You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed the following setting in the template frogbot-scan-pull-request.yml file:
# [Optional, Default: "FALSE"]# If TRUE, Frogbot creates a single pull request with all the fixes.# If false, Frogbot creates a separate pull request for each fix.# JF_GIT_AGGREGATE_FIXES: "FALSE"
This implies it will create PRs to resolve issues detected by the PR scan. Is this actually the case? Shouldn't this only be true for the repo scan?
Also, since the default value is already "FALSE", perhaps # JF_GIT_AGGREGATE_FIXES: "FALSE" should be changed to # JF_GIT_AGGREGATE_FIXES: "TRUE". frogbot-scan-repository.yml would also need to be updated with this change.
The text was updated successfully, but these errors were encountered:
Hello @jasminjohal-els, thank you for getting in touch.
Setting JF_GIT_AGGREGATE_FIXES to TRUE doesn't imply the creation of a PR for the scan-pr results.
When this flag is TRUE, it signifies that if multiple vulnerabilities are identified, their fixes will be consolidated into a single PR. Conversely, if set to FALSE, each vulnerability will be addressed in individual PRs.
Hence, the default value is FALSE, and it should stay that way for the time being.
I noticed the following setting in the template
frogbot-scan-pull-request.yml
file:https://github.com/jfrog/documentation/blob/77008ab7c9402ea1a7eb6b99c016074cd1ada5fe/jfrog-applications/frogbot/templates/github-actions/frogbot-scan-pull-request.yml#L116-L119
This implies it will create PRs to resolve issues detected by the PR scan. Is this actually the case? Shouldn't this only be true for the repo scan?
Also, since the default value is already
"FALSE"
, perhaps# JF_GIT_AGGREGATE_FIXES: "FALSE"
should be changed to# JF_GIT_AGGREGATE_FIXES: "TRUE"
.frogbot-scan-repository.yml
would also need to be updated with this change.The text was updated successfully, but these errors were encountered: