frogbot icon indicating copy to clipboard operation
frogbot copied to clipboard
verified publisher icon jfrog

Failing to run JFrog Bot Scan

Open Sof0-0 opened this issue 1 year ago • 3 comments

Hello, I have been trying to set up the JFrog Xray scanning for the repository in my organization and it keeps failing on something like this: Screenshot 2024-02-29 at 17 57 18

I want to ask how exactly are the scans being conducted? Does the product has to be fully functional for scan to work or do I have to manually add dependencies and environment variables. Here is the configuration file: Screenshot 2024-02-29 at 17 59 06

I would appreciate your help!

Sof0-0 avatar Feb 29 '24 23:02 Sof0-0

Hello @Sof0-0 Can you please share your "JF_REQUIREMENTS_FILE" environment variable content in the attached configuration file? The error may occur if this variable is not set, as Frogbot will try to build the project without considering the requirements file.

You can try to add it manually to the configuration file:

        # Pip requirements.txt file path
        JF_REQUIREMENTS_FILE: ""

gailazar300 avatar Mar 03 '24 10:03 gailazar300

I have similar issue, 22:22:44 [Info] Xray scan completed 22:22:53 [Error] the following errors occured while fixing vulnerabilities in '/tmp/jfrog.cli.temp.-1710281552-1494864668': an error occurred while attempting to read the requirements file: open setup.py: no such file or directory We have a monorepo and JF_REQUIREMENTS_FILE is set to ""

sharvesh06 avatar Mar 13 '24 15:03 sharvesh06

Hello @Sof0-0 and @sharvesh06 Let me break it down for you: It all depends on how you configured your CI workflow file. In general- Frogbot is searching for descriptor files in the project. After finding them it can decide which technology is being used in the project so it can perform the dependencies graphs constructions and the fixes correctly. When using python, since this language enables providing descriptor files in many different names, we require the customer to provide the descriptor file name. Now, if you didn't define a structure to your project in the CI file (meaning didn't define workingDirs [modules] manually) Frogbot will recursively scan the entire project and will search for the descriptor files (in your case - the file's name you provided in through pipRequirementsFile or JF_REQUIREMENTS_FILE). If you have defined working dirs, Frogbot will NOT perform a recursive scan and will search for the descriptor in the path you provided for the workingDir.

The error you are experiencing indicates that a descriptor is not found in the searched working dir. I assume this happens due to one of the following:

  1. you didn't provide the name of the python descriptor you use (unless you use setup.py)
  2. you defined workingDirs and you don't have the descriptor in the root path you defined for the working dir

If one of the scenarios above applied to you let me know and it will be easier to resolve. If not, I'd like to further investigate and I'd appreciate if you can provide the full workflow file and frogbot-config.yml you use (if you use this file)

eranturgeman avatar May 30 '24 13:05 eranturgeman

Hey @Sof0-0 and @sharvesh06 Since you didn't respond in a while, I assume my answer resolved your issue :) If not, please feel free to open this ticket again or open another Github issue with any questions you have

eranturgeman avatar Jul 24 '24 14:07 eranturgeman