From 8298f28c54be62d7d36ed989724fca801441b4aa Mon Sep 17 00:00:00 2001 From: Michael Xin <103867498+michael-xin@users.noreply.github.com> Date: Thu, 27 Oct 2022 09:13:18 -0500 Subject: [PATCH 1/5] Create frogbot-scan-pr.yml --- .github/workflows/frogbot-scan-pr.yml | 75 +++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 .github/workflows/frogbot-scan-pr.yml diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml new file mode 100644 index 0000000..cf86648 --- /dev/null +++ b/.github/workflows/frogbot-scan-pr.yml @@ -0,0 +1,75 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# Frogbot Scan Pull Request does the following: +# Automatically scans new pull requests for security vulnerabilities. +# Uses JFrog Xray to scan the project. +# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot + +name: "Frogbot Scan Pull Request" +on: + pull_request_target: + types: [ opened, synchronize ] +permissions: + pull-requests: write + contents: read +jobs: + scan-pull-request: + runs-on: ubuntu-latest + # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the + # "frogbot" GitHub environment can approve the pull request to be scanned. + environment: frogbot + steps: + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + + # Install prerequisites - uncomment the relevant ones + + # - uses: actions/setup-go@v3 + # with: + # go-version: 1.17.x + + - uses: actions/setup-java@v3 + with: + java-version: "11" + distribution: "temurin" + + # - uses: actions/setup-node@v3 + # with: + # node-version: "16.x" + + # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request + + - uses: jfrog/frogbot@9304d3b1d8e05a1b5fc0ba9ebf9ffbd495386250 + env: + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + JF_URL: ${{ secrets.FROGBOT_URL }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + #JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + #JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_URL_ACCESS_TOKEN }} + + # [Mandatory when using npm] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "npm i" + + # [Mandatory when using .NET] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "dotnet restore" + + # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request From 0603f0799f5bbddc7fd0f248940253accb075bb9 Mon Sep 17 00:00:00 2001 From: Michael Xin <103867498+michael-xin@users.noreply.github.com> Date: Thu, 27 Oct 2022 09:14:45 -0500 Subject: [PATCH 2/5] Update frogbot-scan-pr.yml --- .github/workflows/frogbot-scan-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml index cf86648..a5eaba8 100644 --- a/.github/workflows/frogbot-scan-pr.yml +++ b/.github/workflows/frogbot-scan-pr.yml @@ -32,7 +32,7 @@ jobs: # go-version: 1.17.x - uses: actions/setup-java@v3 - with: + with: java-version: "11" distribution: "temurin" From 778bf7b375df4da7a557a95bab3280d2d14cc9ae Mon Sep 17 00:00:00 2001 From: Michael Xin Date: Thu, 27 Oct 2022 09:18:00 -0500 Subject: [PATCH 3/5] add updates --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index d452b36..da143d4 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ todo-api ======== A simple todo API example to use with CloudBees Custom Marker files by detecting the pom.xml file. + +Thanks. + From 4052eee58bc25a34a746ef3c50f63610111f1df8 Mon Sep 17 00:00:00 2001 From: Michael Xin Date: Thu, 27 Oct 2022 09:32:19 -0500 Subject: [PATCH 4/5] test --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index da143d4..b8bc9d7 100644 --- a/README.md +++ b/README.md @@ -4,3 +4,6 @@ A simple todo API example to use with CloudBees Custom Marker files by detecting Thanks. + + + From a0320a79df5c388fc5b7c453bff1852485c1eeed Mon Sep 17 00:00:00 2001 From: Michael Xin Date: Thu, 27 Oct 2022 09:47:16 -0500 Subject: [PATCH 5/5] aaaa --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index b8bc9d7..c1d0f34 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,10 @@ A simple todo API example to use with CloudBees Custom Marker files by detecting Thanks. +Demo time! + + +