Update frogbot-scan-repository.yml

javedfaruquee1 · May 22, 2024 · 56ae18f · 56ae18f
1 parent 4b955ec
commit 56ae18f
Showing 1 changed file with 10 additions and 34 deletions.
diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml
@@ -8,20 +8,20 @@ permissions:
   contents: write
   pull-requests: write
   security-events: write
-  # [Mandatory If using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
-  # id-token: write
 jobs:
   scan-repository:
-    runs-on: windows-self #mypc 
+    runs-on: ubuntu-latest
+    name: Scan Repository (${{ matrix.branch }} branch)
     strategy:
       matrix:
         # The repository scanning will be triggered periodically on the following branches.
-        branch: ["master"]
+        branch: [ "master" ]
     steps:
       - uses: jfrog/frogbot@v2
         env:
+          JFROG_CLI_LOG_LEVEL: "DEBUG"
           # [Mandatory]
-          # JFrog platform URL
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
           JF_URL: ${{ secrets.JF_URL }}
 
           # [Mandatory if JF_USER and JF_PASSWORD are not provided]
@@ -35,12 +35,11 @@ jobs:
           # [Mandatory if JF_ACCESS_TOKEN is not provided]
           # JFrog password. Must be provided with JF_USER
           JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
-
+          
           # [Mandatory]
           # The GitHub token is automatically generated for the job
           JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          #JF_GIT_TOKEN: ${{ secrets.JF_GIT_TOKEN }}
-
+
           # [Optional, if not using GITHUB_TOKEN]
           JF_GIT_USERNAME: ${{ secrets.JF_USER }}
           JF_GIT_PASSWORD: ${{ secrets.JF_PASSWORD }}
@@ -51,7 +50,7 @@ jobs:
 
           # [Optional, default: https://api.github.com]
           # API endpoint to GitHub
-          JF_GIT_API_ENDPOINT: https://api.github.com
+          JF_GIT_API_ENDPOINT: https://api.github.com  
 
           # [Optional]
           # By default, the Frogbot workflows download the Frogbot executable as well as other tools
@@ -75,12 +74,8 @@ jobs:
           ##########################################################################
 
           # [Optional, default: "."]
-          # Relative path to the root of the project in the Git repository. If left empty (without providing "." yourself as default), a recursive scan is triggered from the root directory of the project.
-          # JF_WORKING_DIR: "."
-
-          # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"]
-          # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
-          JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*"
+          # Relative path to the root of the project in the Git repository
+          # JF_WORKING_DIR: path/to/project/dir
 
           # [Optional]
           # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
@@ -133,22 +128,3 @@ jobs:
           # [Optional, Default: eco-system+frogbot@jfrog.com]
           # Set the email of the commit author
           # JF_GIT_EMAIL_AUTHOR: ""
-
-          # [Optional]
-          # Set the list of allowed licenses
-          # The full list of licenses can be found in:
-          # https://github.com/jfrog/frogbot/blob/master/docs/licenses.md
-          # JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
-
-          # [Optional]
-          # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
-          # JF_AVOID_EXTRA_MESSAGES: "TRUE"
-
-          # [Optional]
-          # Add a title to pull request comments generated by Frogbot.
-          # JF_PR_COMMENT_TITLE: ""
-
-        # [Mandatory if using OIDC authentication protocol instead of JF_ACCESS_TOKEN]
-        # Insert to oidc-provider-name the 'Provider Name' defined in the OIDC integration configured in the JPD
-        # with:
-        #   oidc-provider-name: ""