Frogbot Config

The Frogbot configuration required to scan Git repositories

Type object[]
File match frogbot-config.yml
Schema URL https://catalog.lintel.tools/schemas/schemastore/frogbot-config/latest.json
Source https://raw.githubusercontent.com/jfrog/frogbot/master/schema/frogbot-schema.json

Validate with Lintel

npx @lintel/lintel check
Type: object[]

The configuration required for Frogbot to scan your Git repositories.

Items

object
params object required

Includes the configuration of a single Git repository that needs to be scanned. For Azure Repos, Bitbucket Server and GitHub with JFrog Pipelines or Jenkins, you can define multiple 'params' sections one after the other, for scanning multiple Git repositories in the same organization.

3 nested properties
git required

Includes the required Git parameters such as repository name and branches.

Examples: {"repoName":"repo-name","branches":["master"]}
9 nested properties
repoName string required

The name of the git repository to scan.

Examples: "repo-name"
branches string[] required

A list of branches to scan.

Examples: ["master","v1","v2"]
commitMessageTemplate string
Default: ""
Examples: "[Frogbot]", "fix(dependency) update {IMPACTED_PACKAGE} to {FIX_VERSION}"
branchNameTemplate string
Default: ""
Examples: "Frogbot-{BRANCH_NAME_HASH}", "Security_Update-{BRANCH_NAME_HASH}", "{BRANCH_NAME_HASH}-Feature"
pullRequestTitleTemplate string

Add a title to pull request comments generated by Frogbot.

Default: ""
Examples: "[Frogbot]-{IMPACTED_PACKAGE}", "[Security_Update]-{FIX_VERSION}", "[Feature]"
avoidExtraMessages boolean

Avoid adding extra info to pull request comments. that isn't related to the scan findings.

Default: "false"
pullRequestCommentTitle string
Default: ""
Examples: "Pipelines 1", "Build 2321"
aggregateFixes boolean
Default: "false"
emailAuthor string
Default: "[email protected]"
Examples: "[email protected]"
scan

Includes the scanning parameters such as the required scanning directories.

8 nested properties
includeAllVulnerabilities boolean

Set to true to display all existing vulnerabilities, including the ones that were not added by the pull request.

avoidPreviousPrCommentsDeletion boolean

When adding new comments on pull requests, keep old comments that were added by previous scans.

failOnSecurityIssues boolean

Set to true to fail the job if security issues were found.

minSeverity string

Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests.

Default:
[
  "Show all severities"
]
Examples: "low, medium, high, critical"
fixableOnly boolean

Handle vulnerabilities with fix versions only.

Default:
[
  "false"
]
allowedLicenses array | null

List of allowed package licenses.

emailReceivers array | null

List of email addresses to receive emails about secrets that has been detected in a pull request scan.

projects array | null

A list of sub-projects / project dirs inside the Git repository.

jfrogPlatform

Includes the JFrog platform related parameters such as Project Watches.

2 nested properties
jfrogProjectKey string

The JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects.

watches string[]

JFrog Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches.

Examples

[
  {
    "params": {
      "git": {
        "repoName": "repo-name",
        "branches": [
          "master"
        ]
      }
    }
  }
]