From b4625be7c34fa2edaa74448586ff3ee37926e8b0 Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:01:48 +0530 Subject: [PATCH 01/11] updated workflows --- .github/workflows/build.yml | 8 ++++---- .github/workflows/frogbot-scan-pr.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 111b6f0..0823ef4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,7 +36,7 @@ jobs: - name: Build and publish run: | # Configure the project - jf npmc --repo-resolve sharan-npm-virtual --repo-deploy sharan-npm-virtual + jf npmc --repo-resolve nag-npm-virtual --repo-deploy nag-npm-virtual # Build the project using JFrog CLI jf npm install --build-name ${{env.BUILD_NAME}} --build-number ${{github.run_number}} # Publish the project @@ -53,13 +53,13 @@ jobs: password: ${{ secrets.JF_PASSWORD }} - name: Docker Build 🐳🐸 run: | - jf docker build . -t demo.jfrog.io/docker-local/reactappimage:${{github.run_number}} + jf docker build . -t productdemo.jfrog.io/nag-docker-local/reactappimage:${{github.run_number}} - name: JFrog docker image scan 🐳🐸 run: | - jf docker scan demo.jfrog.io/docker-local/reactappimage:${{github.run_number}} + jf docker scan productdemo.jfrog.io/nag-docker-local/reactappimage:${{github.run_number}} - name: Docker Push 🐳🐸 run: | - jf docker push demo.jfrog.io/docker-local/reactappimage:${{github.run_number}} + jf docker push productdemo.jfrog.io/nag-docker-local/reactappimage:${{github.run_number}} - name: Publish build build-info run: | # Collect and store environment variables in the build-info diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml index 6506cef..9689ea3 100644 --- a/.github/workflows/frogbot-scan-pr.yml +++ b/.github/workflows/frogbot-scan-pr.yml @@ -71,6 +71,6 @@ jobs: # Frogbot will download the project dependencies, if they're not cached locally. To download the # dependencies from a virtual repository in Artifactory, set the name of of the repository. There's no # need to set this value, if it is set in the frogbot-config.yml file. - JF_DEPS_REPO: "sharan-npm-virtual" + JF_DEPS_REPO: "nag-npm-virtual" From 4daef7ba8f7b00df99f21f148f8d0bbda55d84f6 Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:02:59 +0530 Subject: [PATCH 02/11] updated readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index af10844..c1c8ef2 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ # react-node-app +# updated readme docker build . -t soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 From 381a8d5710440780f45e601cf82b65ee36468248 Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:13:14 +0530 Subject: [PATCH 03/11] updated files --- .github/workflows/build.yml | 2 +- .github/workflows/frogbot-scan-and-fix.yml | 4 ++-- .github/workflows/frogbot-scan-pr-new.yml | 2 +- .github/workflows/frogbot-scan-pr.yml | 2 +- .github/workflows/frogbot-scan-repository.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0823ef4..31e59ce 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,7 +48,7 @@ jobs: - name: Login to JFrog Docker repo uses: docker/login-action@v3 with: - registry: ${{ secrets.JF_URL }} + registry: https://productdemo.jfrog.io/ username: ${{ secrets.JF_USER }} password: ${{ secrets.JF_PASSWORD }} - name: Docker Build 🐳🐸 diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml index 4bbdfc2..f8bfb16 100644 --- a/.github/workflows/frogbot-scan-and-fix.yml +++ b/.github/workflows/frogbot-scan-and-fix.yml @@ -34,11 +34,11 @@ jobs: # 2. The `installCommand` variable isn't set in your frogbot-config.yml file. # # The command that installs the project dependencies (e.g "npm i", "nuget restore" or "dotnet restore") - # JF_INSTALL_DEPS_CMD: "" + JF_INSTALL_DEPS_CMD: "" # [Mandatory] # JFrog platform URL - JF_URL: ${{ secrets.JF_URL }} + JF_URL: https://productdemo.jfrog.io/ # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service diff --git a/.github/workflows/frogbot-scan-pr-new.yml b/.github/workflows/frogbot-scan-pr-new.yml index 2c63e20..a39bb41 100644 --- a/.github/workflows/frogbot-scan-pr-new.yml +++ b/.github/workflows/frogbot-scan-pr-new.yml @@ -43,7 +43,7 @@ jobs: # [Mandatory] # JFrog platform URL - JF_URL: ${{ secrets.JF_URL }} + JF_URL: https://productdemo.jfrog.io/ # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml index 9689ea3..1050e22 100644 --- a/.github/workflows/frogbot-scan-pr.yml +++ b/.github/workflows/frogbot-scan-pr.yml @@ -43,7 +43,7 @@ jobs: # [Mandatory] # JFrog platform URL - JF_URL: ${{ secrets.JF_URL }} + JF_URL: https://productdemo.jfrog.io/ # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml index 8f1270f..0338bc5 100644 --- a/.github/workflows/frogbot-scan-repository.yml +++ b/.github/workflows/frogbot-scan-repository.yml @@ -23,7 +23,7 @@ jobs: env: # [Mandatory] # JFrog platform URL - JF_URL: ${{ secrets.JF_URL }} + JF_URL: https://productdemo.jfrog.io/ # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service From d8d725869419ca4d55ed12adcbe9612e2a192682 Mon Sep 17 00:00:00 2001 From: Nagaraju Vadakoppula <153910332+nagarajuv-jfrog@users.noreply.github.com> Date: Tue, 30 Jul 2024 16:17:43 +0530 Subject: [PATCH 04/11] Create SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..034e848 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From 0f4b9ac22ddc1363381fdb047a3e2fa7f8540cc7 Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:19:58 +0530 Subject: [PATCH 05/11] udpated readme --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index c1c8ef2..28b7445 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # react-node-app - -# updated readme +[![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.svg)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot) docker build . -t soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 From 6a79878c196590b3477dc55b5975749e076e4ba7 Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:27:26 +0530 Subject: [PATCH 06/11] update --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 31e59ce..a1d9072 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,7 +48,7 @@ jobs: - name: Login to JFrog Docker repo uses: docker/login-action@v3 with: - registry: https://productdemo.jfrog.io/ + registry: {{ secrets.JF_URL }} username: ${{ secrets.JF_USER }} password: ${{ secrets.JF_PASSWORD }} - name: Docker Build 🐳🐸 From 2020a06ac6cbeda44242607e28e46d059d3732d6 Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:28:59 +0530 Subject: [PATCH 07/11] update --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a1d9072..0823ef4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,7 +48,7 @@ jobs: - name: Login to JFrog Docker repo uses: docker/login-action@v3 with: - registry: {{ secrets.JF_URL }} + registry: ${{ secrets.JF_URL }} username: ${{ secrets.JF_USER }} password: ${{ secrets.JF_PASSWORD }} - name: Docker Build 🐳🐸 From fb70a6b7e393d9d671b2a9766040854bf8235772 Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:30:47 +0530 Subject: [PATCH 08/11] update --- .github/workflows/frogbot-scan-and-fix.yml | 2 +- .github/workflows/frogbot-scan-pr-new.yml | 2 +- .github/workflows/frogbot-scan-pr.yml | 2 +- .github/workflows/frogbot-scan-repository.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml index f8bfb16..97632eb 100644 --- a/.github/workflows/frogbot-scan-and-fix.yml +++ b/.github/workflows/frogbot-scan-and-fix.yml @@ -38,7 +38,7 @@ jobs: # [Mandatory] # JFrog platform URL - JF_URL: https://productdemo.jfrog.io/ + JF_URL: ${{ secrets.JF_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service diff --git a/.github/workflows/frogbot-scan-pr-new.yml b/.github/workflows/frogbot-scan-pr-new.yml index a39bb41..a997c91 100644 --- a/.github/workflows/frogbot-scan-pr-new.yml +++ b/.github/workflows/frogbot-scan-pr-new.yml @@ -43,7 +43,7 @@ jobs: # [Mandatory] # JFrog platform URL - JF_URL: https://productdemo.jfrog.io/ + JF_URL: ${{ secrets.JF_URL}} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml index 1050e22..9689ea3 100644 --- a/.github/workflows/frogbot-scan-pr.yml +++ b/.github/workflows/frogbot-scan-pr.yml @@ -43,7 +43,7 @@ jobs: # [Mandatory] # JFrog platform URL - JF_URL: https://productdemo.jfrog.io/ + JF_URL: ${{ secrets.JF_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml index 0338bc5..8f1270f 100644 --- a/.github/workflows/frogbot-scan-repository.yml +++ b/.github/workflows/frogbot-scan-repository.yml @@ -23,7 +23,7 @@ jobs: env: # [Mandatory] # JFrog platform URL - JF_URL: https://productdemo.jfrog.io/ + JF_URL: ${{ secrets.JF_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service From c4b0fd00b1929e85de4906ebe7bb06bf95d65950 Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:41:13 +0530 Subject: [PATCH 09/11] updated --- .github/workflows/frogbot-scan-repository.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml index 8f1270f..086d0ae 100644 --- a/.github/workflows/frogbot-scan-repository.yml +++ b/.github/workflows/frogbot-scan-repository.yml @@ -3,7 +3,7 @@ on: workflow_dispatch: schedule: # The repository will be scanned once a day at 00:00 GMT. - #- cron: "0 0 * * *" + - cron: "0 0 * * *" permissions: contents: write pull-requests: write From 37bfeb51b341ae67cc5a239b249560eec3bd1ee6 Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:46:15 +0530 Subject: [PATCH 10/11] from pr --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 28b7445..0a90c8e 100644 --- a/README.md +++ b/README.md @@ -3,4 +3,6 @@ docker build . -t soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 -docker push soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 \ No newline at end of file +docker push soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 + +updated from pr \ No newline at end of file From 8c40d0032fa6eb9bb105dd02ddb20c60bcaf5f6f Mon Sep 17 00:00:00 2001 From: nagarajuv Date: Tue, 30 Jul 2024 16:58:06 +0530 Subject: [PATCH 11/11] update --- .github/workflows/frogbot-scan-pr-new.yml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/frogbot-scan-pr-new.yml b/.github/workflows/frogbot-scan-pr-new.yml index a997c91..2c63e20 100644 --- a/.github/workflows/frogbot-scan-pr-new.yml +++ b/.github/workflows/frogbot-scan-pr-new.yml @@ -43,7 +43,7 @@ jobs: # [Mandatory] # JFrog platform URL - JF_URL: ${{ secrets.JF_URL}} + JF_URL: ${{ secrets.JF_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service diff --git a/README.md b/README.md index 0a90c8e..f128f1d 100644 --- a/README.md +++ b/README.md @@ -5,4 +5,4 @@ docker build . -t soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 docker push soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 -updated from pr \ No newline at end of file +updated from pr1 \ No newline at end of file