Update dependencies and JFrog CLI version to 2.63.0 (jfrog#180)

.github/workflows/cla.yml

@@ -10,26 +10,10 @@ jobs:
   CLAssistant:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions-ecosystem/action-regex-match@v2
-        id: sign-or-recheck
+      - name: Run CLA Check
+        uses: jfrog/.github/actions/cla@main
         with:
-          text: ${{ github.event.comment.body }}
-          regex: '\s*(I have read the CLA Document and I hereby sign the CLA)|(recheck)\s*'
-
-      - name: "CLA Assistant"
-        if: ${{ steps.sign-or-recheck.outputs.match != '' || github.event_name == 'pull_request_target' }}
-        # Alpha Release
-        uses: cla-assistant/[email protected]
-        env:
-          # Generated and maintained by GitHub
+          event_comment_body: ${{ github.event.comment.body }}
+          event_name: ${{ github.event_name }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # JFrog organization secret
-          PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_SIGN_TOKEN }}
-        with:
-          path-to-signatures: "signed_clas.json"
-          path-to-document: "https://jfrog.com/cla/"
-          remote-organization-name: "jfrog"
-          remote-repository-name: "jfrog-signed-clas"
-          # branch should not be protected
-          branch: "master"
-          allowlist: bot*
+          CLA_SIGN_TOKEN: ${{ secrets.CLA_SIGN_TOKEN }}

.github/workflows/frogbot-scan-pull-request.yml

@@ -1,7 +1,7 @@
 name: "Frogbot Scan Pull Request"
 on:
   pull_request_target:
-    types: [opened, synchronize]
+    types: [ opened, synchronize ]
 permissions:
   pull-requests: write
   contents: read
@@ -14,22 +14,16 @@ jobs:
     steps:
       - uses: jfrog/frogbot@v2
         env:
+          JFROG_CLI_LOG_LEVEL: "DEBUG"
+
           # [Mandatory]
-          # JFrog platform URL
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
           JF_URL: ${{ secrets.FROGBOT_URL }}
 
           # [Mandatory if JF_USER and JF_PASSWORD are not provided]
           # JFrog access token with 'read' permissions on Xray service
           JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
 
-          # [Mandatory if JF_ACCESS_TOKEN is not provided]
-          # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
-          # JF_USER: ${{ secrets.JF_USER }}
-
-          # [Mandatory if JF_ACCESS_TOKEN is not provided]
-          # JFrog password. Must be provided with JF_USER
-          # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
-
           # [Mandatory]
           # The GitHub token is automatically generated for the job
           JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -57,15 +51,21 @@ jobs:
           # [Optional]
           # Configure the SMTP server to enable Frogbot to send emails with detected secrets in pull request scans.
           # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080)
-          # JF_SMTP_SERVER: ""
+          JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }}
 
           # [Mandatory if JF_SMTP_SERVER is set]
           # The username required for authenticating with the SMTP server.
-          # JF_SMTP_USER: ""
+          JF_SMTP_USER: ${{ secrets.JF_SMTP_USER }}
 
           # [Mandatory if JF_SMTP_SERVER is set]
           # The password associated with the username required for authentication with the SMTP server.
-          # JF_SMTP_PASSWORD: ""
+          JF_SMTP_PASSWORD: ${{ secrets.JF_SMTP_PASSWORD }}
+
+          # [Optional]
+          # List of comma separated email addresses to receive email notifications about secrets
+          # detected during pull request scanning. The notification is also sent to the email set
+          # in the committer git profile regardless of whether this variable is set or not.
+          JF_EMAIL_RECEIVERS: "[email protected]"
 
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
@@ -83,10 +83,6 @@ jobs:
           # Relative path to the root of the project in the Git repository
           # JF_WORKING_DIR: path/to/project/dir
 
-          # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"]
-          # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
-          # JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*"
-
           # [Optional]
           # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
           # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
@@ -99,10 +95,6 @@ jobs:
           # Displays all existing vulnerabilities, including the ones that were added by the pull request.
           # JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"
 
-          # [Optional, default: "FALSE"]
-          # When adding new comments on pull requests, keep old comments that were added by previous scans.
-          # JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION: "TRUE"
-
           # [Optional, default: "TRUE"]
           # Fails the Frogbot task if any security issue is found.
           # JF_FAIL: "FALSE"
@@ -127,22 +119,3 @@ jobs:
           # The following values are accepted: Low, Medium, High or Critical
           # JF_MIN_SEVERITY: ""
 
-          # [Optional]
-          # List of comma separated email addresses to receive email notifications about secrets
-          # detected during pull request scanning. The notification is also sent to the email set
-          # in the committer git profile regardless of whether this variable is set or not.
-          # JF_EMAIL_RECEIVERS: ""
-
-          # [Optional]
-          # Set the list of allowed licenses
-          # The full list of licenses can be found in:
-          # https://github.com/jfrog/frogbot/blob/master/docs/licenses.md
-          # JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
-
-          # [Optional]
-          # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
-          # JF_AVOID_EXTRA_MESSAGES: "TRUE"
-
-          # [Optional]
-          # Add a title to pull request comments generated by Frogbot.
-          # JF_PR_COMMENT_TITLE: ""

.github/workflows/frogbot-scan-repository.yml

@@ -10,16 +10,22 @@ permissions:
   security-events: write
 jobs:
   scan-repository:
+    name: Scan Repository (${{ matrix.branch }} branch)
     runs-on: ubuntu-latest
     strategy:
       matrix:
         # The repository scanning will be triggered periodically on the following branches.
-        branch: ["master"]
+        branch: [ "master" ]
     steps:
+      - name: Setup Go with cache
+        uses: jfrog/.github/actions/install-go-with-cache@main
+
       - uses: jfrog/frogbot@v2
         env:
+          JFROG_CLI_LOG_LEVEL: "DEBUG"
+
           # [Mandatory]
-          # JFrog platform URL
+          # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
           JF_URL: ${{ secrets.FROGBOT_URL }}
 
           # [Mandatory if JF_USER and JF_PASSWORD are not provided]
@@ -71,10 +77,6 @@ jobs:
           # Relative path to the root of the project in the Git repository
           # JF_WORKING_DIR: path/to/project/dir
 
-          # [Default: "*git*;*node_modules*;*target*;*venv*;*test*"]
-          # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
-          # JF_PATH_EXCLUSIONS: "*git*;*node_modules*;*target*;*venv*;*test*"
-
           # [Optional]
           # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
           # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
@@ -95,19 +97,19 @@ jobs:
 
           # [Optional]
           # Template for the branch name generated by Frogbot when creating pull requests with fixes.
-          # The template must include {BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
-          # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
-          # JF_BRANCH_NAME_TEMPLATE: "frogbot-{IMPACTED_PACKAGE}-{BRANCH_NAME_HASH}"
+          # The template must include ${BRANCH_NAME_HASH}, to ensure that the generated branch name is unique.
+          # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+          # JF_BRANCH_NAME_TEMPLATE: "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}"
 
           # [Optional]
           # Template for the commit message generated by Frogbot when creating pull requests with fixes
-          # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
-          # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+          # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+          # JF_COMMIT_MESSAGE_TEMPLATE: "Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"
 
           # [Optional]
           # Template for the pull request title generated by Frogbot when creating pull requests with fixes.
-          # The template can optionally include the {IMPACTED_PACKAGE} and {FIX_VERSION} variables.
-          # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}"
+          # The template can optionally include the ${IMPACTED_PACKAGE} and ${FIX_VERSION} variables.
+          # JF_PULL_REQUEST_TITLE_TEMPLATE: "[🐸 Frogbot] Upgrade ${IMPACTED_PACKAGE} to ${FIX_VERSION}"
 
           # [Optional, Default: "FALSE"]
           # If TRUE, Frogbot creates a single pull request with all the fixes.
@@ -126,17 +128,3 @@ jobs:
           # [Optional, Default: [email protected]]
           # Set the email of the commit author
           # JF_GIT_EMAIL_AUTHOR: ""
-
-          # [Optional]
-          # Set the list of allowed licenses
-          # The full list of licenses can be found in:
-          # https://github.com/jfrog/frogbot/blob/master/docs/licenses.md
-          # JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
-
-          # [Optional]
-          # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
-          # JF_AVOID_EXTRA_MESSAGES: "TRUE"
-
-          # [Optional]
-          # Add a title to pull request comments generated by Frogbot.
-          # JF_PR_COMMENT_TITLE: ""

.gitignore

@@ -1,4 +1,14 @@
-__tests__/runner/*
-.idea/*
+# IDEs
+.idea
+.vscode
+*.iml
+
 node_modules/.package-lock.json
-.DS_Store
+__tests__/runner/*
+
+# Vim
+*~
+*.swp
+
+# IOS
+*.DS_Store

action.yml

@@ -4,7 +4,7 @@ author: "JFrog"
 inputs:
     version:
         description: "JFrog CLI Version"
-        default: "2.62.2"
+        default: "2.63.0"
         required: false
     download-repository:
         description: "Remote repository in Artifactory pointing to 'https://releases.jfrog.io/artifactory/jfrog-cli'. Use this parameter in case you don't have an Internet access."