Package Manager Prerequisites

JFrog Security User Guide
ft:sourceType
Ftml

Before You Begin

Frogbot relies on the presence of package manager executables and proper configuration to accurately scan and secure your repositories.

SCA Requirements

RequirementDescription
Package Manager ExecutablesEnsure the appropriate package manager is installed and operational in your environment.
Network AccessFrogbot may need internet access to download dependencies based on your package manager settings.
Environment ConfigurationEnsure that necessary environment variables, proxies, or custom configurations are properly set.

Technology-Specific Prerequisites

Each package manager and build tool may have unique prerequisites.

npm (Node.js)

RequirementDetails
RequirementsEnsure Node.js and npm are installed and available in your PATH.
Lock Filepackage-lock.jsonis required for accurate dependency scanning.
Environment SetupRunnpm installto verify dependencies resolve correctly.

Yarn

RequirementDetails
RequirementsInstall Yarn and verify it’s available in your PATH.
Lock FileTheyarn.lockfile must be present.
Environment SetupRunyarn installto confirm that the setup works without errors.

Maven (Java)

RequirementDetails
RequirementsEnsure Maven (or themvnwwrapper) is accessible.
Lock FileThepom.xmlfile should be correctly configured.
Environment SetupExecutemvn installto validate dependency resolution.

Python (pip)

RequirementDetails
RequirementsPython and pip must be installed and available in the environment.
Lock FileTherequirements.txtfile should be present for dependency definitions.
Environment SetupRunpip install -r requirements.txtto ensure dependencies are configured correctly.

Go

RequirementDetails
RequirementsEnsure Go is installed and available in your PATH.
Lock FileThego.sumfile must be present for accurate dependency scanning.
Environment SetupRungo mod tidyto ensure all dependencies are correctly listed and resolved ingo.sum.

.NET (NuGet)

RequirementDetails
RequirementsInstall the .NET SDK and ensure NuGet is available in your PATH.
Visual Studio ProjectsEnsure.slnfiles are present in your repository.
Other Dependency FilesFiles such aspackages.configor*.csprojshould be present and correctly configured.
Lock FileVarious files assist in tracking dependencies; specific files ensure completeness.
Environment SetupRundotnet restoreto confirm that all NuGet dependencies are resolved correctly.