Frogbot 0.1.0

JFrog Pipelines Documentation

Products
JFrog Pipelines
Content Type
User Guide
ft:sourceType
Paligo

Frogbot is a Git bot that scans your pull requests and repositories for security vulnerabilities. You can scan pull requests when they are opened, and Git repositories following new commits. This task allows you to embed Frogbot in your Pipelines Steps. Click here for more information about Frogbot.

Frogbot supports below bot actions:

  • create-fix-pull-requests: Scan the current branch and create pull requests with fixes if needed

  • scan-pull-request: Scan a pull request with JFrog Xray for security vulnerabilities

  • scan-pull-requests: Scan multiple pull request with JFrog Xray for security vulnerabilities

  • scan-and-fix-repos: Scan single or multiple repositories and create pull requests with fixes if any security vulnerabilities are found

Prerequisites

Frogbot task uses JFrog Platform Access Token integration and Git server integration like GitGub, Bitbucket etc. Refer to this section to learn more about integrations.

Usage

Basic:

- task: jfrog/frogbot@v0.1.0
  input:
    platformAccessTokenIntegration: "jfrogPlatform"
    resourceName: "gh_frogbot"
    botAction: "create-fix-pull-requests" 

Input Variables

Name

Required

Default

Description

platformAccessTokenIntegration

true

Name of the JFrog platform access token integration.

resourceName

true

 

Resource name to be scanned by Frogbot.

botAction

true

 

Action to be performed by Frogbot.

Output Variables

None

Exported Environment Variables

None

How does it work?

This task downloads the Frogbot binary from the official release source and runs the specified action at the root of the resource.

Frogbot uses configuration and expects ./frogbot/frogbot-config.yml file to be present to read repository name, branches to be configured, required commands to fetch binary used in your Project. Refer here for more details about Frogbot config. Below is a sample for frogbot-config.yml.

- params:
  git:
    repoName: {RepositoryName}
    branches:
      - {Branches to scan}
  scan:
    projects:
      # depending package install command mandatory only for npm, yarn, nugget
      - installCommand: {"npm i" | "yarn install" | "nugget restore"}

License

This project is licensed under Apache 2.0 license.