Scan-and-fix PR needs to resolve from Artifactory for all package managers #621
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When we build dependency tree and an Artifactory server details are provided - the resolution is performed from Artifactory.
When Frogbot initiates a fix for vulnerable dependencies it does not resolves from Artifactory for all package managers.
This issue was found in NPM and Maven, and needs to be further checked upon all package managers and to be fixed in necessary
Current behavior
Dependencies resolution happens only upon dependency tree construction but not when Frogbot initiates the fix
Checked on NPM and Maven and needs to be further studied for the rest of the package managers
Reproduction steps
Run Scan-and-fix locally with depsRepo configured in frogbot-config.yml.
After building the dependency tree - delete local and remote (Artifactory) cache and continue to the Fix of Frogbot.
We can notice that the resolution that happens upon the fix doesn't resolve from Artifactory
Expected behavior
Resolve from Artifactory upon fix either + add integration tests to verify this flow
JFrog Frogbot version
2.19.7
Package manager info
All
Git provider
GitHub
JFrog Frogbot configuration yaml file
No response
Operating system type and version
Mac
JFrog Xray version
No response
The text was updated successfully, but these errors were encountered: