Minor changes (#22)

jfrog · Mar 31, 2022 · cdaf4a0 · cdaf4a0
1 parent 188ecd5
commit cdaf4a0
Show file tree

Hide file tree

Showing 17 changed files with 55 additions and 38 deletions.
diff --git a/.github/workflows/frogbot.yml b/.github/workflows/frogbot.yml
@@ -1,7 +1,7 @@
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [labeled, opened]
 jobs:

diff --git a/README.md b/README.md
@@ -13,6 +13,13 @@ Frogbot is a Git bot that scans your pull requests with JFrog Xray for security
 
 After a new pull request is created, one of the maintainers can add the "Frogbot scan" label to the pull request. Frogbot will then be triggered and the pull request will be scanned. The scan output will include only new vulnerabilities added by the pull request. Vulnerabilities that existed in the code prior to the pull request created will not be added to the report.
 
+After the pull request scanning completed, Frogbot will automatically add a comment to the pull request.
+If no vulnerabilities were added in the pull request:
+[![No Vuln](./resources/noVulnerabilityBanner.png)](#-how-does-it-work)
+
+If one or more vulnerabilities were added in the pull request:
+[![Vuln found](./resources/vulnExample.png)](#-how-does-it-work)
+
 ## 🖥️ Usage
 
 - [Using Frogbot with GitHub Actions](#using-frogbot-with-github-actions)
@@ -22,13 +29,20 @@ After a new pull request is created, one of the maintainers can add the "Frogbot
 
 For a super quick start, we created [GitHub Actions templates](templates/github-actions/README.md#github-actions-templates) under [templates/github-action](templates/github-actions/).
 
+#### How does it work?
+
+1. User opens a pull request
+1. If missing, Frogbot creates a label `🐸 frogbot scan pr` in the repository
+1. Maintainer reviewes the pull request and assigns `🐸 frogbot scan pr`
+1. Frogbot gets triggered by the label, unlabels it, and executes the pull request scanning
+
 Here's a recommanded structure of a `frogbot.yml` workflow file:
 
 ```yml
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [opened, labeled]
 jobs:

diff --git a/commands/scanpullrequest.go b/commands/scanpullrequest.go
@@ -36,13 +36,13 @@ func GetScanPullRequestFlags() []clitool.Flag {
 	return []clitool.Flag{
 		&clitool.BoolFlag{
 			Name:    "use-labels",
-			Usage:   "Set to true if scan-pull-request is triggered by adding '🐸 frogbot' label to a pull request.",
+			Usage:   "Set to true if scan-pull-request is triggered by adding '🐸 frogbot scan pr' label to a pull request.",
 			EnvVars: []string{"JF_USE_LABELS"},
 		},
 	}
 }
 
-// Run before scan, to make sure the Xray scan will be run only after adding the frogbot label.
+// Run before scan, to make sure the Xray scan will be run only after adding the 'frogbot scan pr' label.
 // If label is missing - create the label and do nothing
 // If pr isn't labeled - do nothing
 // If pr is labeled - remove label and allow running Xray scan (return nil)
@@ -237,10 +237,8 @@ func getUniqueID(vulnerability xrayutils.VulnerabilityRow) string {
 
 func createPullRequestMessage(vulnerabilitiesRows []xrayutils.VulnerabilityRow) string {
 	if len(vulnerabilitiesRows) == 0 {
-		return utils.GetNoVulnerabilitiesBanner()
+		return utils.GetBanner(utils.NoVulnerabilityBannerSource) + utils.WhatIsFrogbotMd
 	}
-	tableHeder := "\n| SEVERITY | IMPACTED PACKAGE | IMPACTED PACKAGE  VERSION | FIXED VERSIONS | COMPONENT | COMPONENT VERSION | CVE\n" +
-		":--: | -- | -- | -- | -- | :--: | --"
 	var tableContent string
 	for _, vulnerability := range vulnerabilitiesRows {
 		var componentName, componentVersion, cve string
@@ -254,5 +252,5 @@ func createPullRequestMessage(vulnerabilitiesRows []xrayutils.VulnerabilityRow)
 		tableContent += fmt.Sprintf("\n| %s | %s | %s | %s | %s | %s | %s ", utils.GetSeverityTag(vulnerability.Severity)+" "+vulnerability.Severity, vulnerability.ImpactedPackageName,
 			vulnerability.ImpactedPackageVersion, vulnerability.FixedVersions, componentName, componentVersion, cve)
 	}
-	return utils.GetVulnerabilitiesBanner() + tableHeder + tableContent
+	return utils.GetBanner(utils.VulnerabilitiesBannerSource) + utils.WhatIsFrogbotMd + utils.TableHeder + tableContent
 }
diff --git a/commands/testdata/messages/dummyvulnerabilities.md b/commands/testdata/messages/dummyvulnerabilities.md
@@ -1,5 +1,7 @@
-![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/vulnerabilitiesBanner.png)
-| SEVERITY | IMPACTED PACKAGE | IMPACTED PACKAGE  VERSION | FIXED VERSIONS | COMPONENT | COMPONENT VERSION | CVE
+[![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/vulnerabilitiesBanner.png)](https://github.com/jfrog/frogbot#frogbot)
+
+[What is Frogbot?](https://github.com/jfrog/frogbot#frogbot)
+| SEVERITY | IMPACTED PACKAGE | VERSION | FIXED VERSIONS | COMPONENT | COMPONENT VERSION | CVE
 :--: | -- | -- | -- | -- | :--: | --
 | ![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/highSeverity.png) High | github.com/nats-io/nats-streaming-server | v0.21.0 | [0.24.1] | github.com/nats-io/nats-streaming-server | v0.21.0 | CVE-2022-24450 
 | ![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/highSeverity.png) High | github.com/mholt/archiver/v3 | v3.5.1 |  | github.com/mholt/archiver/v3 | v3.5.1 |  

diff --git a/commands/testdata/messages/novulnerabilities.md b/commands/testdata/messages/novulnerabilities.md
@@ -1 +1,3 @@
-![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/noVulnerabilityBanner.png)
+[![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/noVulnerabilityBanner.png)](https://github.com/jfrog/frogbot#frogbot)
+
+[What is Frogbot?](https://github.com/jfrog/frogbot#frogbot)
diff --git a/commands/utils/consts.go b/commands/utils/consts.go
@@ -20,7 +20,7 @@ const (
 	gitLab vcsProvider = "gitlab"
 
 	// Frogbot label
-	LabelName        frogbotLabel = "🐸 frogbot"
+	LabelName        frogbotLabel = "🐸 frogbot scan pr"
 	LabelDescription frogbotLabel = "triggers frogbot scan"
 	LabelColor       frogbotLabel = "4AB548"
 
@@ -45,4 +45,9 @@ const (
 	gitBaseBranchEnv    = "JF_GIT_BASE_BRANCH"
 	gitPullRequestIDEnv = "JF_GIT_PULL_REQUEST_ID"
 	WatchesDelimiter    = ","
+
+	// Comment
+	TableHeder = "\n| SEVERITY | IMPACTED PACKAGE | VERSION | FIXED VERSIONS | COMPONENT | COMPONENT VERSION | CVE\n" +
+		":--: | -- | -- | -- | -- | :--: | --"
+	WhatIsFrogbotMd = "\n\n[What is Frogbot?](https://github.com/jfrog/frogbot#frogbot)"
 )
diff --git a/commands/utils/icons.go b/commands/utils/icons.go
@@ -19,12 +19,8 @@ func GetSeverityTag(iconName string) string {
 	return ""
 }
 
-func GetNoVulnerabilitiesBanner() string {
-	return getIconTag(NoVulnerabilityBannerSource)
-}
-
-func GetVulnerabilitiesBanner() string {
-	return getIconTag(VulnerabilitiesBannerSource)
+func GetBanner(banner imageSource) string {
+	return "[" + getIconTag(banner) + "](https://github.com/jfrog/frogbot#frogbot)"
 }
 
 func getIconTag(imageSource imageSource) string {

diff --git a/commands/utils/icons_test.go b/commands/utils/icons_test.go
@@ -15,6 +15,6 @@ func TestGetSeverityTag(t *testing.T) {
 }
 
 func TestGetVulnerabilitiesBanners(t *testing.T) {
-	assert.Equal(t, "![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/noVulnerabilityBanner.png)", GetNoVulnerabilitiesBanner())
-	assert.Equal(t, "![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/vulnerabilitiesBanner.png)", GetVulnerabilitiesBanner())
+	assert.Equal(t, "[![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/noVulnerabilityBanner.png)](https://github.com/jfrog/frogbot#frogbot)", GetBanner(NoVulnerabilityBannerSource))
+	assert.Equal(t, "[![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/vulnerabilitiesBanner.png)](https://github.com/jfrog/frogbot#frogbot)", GetBanner(VulnerabilitiesBannerSource))
 }
diff --git a/resources/vulnExample.png b/resources/vulnExample.png
diff --git a/templates/github-actions/frogbot-dotnet.yml b/templates/github-actions/frogbot-dotnet.yml
@@ -1,7 +1,7 @@
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [labeled, opened]
 jobs:

diff --git a/templates/github-actions/frogbot-go.yml b/templates/github-actions/frogbot-go.yml
@@ -1,7 +1,7 @@
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [labeled, opened]
 jobs:

diff --git a/templates/github-actions/frogbot-gradle.yml b/templates/github-actions/frogbot-gradle.yml
@@ -1,7 +1,7 @@
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [labeled, opened]
 jobs:

diff --git a/templates/github-actions/frogbot-maven.yml b/templates/github-actions/frogbot-maven.yml
@@ -1,7 +1,7 @@
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [labeled, opened]
 jobs:

diff --git a/templates/github-actions/frogbot-npm.yml b/templates/github-actions/frogbot-npm.yml
@@ -1,7 +1,7 @@
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [labeled, opened]
 jobs:

diff --git a/templates/github-actions/frogbot-nuget.yml b/templates/github-actions/frogbot-nuget.yml
@@ -1,7 +1,7 @@
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [labeled, opened]
 jobs:

diff --git a/templates/github-actions/frogbot-pip.yml b/templates/github-actions/frogbot-pip.yml
@@ -1,7 +1,7 @@
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [labeled, opened]
 jobs:

diff --git a/templates/github-actions/frogbot-pipenv.yml b/templates/github-actions/frogbot-pipenv.yml
@@ -1,7 +1,7 @@
 name: "Frogbot"
 on:
-  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot" label if needed.
-  # After "🐸 frogbot" label was added to a pull request, Frogbot scans the pull request.
+  # After a pull request opened, Frogbot automatically creates the "🐸 frogbot scan pr" label if needed.
+  # After "🐸 frogbot scan pr" label was added to a pull request, Frogbot scans the pull request.
   pull_request_target:
     types: [labeled, opened]
 jobs: