Skip to content

Commit

Permalink
Add getFrogbot.sh remote details in docs (#330)
Browse files Browse the repository at this point in the history
  • Loading branch information
@omerzi
omerzi authored Jun 13, 2023
1 parent 59f25e1 commit da2dd24
Show file tree
Hide file tree
Showing 13 changed files with 390 additions and 254 deletions.
41 changes: 27 additions & 14 deletions docs/install-azure-repos.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,18 @@ To install Frogbot on Azure Repos repositories, follow these steps.
- "master"
pool:
vmImage: ubuntu-latest

variables:
# Predefined Azure Pipelines variables. There's no need to modify them.
JF_GIT_PROJECT: $(System.TeamProject)
JF_GIT_API_ENDPOINT: $(System.CollectionUri)
JF_GIT_PROVIDER: 'azureRepos'

jobs:
- job:
displayName: "Frogbot Scan Pull Requests"
displayName: "Frogbot Scan"
steps:
- task: CmdLine@2
displayName: 'Download and Run Frogbot'
env:
# Predefined Azure Pipelines variables. There's no need to modify them.
JF_GIT_PROJECT: $(System.TeamProject)
Expand Down Expand Up @@ -81,13 +87,19 @@ To install Frogbot on Azure Repos repositories, follow these steps.
# The 'frogbot' executable and other tools it needs will be downloaded through this repository.
# JF_RELEASES_REPO: ""



##########################################################################
## If your project uses a 'frogbot-config.yml' file, you can define ##
## the following variables inside the file, instead of here. ##
##########################################################################

# [Mandatory]
# The name of the repository
JF_GIT_REPO: "multi_example_project"

# [Mandatory]
# The name of the branch on which Frogbot will perform the scan
JF_GIT_BASE_BRANCH: "main"

# [Mandatory if the two conditions below are met]
# 1. The project uses yarn 2, NuGet or .NET to download its dependencies
# 2. The `installCommand` variable isn't set in your frogbot-config.yml file.
Expand All @@ -98,19 +110,19 @@ To install Frogbot on Azure Repos repositories, follow these steps.
# [Optional, default: "."]
# Relative path to the root of the project in the Git repository
# JF_WORKING_DIR: path/to/project/dir

# [Optional]
# Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
# JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

# [Optional]
# JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
# JF_PROJECT: <project-key>

# [Optional, default: "FALSE"]
# Displays all existing vulnerabilities, including the ones that were added by the pull request.
# JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"

# [Optional, default: "TRUE"]
# Fails the Frogbot task if any security issue is found.
# JF_FAIL: "FALSE"
Expand All @@ -134,12 +146,12 @@ To install Frogbot on Azure Repos repositories, follow these steps.
# The template must include ${BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
# The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
# JF_BRANCH_NAME_TEMPLATE: "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}"

# [Optional]
# Template for the commit message generated by Frogbot when creating pull requests with fixes
# The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
# JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"

# [Optional]
# Template for the pull request title generated by Frogbot when creating pull requests with fixes.
# The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
Expand All @@ -158,12 +170,13 @@ To install Frogbot on Azure Repos repositories, follow these steps.
# Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
# The following values are accepted: Low, Medium, High or Critical
# JF_MIN_SEVERITY: ""

displayName: 'Download and Run Frogbot'
inputs:
script: |
curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh
./frogbot scan-pull-requests
./frogbot scan-and-fix-repos
getFrogbotScriptPath=$( [[ -z "$JF_RELEASES_REPO" ]] && echo "https://releases.jfrog.io" || echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}" )
curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh
./frogbot scan-pull-requests
./frogbot scan-and-fix-repos
```
</details>
Expand Down
79 changes: 45 additions & 34 deletions docs/install-bitbucket-server.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,13 +85,18 @@
// The 'frogbot' executable and other tools it needs will be downloaded through this repository.
// JF_RELEASES_REPO= ""
//////////////////////////////////////////////////////////////////////////
// If your project uses a 'frogbot-config.yml' file, you can define //
// the following variables inside the file, instead of here. //
//////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
// If your project uses a 'frogbot-config.yml' file, you should define //
// the following variables inside the file, instead of here. //
///////////////////////////////////////////////////////////////////////////
// [Mandatory]
// The name of the repository
JF_GIT_REPO: ""
// [Mandatory]
// The name of the branch on which Frogbot will perform the scan
JF_GIT_BASE_BRANCH: ""
// [Mandatory if the two conditions below are met]
// 1. The project uses yarn 2, NuGet or .NET to download its dependencies
Expand Down Expand Up @@ -168,35 +173,41 @@
stages {
stage('Download Frogbot') {
steps {
// For Linux / MacOS runner:
sh """ curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh"""
// For Windows runner:
// powershell """iwr https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe"""
}
}
stage('Scan Pull Requests') {
steps {
sh "./frogbot scan-pull-requests"
// For Windows runner:
// powershell """.\frogbot.exe scan-pull-requests"""
}
}
stage('Scan and Fix Repos') {
steps {
sh "./frogbot scan-and-fix-repos"
// For Windows runner:
// powershell """.\frogbot.exe scan-and-fix-repos"""
if (env.JF_RELEASES_REPO == "") {
// For Linux / MacOS runner:
sh """ curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh"""
// For Windows runner:
// powershell """iwr https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe"""
} else {
// For Linux / MacOS air gapped environments:
sh """ curl -fLg "${env.JF_URL}/artifactory/${env.JF_RELEASES_REPO}/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh"""
// For Windows air gapped environments:
// powershell """iwr ${env.JF_URL}/artifactory/${env.JF_RELEASES_REPO}/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe"""
}
}
}
}
```
}
}
stage('Scan Pull Requests') {
steps {
sh "./frogbot scan-pull-requests"
// For Windows runner:
// powershell """.\frogbot.exe scan-pull-requests"""
}
}
stage('Scan and Fix Repos') {
steps {
sh "./frogbot scan-and-fix-repos"
// For Windows runner:
// powershell """.\frogbot.exe scan-and-fix-repos"""
}
}
}
}
```
**Important**

- Make sure that either **JF_USER** and **JF_PASSWORD** or **JF_ACCESS_TOKEN** are set in the Jenkinsfile, but not both.
Expand Down
30 changes: 21 additions & 9 deletions docs/install-github.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,13 +113,18 @@
// The 'frogbot' executable and other tools it needs will be downloaded through this repository.
// JF_RELEASES_REPO= ""
///////////////////////////////////////////////////////////////////////////
// If your project uses a 'frogbot-config.yml' file, you should define //
// the following variables inside the file, instead of here. //
///////////////////////////////////////////////////////////////////////////
// [Mandatory]
// The name of the repository
JF_GIT_REPO: ""
//////////////////////////////////////////////////////////////////////////
// If your project uses a 'frogbot-config.yml' file, you can define //
// the following variables inside the file, instead of here. //
//////////////////////////////////////////////////////////////////////////
// [Mandatory]
// The name of the branch on which Frogbot will perform the scan
JF_GIT_BASE_BRANCH: ""
// [Mandatory if the two conditions below are met]
// 1. The project uses yarn 2, NuGet or .NET to download its dependencies
Expand Down Expand Up @@ -195,10 +200,17 @@
stages {
stage('Download Frogbot') {
steps {
// For Linux / MacOS runner:
sh """ curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh"""
// For Windows runner:
// powershell """iwr https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe"""
if (env.JF_RELEASES_REPO == "") {
// For Linux / MacOS runner:
sh """ curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh"""
// For Windows runner:
// powershell """iwr https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe"""
} else {
// For Linux / MacOS air gapped environments:
sh """ curl -fLg "${env.JF_URL}/artifactory/${env.JF_RELEASES_REPO}/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh"""
// For Windows air gapped environments:
// powershell """iwr ${env.JF_URL}/artifactory/${env.JF_RELEASES_REPO}/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe"""
}
}
}
stage('Scan Pull Requests') {
Expand Down
29 changes: 14 additions & 15 deletions docs/install-gitlab.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,10 @@ frogbot-scan:
# The 'frogbot' executable and other tools it needs will be downloaded through this repository.
# JF_RELEASES_REPO: ""




##########################################################################
## If your project uses a 'frogbot-config.yml' file, you can define ##
## the following variables inside the file, instead of here. ##
##########################################################################
###########################################################################
## If your project uses a 'frogbot-config.yml' file, you should define ##
## the following variables inside the file, instead of here. ##
###########################################################################

# [Mandatory if the two conditions below are met]
# 1. The project uses yarn 2, NuGet or .NET to download its dependencies
Expand Down Expand Up @@ -139,14 +136,16 @@ frogbot-scan:
# JF_MIN_SEVERITY: ""
script:
# For Linux / MacOS runner:
- curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh
- ./frogbot ${FROGBOT_CMD}
- |
getFrogbotScriptPath=$(if [ -z "$JF_RELEASES_REPO" ]; then echo "https://releases.jfrog.io"; else echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}"; fi)
curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh
./frogbot scan-pull-requests
./frogbot scan-and-fix-repos
# For Windows runner:
# iwr https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe
# .\frogbot.exe ${FROGBOT_CMD}

# For Windows runner using Artifactory remote repository:
# iwr $JF_URL/artifactory/$JF_RELEASES_REPO/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe
# .\frogbot.exe ${FROGBOT_CMD}
#
# - $getFrogbotScriptPath = $(if ([string]::IsNullOrEmpty($env:JF_RELEASES_REPO)) { "https://releases.jfrog.io" } else { "$($env:JF_URL)/artifactory/$($env:JF_RELEASES_REPO)" })
# - Invoke-WebRequest -Uri "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" -UseBasicParsing | ForEach-Object { & $_.Content }
# - .\frogbot scan-pull-requests
# - .\frogbot scan-and-fix-repos
```
53 changes: 32 additions & 21 deletions docs/templates/jfrog-pipelines/pipelines-dotnet.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,17 @@ pipelines:
# Git provider project owner.
JF_GIT_OWNER: ""

# [Optional]
# If the machine that runs Frogbot has no access to the internet, set the name of a remote repository
# in Artifactory, which proxies https://releases.jfrog.io
# The 'frogbot' executable and other tools it needs will be downloaded through this repository.
# JF_RELEASES_REPO: ""

###########################################################################
## If your project uses a 'frogbot-config.yml' file, you should define ##
## the following variables inside the file, instead of here. ##
###########################################################################

# [Mandatory]
# Git repository name
JF_GIT_REPO: ""
Expand All @@ -69,17 +80,6 @@ pipelines:
# Repository branch to scan
JF_GIT_BASE_BRANCH: $res_frogbotGitRepo_gitRepoSourceDefaultBranch

# [Optional]
# If the machine that runs Frogbot has no access to the internet, set the name of a remote repository
# in Artifactory, which proxies https://releases.jfrog.io
# The 'frogbot' executable and other tools it needs will be downloaded through this repository.
# JF_RELEASES_REPO: ""

##########################################################################
## If your project uses a 'frogbot-config.yml' file, you can define ##
## the following variables inside the file, instead of here. ##
##########################################################################

# [Mandatory if the two conditions below are met]
# 1. The project uses yarn 2, NuGet or .NET Core to download its dependencies
# 2. The `installCommand` variable isn't set in your frogbot-config.yml file.
Expand Down Expand Up @@ -147,14 +147,25 @@ pipelines:
onExecute:
- cd $res_frogbotGitRepo_resourcePath
# For Linux/Mac runner:
- curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh
- restore_cache_files dotnet_cache ~/.nuget/packages
- ./frogbot scan-pull-requests
- ./frogbot scan-and-fix-repos
- add_cache_files dotnet_cache ~/.nuget/packages || true
- |
getFrogbotScriptPath=$( [[ -z "$JF_RELEASES_REPO" ]] && echo "https://releases.jfrog.io" || echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}" )
curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh
restore_cache_files dotnet_cache ~/.nuget/packages
./frogbot scan-pull-requests
./frogbot scan-and-fix-repos
add_cache_files dotnet_cache ~/.nuget/packages || true
# For Windows runner:
# - iwr https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/frogbot-windows-amd64/frogbot.exe -OutFile .\frogbot.exe
# - restore_cache_files dotnet_cache "%userprofile%\.nuget\packages"
# - .\frogbot.exe scan-pull-requests
# - .\frogbot.exe scan-and-fix-repos
# - add_cache_files dotnet_cache "%userprofile%\.nuget\packages" || true
# - |
# if (-not $env:JF_RELEASES_REPO) {
# $getFrogbotScriptPath = "https://releases.jfrog.io"
# } else {
# $getFrogbotScriptPath = "$($env:JF_URL)/artifactory/$($env:JF_RELEASES_REPO)"
# }
#
# $scriptUrl = "$($getFrogbotScriptPath)/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh"
# Invoke-Expression (Invoke-WebRequest -Uri $scriptUrl -UseBasicParsing).Content
# restore_cache_files dotnet_cache "%userprofile%\.nuget\packages"
# .\frogbot.exe scan-pull-requests
# .\frogbot.exe scan-and-fix-repos
# add_cache_files dotnet_cache "%userprofile%\.nuget\packages" || true
Loading

0 comments on commit da2dd24

Please sign in to comment.