frogbot scan pull request issue in Azure devops

[nachammaichidambaram]

Describe the bug

Iam trying to scan the PR for specific branch in azure devops Iam using following commands curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh echo $(Build.SourceBranch) ./frogbot scan-pull-requests $(Build.SourceBranch)

This is trying to scan all the active PR's in specific Repo , How to restrict it to scan only the specific branch just by passing some parameters.

Also about frogbot there is only limited details are available in documentation.Iam expecting some more indepth of information

Current behavior

It is scanning all the active PR's I want it to restrict only for specific source branch

Reproduction steps

No response

Expected behavior

No response

JFrog Frogbot version

2.12.0

Package manager info

Docker

Git provider

Azure DevOps

JFrog Frogbot configuration yaml file

steps:

• task: CmdLine@2

  condition: eq(variables['Build.Reason'], 'PullRequest')

  displayName: 'Download and Run Frogbot' env: JF_GIT_PROJECT: $(System.TeamProject) JF_GIT_API_ENDPOINT: $(System.CollectionUri) JF_GIT_TOKEN: JF_URL: JF_ACCESS_TOKEN: JF_CLI_LOG_LEVEL: "DEBUG" JF_GIT_OWNER: "" JF_GIT_REPO: " JF_GIT_PROVIDER: "azureRepos" JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" JF_WORKING_DIR: ../../../$(system.DefaultWorkingDirectory)/ inputs: script: | curl -fLg "https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh echo $(Build.SourceBranch) ./frogbot scan-pull-requests $(Build.SourceBranch) #./frogbot scan-and-fix-repos $(Build.SourceBranch)

Operating system type and version

Linux

JFrog Xray version

3.25

[EyalDelarea]

Hey @nachammaichidambaram,

We appreciate your engagement with Frogbot and for initiating this matter. At present, the functionality to filter specific source branches using the scan-pull-requests command is not available. We can transform this matter into a feature request, and we're eager to address it once it aligns with our roadmap.

Meanwhile, you can achieve a similar outcome by utilizing the individual scan-pull-request command and supplying the pertinent filtered pull requests IDs.

Also about frogbot there is only limited details are available in documentation. I am expecting some more indepth of information

Could you kindly provide more details on the aspects that you find lacking or unclear in our documentation? We are dedicated to enhancing our documentation and your insights would greatly assist us in achieving that goal.

Thank you for your support.

Best regards, Eyal Delarea

[eyalbe4]

@nachammaichidambaram, Adding to @EyalDelarea's reply, we've just added to our features backlog the option of defining a list of branches for pull requests scanning.

[nachammaichidambaram]

@EyalDelarea

When I try to execute ./frogbot scan-pull-request 7701 it always fails with error as The requested pull request was not found

If you plan to work with one of those package managers, please provide a username. 08:45:46 [Info] Running Frogbot "scan-pull-request" command 08:45:46 [Error] TF401180: The requested pull request was not found.

[eyalbe4]

@nachammaichidambaram, We recommend using the templates included as part of the documentation. Will you be able to ensure your template is identical to the documented template?

[nachammaichidambaram]

Hi

I have used same template

On Wed, 16 Aug 2023 at 11:16 PM, Eyal Ben Moshe @.***> wrote:

@nachammaichidambaram https://github.com/nachammaichidambaram, We recommend using the templates included as part of the documentation. Will you be able to ensure your template is identical to the documented template?

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1681034953, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJCPAAEQDGIEJLTES4DXVUBO3ANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[eyalbe4]

@nachammaichidambaram, Will you be able to share your entire workflow here? We'll help you get it to work properly.

[nachammaichidambaram]

Hi

displayName: 'Download and Run Frogbot' env: JF_GIT_PROJECT: $(System.TeamProject) JF_GIT_API_ENDPOINT: $(System.CollectionUri) JF_GIT_TOKEN: JF_URL: JF_ACCESS_TOKEN: JF_CLI_LOG_LEVEL: "DEBUG" JF_GIT_OWNER: "" JF_GIT_REPO: " JF_GIT_PROVIDER: "azureRepos" JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" JF_WORKING_DIR: ../../../$(system.DefaultWorkingDirectory)/ inputs: script: | curl -fLg " https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh echo $(Build.SourceBranch) ./frogbot scan-pull-requests $(Build.SourceBranch) #./frogbot scan-and-fix-repos $(Build.SourceBranch)

This is the entire code I got from template

On Wed, 16 Aug 2023 at 11:22 PM, Eyal Ben Moshe @.***> wrote:

@nachammaichidambaram https://github.com/nachammaichidambaram, Will you be able to share your entire workflow here? We'll help you get it to work properly.

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1681042667, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJA6TSXHHFIML6GME4DXVUCFNANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[eyalbe4]

Thanks @nachammaichidambaram. Will you be able to use the template included in section 7 in this documentation page?

[nachammaichidambaram]

This template does not make any difference

inputs: script: | getFrogbotScriptPath=$( [[ -z "$JF_RELEASES_REPO" ]] && echo "https://releases.jfrog.io" || echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}" ) curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh ./frogbot scan-all-pull-requests ./frogbot scan-multiple-repositories

It scan all pull requests

On Thu, 17 Aug 2023 at 12:17 AM, Eyal Ben Moshe @.***> wrote:

Thanks @nachammaichidambaram https://github.com/nachammaichidambaram. Will you be able to use the template included in section 7 in this https://github.com/jfrog/frogbot/blob/master/docs/install-azure-pipelines.md documentation page?

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1681110604, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJC5UGWT5W46VM23WVDXVUIUVANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[omerzi]

Hi @nachammaichidambaram,

As @eyalbe4 and @EyalDelarea mentioned, currently, running scan-all-pull-requests for a specific branch by providing a parameter is currently not supported.

However, I have just released improved documentation for Azure repos, which can be found here: https://github.com/jfrog/frogbot/blob/master/docs/install-azure-pipelines.md

Please follow these steps for scan-pull-request, use the provided template, and configure the relevant branch policies. The complete instructions for scan-pull-request are located within Scanning pull requests expandable section (Step 7).

Please let me know if this solution works for you. Thank you.

[nachammaichidambaram]

Hi

I followed the documentation and tried configuring pull requests scan

As expected it checks only for the source and target branches based on PR Id

But the scan failed with 404 error since my branch name is in the following format”users/release/X-ray” during scan it ignores all the slashes(“/“) and took branch name as X-ray alone

Can you suggest a fix for this please

On Thu, 17 Aug 2023 at 11:41 AM, Omer Zidkoni @.***> wrote:

Hi @nachammaichidambaram https://github.com/nachammaichidambaram,

As @eyalbe4 https://github.com/eyalbe4 and @EyalDelarea https://github.com/EyalDelarea mentioned, currently, running scan-all-pull-requests for a specific branch by providing a parameter is not supported.

However, I have just released improved documentation for Azure repos, which can be found here: https://github.com/jfrog/frogbot/blob/master/docs/install-azure-pipelines.md

Please follow these steps for scan-pull-request, use the provided template, and configure the relevant branch policies. The complete instructions for scan-pull-request are located within Scanning pull requests expandable section (Step 7).

Please let me know if this solution works for you. Thank you.

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1681671453, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJBQ2GDAXLUJNHRX233XVWY2XANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[omerzi]

Thank you for reporting this, @nachammaichidambaram.

We do need some more information in order to understand the root cause and resolve the issue. Could you please provide your pipeline file and debug logs? To enable debug logs, add the JFROG_CLI_LOG_LEVEL environment variable and set it to DEBUG. Thank you!

[nachammaichidambaram]

Hi,

I have enabled debug log. Please find the same

2023-08-17T10:53:32.0598934Z 03:53:32 [Debug] Downloading <users/xxxx/xray> to: '/tmp/jfrog.cli.temp.-1692269612-3705472641' 2023-08-17T10:53:32.0601592Z 03:53:32 [Debug] Download url: https://dev.azure.com/test/test/_apis/git/repositories/SDK2/items/items?path=/&versionDescriptor[version]=xray&$format=zip 2023-08-17T10:53:32.0911048Z 03:53:32 [Debug] Artifactory response: 200 2023-08-17T10:53:32.0912294Z 03:53:32 [Debug] JFrog Artifactory version is: 7.63.11 2023-08-17T10:53:32.0916147Z 03:53:32 [Debug] Sending HTTP POST request to: https://artifactory/artifactory/api/system/usage 2023-08-17T10:53:32.0982708Z 03:53:32 [Debug] Usage Report: Usage info sent successfully. Artifactory response: 200 2023-08-17T10:53:32.1250392Z 03:53:32 [Error] failed to download branch: <users/xxxx/xray> with error: server response: 404 Not Found 2023-08-17T10:53:32.1251778Z { 2023-08-17T10:53:32.1252449Z "$id": "1", 2023-08-17T10:53:32.1253219Z "innerException": null, 2023-08-17T10:53:32.1255376Z "message": "TF401175:The version descriptor <Branch: xray > could not be resolved to a version in the repository SDK2", 2023-08-17T10:53:32.1257180Z "typeName": "Microsoft.TeamFoundation.Git.Server.GitUnresolvableToCommitException, Microsoft.TeamFoundation.Git.Server", 2023-08-17T10:53:32.1258612Z "typeKey": "GitUnresolvableToCommitException", 2023-08-17T10:53:32.1259519Z "errorCode": 0, 2023-08-17T10:53:32.1260268Z "eventId": 3000 2023-08-17T10:53:32.1260945Z }

On Thu, 17 Aug 2023 at 16:05, Omer Zidkoni @.***> wrote:

Thank you for reporting this, @nachammaichidambaram https://github.com/nachammaichidambaram.

We do need some more information in order to understand the root cause and resolve the issue. Could you please provide your pipeline file and debug logs? To enable debug logs, add the JFROG_CLI_LOG_LEVEL environment variable and set it to DEBUG. Thank you!

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1682045910, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJDEBRQU7KR6ZLMZKOLXVXXYXANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[nachammaichidambaram]

any update on this?

On Thu, 17 Aug 2023 at 16:27, Nachammai Chidambaram < @.***> wrote:

Hi,

I have enabled debug log. Please find the same

2023-08-17T10:53:32.0598934Z 03:53:32 [Debug] Downloading <users/xxxx/xray> to: '/tmp/jfrog.cli.temp.-1692269612-3705472641' 2023-08-17T10:53:32.0601592Z 03:53:32 [Debug] Download url: https://dev.azure.com/test/test/_apis/git/repositories/SDK2/items/items?path=/&versionDescriptor[version]=xray&$format=zip 2023-08-17T10:53:32.0911048Z https://dev.azure.com/test/test/_apis/git/repositories/SDK2/items/items?path=/&versionDescriptor[version]=xray&$format=zip%0D2023-08-17T10:53:32.0911048Z 03:53:32 [Debug] Artifactory response: 200 2023-08-17T10:53:32.0912294Z 03:53:32 [Debug] JFrog Artifactory version is: 7.63.11 2023-08-17T10:53:32.0916147Z 03:53:32 [Debug] Sending HTTP POST request to: https://artifactory/artifactory/api/system/usage 2023-08-17T10:53:32.0982708Z https://artifactory/artifactory/api/system/usage%0D2023-08-17T10:53:32.0982708Z 03:53:32 [Debug] Usage Report: Usage info sent successfully. Artifactory response: 200 2023-08-17T10:53:32.1250392Z 03:53:32 [Error] failed to download branch: <users/xxxx/xray> with error: server response: 404 Not Found 2023-08-17T10:53:32.1251778Z { 2023-08-17T10:53:32.1252449Z "$id": "1", 2023-08-17T10:53:32.1253219Z "innerException": null, 2023-08-17T10:53:32.1255376Z "message": "TF401175:The version descriptor <Branch: xray > could not be resolved to a version in the repository SDK2", 2023-08-17T10:53:32.1257180Z "typeName": "Microsoft.TeamFoundation.Git.Server.GitUnresolvableToCommitException, Microsoft.TeamFoundation.Git.Server", 2023-08-17T10:53:32.1258612Z "typeKey": "GitUnresolvableToCommitException", 2023-08-17T10:53:32.1259519Z "errorCode": 0, 2023-08-17T10:53:32.1260268Z "eventId": 3000 2023-08-17T10:53:32.1260945Z }

On Thu, 17 Aug 2023 at 16:05, Omer Zidkoni @.***> wrote:

Thank you for reporting this, @nachammaichidambaram https://github.com/nachammaichidambaram.

We do need some more information in order to understand the root cause and resolve the issue. Could you please provide your pipeline file and debug logs? To enable debug logs, add the JFROG_CLI_LOG_LEVEL environment variable and set it to DEBUG. Thank you!

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1682045910, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJDEBRQU7KR6ZLMZKOLXVXXYXANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[eyalbe4]

@nachammaichidambaram, To help ua gain better understanding of the issue, will you also be able to share here your entire Frogbot pipeline?

[nachammaichidambaram]

Hello,

Please find the same

steps:

• task: @.***

  condition: eq(variables['Build.Reason'], 'PullRequest')

  displayName: 'Download and Run Frogbot' env: JF_GIT_PULL_REQUEST_ID: 7713 JF_GIT_BASE_BRANCH: $(System.PullRequest.TargetBranch) JF_GIT_PROJECT: $(System.TeamProject) JF_GIT_API_ENDPOINT: $(System.CollectionUri) JF_GIT_TOKEN: <AZurerepotoken> JF_URL: https://artifactorydev.com JF_ACCESS_TOKEN: JFROG_CLI_LOG_LEVEL: "DEBUG" JF_GIT_OWNER: "GPG" JF_GIT_REPO: "SDK2" JF_RELEASES_REPO: "" JF_GIT_PROVIDER: "azureRepos" JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" JF_WORKING_DIR: ../../../$(system.DefaultWorkingDirectory)/sds inputs: script: | getFrogbotScriptPath=$(if [ -z "$JF_RELEASES_REPO" ]; then echo " https://releases.jfrog.io "; else echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}"; fi) curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh ./frogbot spr ./frogbot scan-and-fix-repos $(Build.SourceBranch)

On Fri, 18 Aug 2023 at 15:15, Eyal Ben Moshe @.***> wrote:

@nachammaichidambaram https://github.com/nachammaichidambaram, To help ua gain better understanding of the issue, will you also be able to share here your entire Frogbot pipeline?

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1683654359, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJCZMBWZXW2WCBJH3TDXV42TVANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[nachammaichidambaram]

This is the only step I have as part of my PR pipeline

On Fri, 18 Aug 2023 at 3:29 PM, Nachammai Chidambaram < @.***> wrote:

Hello,

Please find the same

steps:

• task: @.***

  condition: eq(variables['Build.Reason'], 'PullRequest')

  displayName: 'Download and Run Frogbot' env: JF_GIT_PULL_REQUEST_ID: 7713 JF_GIT_BASE_BRANCH: $(System.PullRequest.TargetBranch) JF_GIT_PROJECT: $(System.TeamProject) JF_GIT_API_ENDPOINT: $(System.CollectionUri) JF_GIT_TOKEN: <AZurerepotoken> JF_URL: https://artifactorydev.com JF_ACCESS_TOKEN: JFROG_CLI_LOG_LEVEL: "DEBUG" JF_GIT_OWNER: "GPG" JF_GIT_REPO: "SDK2" JF_RELEASES_REPO: "" JF_GIT_PROVIDER: "azureRepos" JF_INCLUDE_ALL_VULNERABILITIES: "TRUE" JF_WORKING_DIR: ../../../$(system.DefaultWorkingDirectory)/sds inputs: script: | getFrogbotScriptPath=$(if [ -z "$JF_RELEASES_REPO" ]; then echo " https://releases.jfrog.io "; else echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}"; fi)

  curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh
  ./frogbot spr
  ./frogbot scan-and-fix-repos $(Build.SourceBranch)
  

On Fri, 18 Aug 2023 at 15:15, Eyal Ben Moshe @.***> wrote:

@nachammaichidambaram https://github.com/nachammaichidambaram, To help ua gain better understanding of the issue, will you also be able to share here your entire Frogbot pipeline?

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1683654359, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJCZMBWZXW2WCBJH3TDXV42TVANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[omerzi]

@nachammaichidambaram, thank you for sharing.

I'd like to point out a couple of things:

1. You don't need to manually configure the JF_GIT_PULL_RQUEST_ID. Since it's running within the context of a pull request, please keep it as $(System.PullRequest.PullRequestId).

2. Have you followed the template and added a branch policy to your required branch?

3. Assuming you've done everything mentioned in the first two points, has this worked for you with other branches that don't have slashes?

Thanks.

[nachammaichidambaram]

Yes I did whatever you have mentioned in first two steps.

For the branch name without slash it works fine

On Sun, 20 Aug 2023 at 10:44 AM, Omer Zidkoni @.***> wrote:

@nachammaichidambaram https://github.com/nachammaichidambaram, thank you for sharing.

I'd like to point out a couple of things:

You don't need to manually configure the JF_GIT_PULL_RQUEST_ID. Since it's running within the context of a pull request, please keep it as $(System.PullRequest.PullRequestId). 2.

Have you followed the template and added a branch policy to your required branch? 3.

Assuming you've done everything mentioned in the first two points, has this worked for you with other branches that don't have slashes?

Thanks.

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1685178905, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJFFF7UFGWRXXMDQZ5TXWGMKZANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[omerzi]

@nachammaichidambaram, thank you for the clarification. We will investigate this matter and keep you updated as soon as we make progress in resolving this issue.

[omerzi]

Hey @nachammaichidambaram,

We have opened a pull request that addresses this issue: https://github.com/jfrog/froggit-go/pull/113

Once it is merged, we will release the updated versions of Froggit-go and Frogbot as soon as possible and keep you updated. Thank you for reporting this issue to us and for your cooperation.

[nachammaichidambaram]

Hi Thanks for this

I am facing one more issue now , the PR’s which is scanned by frogbot doesn’t provide any report instead it just prints a message as “found the pr did not add vulnerable dependencies “ what does this mean?

On Mon, 21 Aug 2023 at 11:49 AM, Omer Zidkoni @.***> wrote:

Hey @nachammaichidambaram https://github.com/nachammaichidambaram,

We have opened a pull request that addresses this issue: jfrog/froggit-go#113 https://github.com/jfrog/froggit-go/pull/113

Once it is merged, we will release the updated versions of Froggit-go and Frogbot as soon as possible and keep you updated. Thank you for reporting this issue to us and for your cooperation.

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1685718027, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJHPFT5SOBXCRBKR4Z3XWL4YDANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[omerzi]

@nachammaichidambaram, this comment indicates that Frogbot hasn't identified any new vulnerabilities that you are about to add in the pull request. It conducts a comparison between your source and target branches within the pull request. If it discovers that the source branch contains vulnerabilities not present in your target branch, it will post a comment that corresponds to those vulnerabilities. However, if no new vulnerabilities are detected in your source branch compared to your target branch, the comment will reflect that no new vulnerabilities were found.

If you wish to view all vulnerabilities, regardless of whether they are already included in your target branch, you can configure the JF_INCLUDE_ALL_VULNERABILITIES environment variable and set it to true.

[nachammaichidambaram]

This variable is already set

On Mon, 21 Aug 2023 at 13:29, Omer Zidkoni @.***> wrote:

@nachammaichidambaram https://github.com/nachammaichidambaram, this comment indicates that Frogbot hasn't identified any vulnerabilities that you intend to add to the pull request. It conducts a comparison between your source and target branches within the pull request. If it discovers that the source branch contains vulnerabilities not present in your target branch, it will post a comment that corresponds to those vulnerabilities. However, if no new vulnerabilities are detected in your source branch compared to your target branch, the comment will reflect that no new vulnerabilities were found.

If you wish to view all vulnerabilities, regardless of whether they are already included in your target branch, you can configure the JF_INCLUDE_ALL_VULNERABILITIES environment variable and set it to true.

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1685839093, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJHU3MXXKEC4POKRWKDXWMINVANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[nachammaichidambaram]

Do you know by when this PR will be merged?

On Mon, 21 Aug 2023 at 14:19, Nachammai Chidambaram < @.***> wrote:

This variable is already set

On Mon, 21 Aug 2023 at 13:29, Omer Zidkoni @.***> wrote:

@nachammaichidambaram https://github.com/nachammaichidambaram, this comment indicates that Frogbot hasn't identified any vulnerabilities that you intend to add to the pull request. It conducts a comparison between your source and target branches within the pull request. If it discovers that the source branch contains vulnerabilities not present in your target branch, it will post a comment that corresponds to those vulnerabilities. However, if no new vulnerabilities are detected in your source branch compared to your target branch, the comment will reflect that no new vulnerabilities were found.

If you wish to view all vulnerabilities, regardless of whether they are already included in your target branch, you can configure the JF_INCLUDE_ALL_VULNERABILITIES environment variable and set it to true.

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1685839093, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJHU3MXXKEC4POKRWKDXWMINVANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>

[omerzi]

This variable is already set … On Mon, 21 Aug 2023 at 13:29, Omer Zidkoni @.> wrote: @nachammaichidambaram https://github.com/nachammaichidambaram, this comment indicates that Frogbot hasn't identified any vulnerabilities that you intend to add to the pull request. It conducts a comparison between your source and target branches within the pull request. If it discovers that the source branch contains vulnerabilities not present in your target branch, it will post a comment that corresponds to those vulnerabilities. However, if no new vulnerabilities are detected in your source branch compared to your target branch, the comment will reflect that no new vulnerabilities were found. If you wish to view all vulnerabilities, regardless of whether they are already included in your target branch, you can configure the JF_INCLUDE_ALL_VULNERABILITIES environment variable and set it to true. — Reply to this email directly, view it on GitHub <#446 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJHU3MXXKEC4POKRWKDXWMINVANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.>

Do you have vulnerabilities in your repository? If you do, please attach the complete debug logs. About the fix, it will be merged soon. Frogbot will be released as soon as possible, and I'll let you know.

[omerzi]

Accidentally closed.

[nachammaichidambaram]

By When can we expect this fix to be available?

[omerzi]

Hey @nachammaichidambaram,

Frogbot v2.12.2 has been released, which should address your issue. Please let me know if everything is working well now. Thank you for reporting this issue to us.

[nachammaichidambaram]

Hey Omer,

Thanks for your reply. Branch name issue is sorted out. But I got the following error 21:08:01 [Info] Frogbot is configured to show all vulnerabilities 21:08:01 [Debug] Looking for an existing Frogbot pull request comment. Deleting it if it exists... 21:08:01 [Error] couldn't add pull request comment: A discussion comment cannot be longer than 150000 characters. Parameter name: comment.Content 21:08:01 [Info] Frogbot version: 2.12.2

Regards, Nachammai

On Thu, 24 Aug 2023 at 10:04 PM, Omer Zidkoni @.***> wrote:

Hey @nachammaichidambaram https://github.com/nachammaichidambaram,

Frogbot v2.12.2 has been released, which should address your issue. Please let me know if everything is working well now. Thank you for reporting this issue to us.

— Reply to this email directly, view it on GitHub https://github.com/jfrog/frogbot/issues/446#issuecomment-1692037378, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LNBJAX65HWNPBHM3U6UVLXW57BTANCNFSM6AAAAAA3SOZXFA . You are receiving this because you were mentioned.Message ID: @.***>