the existing Frogbot configurations here:
https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot/setup-frogbot/frogbot-configuration
https://github.com/jfrog/documentation/blob/main/jfrog-applications/frogbot/templates/.frogbot/frogbot-config.yml
from frogbot.
imranzunzani
commented on June 26, 2024
Hi @orz25,
Figured out a way to do this with Frogbot. Setting an env value, as below, works:
env:
NODE_ENV: 'production'Hope this helps others searching for a way/workaround.
from frogbot.
Related Issues (20)
- frogbot-config.yml for Gitlab HOT 1
- Frogbot does not create PR after scan-repository in a monorepo HOT 1
- git clone failed with error: authentication required HOT 2
- License violations don't include Severity. Also lots of licenses get reported as Unknown. HOT 15
- Fails to scan custom python packages HOT 2
- can be deleted
- Support for yarn3 workspaces? HOT 2
- Question HOT 2
- Update action to use node 20 HOT 1
- OIDC Support to Frogbot HOT 3
- Problems executing frogbot in Enterprise env without internet connection HOT 7
- Receiving error: ./frogbot: No such file or directory HOT 3
- JFrog reports a go.mod file as being in the root when it isn't HOT 5
- Skip problematic dependency update HOT 1
- Version 2.8.0-RC1 is not available for artifact commons-io:commons-io HOT 1
- Frogbot opened PRs not showing in bitbucket HOT 1
- Couldn't update "org.springframework.ws:spring-ws" to suggested fix version: Version 2.4.4 is not available for artifact HOT 1
- Code Scan is not working for C# project HOT 4
- Raising of GitHub Security events for vulnerable packages HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frogbot.