forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
99375d6
commit e6dae1b
Showing
1 changed file
with
65 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| # This workflow uses actions that are not certified by GitHub. | ||
| # They are provided by a third-party and are governed by | ||
| # separate terms of service, privacy policy, and support | ||
| # documentation. | ||
| # Frogbot Scan and Fix does the following: | ||
| # Automatically creates pull requests with fixes for vulnerable project dependencies. | ||
| # Uses JFrog Xray to scan the project. | ||
| # Read more about Frogbot here - https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot | ||
|
|
||
| # Some projects require creating a frogbot-config.yml file. Read more about it here - https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot/setup-frogbot/frogbot-configuration | ||
|
|
||
| name: "Frogbot Scan and Fix" | ||
| on: | ||
| push: | ||
| branches: [ "master" ] | ||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| security-events: write | ||
| jobs: | ||
| create-fix-pull-requests: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: jfrog/frogbot@5d9c42c30f1169d8be4ba5510b40e75ffcbbc2a9 # v2.21.2 | ||
| env: | ||
| # [Mandatory if the two conditions below are met] | ||
| # 1. The project uses npm, yarn 2, NuGet or .NET to download its dependencies | ||
| # 2. The `installCommand` variable isn't set in your frogbot-config.yml file. | ||
| # | ||
| # The command that installs the project dependencies (e.g "npm i", "nuget restore" or "dotnet restore") | ||
| # JF_INSTALL_DEPS_CMD: "" | ||
|
|
||
| # [Mandatory] | ||
| # JFrog platform URL | ||
| JF_URL: ${{ secrets.JF_URL }} | ||
|
|
||
| # [Mandatory if JF_USER and JF_PASSWORD are not provided] | ||
| # JFrog access token with 'read' permissions on Xray service | ||
| JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} | ||
|
|
||
| # [Mandatory if JF_ACCESS_TOKEN is not provided] | ||
| # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD | ||
| # JF_USER: ${{ secrets.JF_USER }} | ||
|
|
||
| # [Mandatory if JF_ACCESS_TOKEN is not provided] | ||
| # JFrog password. Must be provided with JF_USER | ||
| # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} | ||
|
|
||
| # [Mandatory] | ||
| # The GitHub token automatically generated for the job | ||
| JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| # [Optional] | ||
| # If the machine that runs Frogbot has no access to the internat, set the name of a remote repository | ||
| # in Artifactory, which proxies https://releases.jfrog.io/artifactory | ||
| # The 'frogbot' executable and other tools it needs will be downloaded through this repository. | ||
| # JF_RELEASES_REPO: "" | ||
|
|
||
| # [Optional] | ||
| # Frogbot will download the project dependencies, if they're not cached locally. To download the | ||
| # dependencies from a virtual repository in Artifactory, set the name of of the repository. There's no | ||
| # need to set this value, if it is set in the frogbot-config.yml file. | ||
| # JF_DEPS_REPO: "" |