-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using Repository Scans without GitHub Advanced Security #652
Comments
Hi Imranzunzani, |
Hi @asafcjfrog , |
Hello @imranzunzani |
@imranzunzani please contact your JFrog representative to schedule a call and I'll be happy to assist |
Hi @eranturgeman , /opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot scan-repository
08:19:48 [Info] Frogbot version: 2.19.9
08:19:49 [Info] Running Frogbot "scan-repository" command
08:19:51 [Info] Preforming 1 SCA scans:
[
{
"Technology": "maven",
"WorkingDirectory": "/tmp/jfrog.cli.temp.-[17](https://github.com/*org*/jfrog-workflow-test/actions/runs/7985979040/job/21805460716#step:2:18)08503590-428075562",
"Descriptors": [
"/tmp/jfrog.cli.temp.-1708503590-428075562/pom.xml"
]
}
]
08:[19](https://github.com/*org*/jfrog-workflow-test/actions/runs/7985979040/job/21805460716#step:2:20):51 [Info] Running SCA scan for maven vulnerable dependencies in /tmp/jfrog.cli.temp.-1708503590-428075562 directory...
08:19:51 [Info] Calculating Maven dependencies...
08:19:59 [Info] Scanning 68 maven dependencies...
08:[20](https://github.com/*org*/jfrog-workflow-test/actions/runs/7985979040/job/21805460716#step:2:21):01 [Info] Waiting for scan to complete on JFrog Xray...
08:20:[24](https://github.com/*org*/jfrog-workflow-test/actions/runs/7985979040/job/21805460716#step:2:25) [Info] Xray scan completed
08:20:24 [Warn] upload code scanning for main branch failed with: POST https://api.github.com/repos/*org*/jfrog-workflow-test/code-scanning/sarifs: 403 Advanced Security must be enabled for this repository to use code scanning. []
08:20:[34](https://github.com/*org*/jfrog-workflow-test/actions/runs/7985979040/job/21805460716#step:2:35) [Info] Created Pull Request updating dependency 'org.springframework.boot:spring-boot-starter-web' to version '2.6.6'
08:20:36 [Info] Frogbot "scan-repository" command finished successfully The fix suggestions don't cover all vulnerabilities and license violations. |
i have the same exact question.
|
Hello @imranzunzani and @brianmaresca |
i don't see anything in the scans list in my jfrog console. also, it would be great if there was an option to enable logging the full scan results. i would think adding that would be simple. |
@brianmaresca |
If GitHub Advanced Security is not enabled, is there a way to use the Repository Scans without that? Eg. printing the results in the Actions' output instead. Are there options/parameters for other mechanisms for outputting the results?
The text was updated successfully, but these errors were encountered: