Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scan-and-fix PR needs to resolve from Artifactory for all package managers #621

Closed
eranturgeman opened this issue Jan 21, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@eranturgeman
Copy link
Contributor

eranturgeman commented Jan 21, 2024

Describe the bug

When we build dependency tree and an Artifactory server details are provided - the resolution is performed from Artifactory.
When Frogbot initiates a fix for vulnerable dependencies it does not resolves from Artifactory for all package managers.
This issue was found in NPM and Maven, and needs to be further checked upon all package managers and to be fixed in necessary

Current behavior

Dependencies resolution happens only upon dependency tree construction but not when Frogbot initiates the fix
Checked on NPM and Maven and needs to be further studied for the rest of the package managers

Reproduction steps

Run Scan-and-fix locally with depsRepo configured in frogbot-config.yml.
After building the dependency tree - delete local and remote (Artifactory) cache and continue to the Fix of Frogbot.
We can notice that the resolution that happens upon the fix doesn't resolve from Artifactory

Expected behavior

Resolve from Artifactory upon fix either + add integration tests to verify this flow

JFrog Frogbot version

2.19.7

Package manager info

All

Git provider

GitHub

JFrog Frogbot configuration yaml file

No response

Operating system type and version

Mac

JFrog Xray version

No response

@eranturgeman eranturgeman added the bug Something isn't working label Jan 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant