Question about scanning repository or pull request process

[LSH0809]

Hi I'm running JFrog Artifactory 7.63.8 and JFrog Xray 3.78.9. I'm testing Frogbot 2.21.9 with Bitbucket 8.7.9 and Jenkins 2.462.2.

During the test, something came up that I was curious about.

1. Do Scan repository or Scan Pull reqeust (single repository, multi repository) functions require build successfully?
2. Do those function clone repository in the build machine during the scan process?
3. There is no concept called 'Organization' in the Bitbucket Data Center. Then is it proper to use scanning multiple repository or pull request ?
4. And if I can scan multiple repository or pull request, does it only work by using frogbot-config.yml? not jenkins pipeline using env?
5. if I use .frogbot/frogbot-config.yml then Can I use it in the Bamboo Data Center?

Thanks for your support.

[hadarshjfrog]

Hi @LSH0809 - thanks for reaching out.

1. While frogbot can build the project itself currently, we highly recommend adding it after a successful build - as your dependency resolution will always be the most accurate.
2. yes, it clones it to your worker/node to a tmp folder which is deleted afterwards of course.
3. In Bitbucket you can replace "organization" with "group" for the initial configuration. Regarding configuration of multiple repositories - we are working on adding it soon.
4. frogbot-config.yml is not mandatory, it is used for configuring a bit more complex repositories, with multiple models/technologies in it. Frogbot works well with bitbcuket and jenkins
5. What do you mean use it? it's just a yaml file you can read - but it is intended for frogbot usage.