Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fail build for violation context #400

Open
wants to merge 9 commits into
base: dev
Choose a base branch
from
Open

fail build for violation context #400

wants to merge 9 commits into from
+25 −16

Conversation

hadarshjfrog
Copy link
Contributor

@hadarshjfrog hadarshjfrog commented Mar 31, 2025
edited by eranturgeman
Loading

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • Updated the Contributing page / ReadMe page / CI Workflow files if needed.
  • All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

This PR includes a bug fix for the following issue:
So far, when a user added --vuln flag we used to move to "vulnerabilities context", therefore ignoring fail build rules in discovered violations.
According to the documentation this flag means: "Set to true if you'd like to receive all vulnerabilities, regardless of the policy configured in Xray."
Therefore, this flag is expected to affect display ONLY and present vulnerabilities along with the violations when the flag is provided, but should not change any existing violations logic, meaning - if we have a FailBuild rule it should be applied even when the flag is provided with 'true' value

Known failing tests:
Screenshot 2025-04-02 at 18 27 12

@hadarshjfrog hadarshjfrog added improvement Automatically generated release notes safe to test Approve running integration tests on a pull request labels Mar 31, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Mar 31, 2025
@hadarshjfrog hadarshjfrog added the safe to test Approve running integration tests on a pull request label Mar 31, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Mar 31, 2025
@hadarshjfrog hadarshjfrog changed the title fail build even if vuln was provided fail build even for violation context Apr 1, 2025
@hadarshjfrog hadarshjfrog changed the title fail build even for violation context fail build for violation context Apr 1, 2025
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Apr 2, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Apr 2, 2025
@eranturgeman eranturgeman added bug Something isn't working safe to test Approve running integration tests on a pull request and removed improvement Automatically generated release notes labels Apr 2, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Apr 2, 2025
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Apr 2, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Apr 2, 2025
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Apr 2, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Apr 2, 2025
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Apr 8, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Apr 8, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2025

👍 Frogbot scanned this pull request and did not find any new security issues.

@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Apr 8, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Apr 8, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2025

Merging this branch will not change overall coverage

Impacted Packages Coverage Δ 🤖
github.com/jfrog/jfrog-cli-security 0.00% (ø)
github.com/jfrog/jfrog-cli-security/commands/audit 0.00% (ø)
github.com/jfrog/jfrog-cli-security/commands/scan 0.00% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/jfrog/jfrog-cli-security/commands/audit/audit.go 0.00% (ø) 0 0 0
github.com/jfrog/jfrog-cli-security/commands/scan/scan.go 0.00% (ø) 0 0 0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Changed unit test files

  • github.com/jfrog/jfrog-cli-security/git_test.go
  • github.com/jfrog/jfrog-cli-security/scans_test.go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eranturgeman eranturgeman

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hadarshjfrog @eranturgeman