YAML File

Info

If your Git repository uses main instead of master as the default branch, be sure to update the branches field in your YAML file accordingly.
# The "params" section includes the configuration of a single Git repository that needs to be scanned.
# For Azure Repos, Bitbucket Server and GitHub with JFrog Pipelines or Jenkins, you can define multiple "params" sections one after the other, for scanning multiple
# Git repositories in the same organization.
- params:
    # Git parameters
    git:
      # [Mandatory]
      # Name of the git repository to scan
      repoName: repo-name
# [Mandatory]
    # List of branches to scan
      branches:
        - master

      # [Optional]
      # Template for the branch name generated by Frogbot when creating pull requests with fixes.
      # The template must include ${BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
      # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
      # branchNameTemplate: "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}"

      # [Optional]
      # Template for the commit message generated by Frogbot when creating pull requests with fixes
      # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
      # commitMessageTemplate: "Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"

      # [Optional]
      # Template for the pull request title generated by Frogbot when creating pull requests with fixes.
      # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
      # pullRequestTitleTemplate: "[🐸 Frogbot] Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"

      # [Optional, Default: false]
      # If true, Frogbot creates a single pull request with all the fixes.
      # If false, Frogbot creates a separate pull request for each fix.
      # aggregateFixes: false

      # [Optional, Default: eco-system+frogbot@jfrog.com]
      # Set the email of the commit author
      # emailAuthor: ""

    # Frogbot scanning parameters
    scan:
      # [Default: false]
      # Frogbot displays all existing vulnerabilities, including the ones that were not added by the pull request
      # includeAllVulnerabilities: true

      # [Default: false]
      # When adding new comments on pull requests, keep old comments that were added by previous scans.
      # avoidPreviousPrCommentsDeletion: true

      # [Default: true]
      # Frogbot does not fail the task if security issues are found and this parameter is set to false
      # failOnSecurityIssues: false

      # [Default: false]
      # Handle vulnerabilities with fix versions only
      # fixableOnly: true

      # [Optional]
      # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
      # The following values are accepted: Low, Medium, High or Critical
      # minSeverity: ""

      # [Optional]
      # List of email addresses to receive emails about secrets that has been detected in a pull request scan.
      # Applies only to servers that are entitled to JFrog Advanced Security.
      # emailReceivers:
      # - user@company.com

      # List of subprojects / project dirs inside the Git repository
      projects:
      # [Mandatory if the two conditions below are met]
      # 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies
      # 2. The `installCommand` variable isn't set in your frogbot-config.yml file.
      #
      # The command that installs the project dependencies (e.g "nuget restore")
      # - installCommand: ""

      # [Default: root directory]
      # List of relative path's to the projects directories in the git repository. If left empty (without providing "." yourself as the root directory's path), a recursive scan is triggered from the root directory of the project.
      #   workingDirs:
      #     - "."

      # [Default: ["*.git*", "*node_modules*", "*target*", "*venv*", "*test*"]]
      # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
      #   pathExclusions:
      #     - "*node_modules*"
      #     - "*target*"
      #     - "*venv*"
      #     - "*test*"

      # [Mandatory for pip only if using requirements file, Default: pip install .]
      # The requirements file name that is used to install dependencies in case of pip package manager
      #   pipRequirementsFile: ""

      # [Default: true]
      # Use Gradle Wrapper (gradlew/gradlew.bat) to run Gradle
      #   useWrapper: true

      # [Optional]
      # Name of a Virtual Repository in Artifactory to resolve (download) the project dependencies from
      #   repository: ""

    # JFrog Platform parameters
    jfrogPlatform:
    # [Optional]
    # JFrog project key. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Projects)
    # jfrogProjectKey: ""

    # [Optional]
    # Xray Watches. Learn more about it [here](https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches)
    # watches:
    #  - ""