|
1 | 1 | # Frogbot Configuration |
2 | 2 |
|
3 | | -## Creating the frogbot-config.yml file |
| 3 | +**The JFrog Security documentation has a new home!**\ |
| 4 | +You can now find it [here](https://jfrog.com/help/p/security-home), including sections on: |
4 | 5 |
|
5 | | -### What is the frogbot-config.yml file? |
6 | | - |
7 | | -The **frogbot-config.yml** file encompasses project-related configurations used by Frogbot's scanning. This includes details about the repository's directory structure and may additionally encompass package manager commands necessary for Frogbot to list the project's dependencies. |
8 | | - |
9 | | -### Is the frogbot-config.yml file mandatory? |
10 | | - |
11 | | -No, the file isn't mandatory. In most cases, Frogbot can understand the structure of the projects in the repository and list the project's depedencies without the file. |
12 | | - |
13 | | -If your project doesn't use a **frogbot-config.yml** file, all the configuration Frogbot requires\ |
14 | | -should be provided as variables as part of the Frogbot workflows. |
15 | | - |
16 | | -### How does the frogbot-config.yml file helps Frogbot scan the repository? |
17 | | - |
18 | | -Frogbot relies on the project's descriptor files, such as package.json and pom.xml, to identify the project's dependencies. It scans the repository for these descriptor files and utilizes the appropriate package manager, such as npm or Maven, to compile a list of dependencies for the project. If you desire manual control over the project structure or the package manager commands, you can achieve this by creating a **frogbot-config.yml** file. In the provided example, we outline two subprojects located at **path/to/project-1** and **path/to/project-2** for Frogbot to include in its scanning process. |
19 | | - |
20 | | -```yaml |
21 | | -- params: |
22 | | - git: |
23 | | - repoName: my-git-repo-name |
24 | | - branches: |
25 | | - - master |
26 | | - scan: |
27 | | - projects: |
28 | | - - workingDirs: |
29 | | - - path/to/npm/project-1 |
30 | | - - path/to/npm/project-2 |
31 | | -``` |
32 | | -
|
33 | | -Here's another example. Notice that we specify a custom `install` command here. |
34 | | - |
35 | | -```yaml |
36 | | -- params: |
37 | | - git: |
38 | | - repoName: my-git-repo-name |
39 | | - branches: |
40 | | - - master |
41 | | - scan: |
42 | | - projects: |
43 | | - - workingDirs: |
44 | | - - path/to/node/project |
45 | | - - installCommand: nuget restore |
46 | | - workingDirs: |
47 | | - - path/to/.net/project |
48 | | -``` |
49 | | - |
50 | | -### Can one frogbot-config.yml file be used for multiple Git repositories? |
51 | | - |
52 | | -You have the option of using a single **frogbot-config.yml** file for scanning multiple Git repositories in the same organization if one of the following platforms is used. |
53 | | - |
54 | | -* GitHub with Jenkins or JFrog Pipelines |
55 | | -* Bitbucket Server |
56 | | -* Azure Repos |
57 | | - |
58 | | -The file can be placed in any repository if it's in the same organization as all the repositories referenced in the file. Here's an example of a **frogbot-config.yml** referencing multiple repositories. |
59 | | - |
60 | | -```yaml |
61 | | -- params: |
62 | | - git: |
63 | | - repoName: repo-1 |
64 | | - branches: |
65 | | - - master |
66 | | -- params: |
67 | | - git: |
68 | | - repoName: repo-2 |
69 | | - branches: |
70 | | - - master |
71 | | - - dev |
72 | | -- params: |
73 | | - git: |
74 | | - repoName: repo-3 |
75 | | - branches: |
76 | | - - master |
77 | | - scan: |
78 | | - projects: |
79 | | - - pipRequirementsFile: requirements.txt |
80 | | -``` |
81 | | - |
82 | | -If however you're using one of the following platforms, each repository that needs to be scanned by Frogbot should include its own **frogbot-config.yml** file. |
83 | | - |
84 | | -* GitHub with GitHub actions |
85 | | -* GitLab |
86 | | - |
87 | | -### Where should the frogbot-config.yml file be placed in the repository? |
88 | | - |
89 | | -Frogbot expects the frogbot-config.yml file to be in the following path from the root of the Git repository: `.frogbot/frogbot-config.yml`. |
90 | | - |
91 | | -**IMPORTANT**: The `frogbot-config.yml` file must be pushed to the target branch before it can be used by Frogbot. This means that if, for example, a pull request includes the `frogbot-config.yml` and the target branch doesn't, the file will be ignored. |
92 | | - |
93 | | -### The frogbot-config.yml file structure |
94 | | - |
95 | | -See the complete content and structure of the **frogbot-config.yml** file [here](templates/.frogbot/frogbot-config.yml). |
| 6 | +* [CLI](https://jfrog.com/help/r/jfrog-security-user-guide/developers/cli) |
| 7 | +* [Frogbot](https://jfrog.com/help/r/jfrog-security-user-guide/developers/frogbot) |
| 8 | +* [IDEs](https://jfrog.com/help/r/jfrog-security-user-guide/developers/ides) |
0 commit comments