Diff scan #389

attiasas · 2025-03-11T13:44:24Z

The pull request is targeting the dev branch.
The code has been validated to compile successfully by running go vet ./....
The code has been formatted properly using go fmt ./....
All static analysis checks passed.
All tests have passed. If this feature is not already covered by the tests, new tests have been added.
Updated the Contributing page / ReadMe page / CI Workflow files if needed.
All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

Depends on:

Add 'Title' attribute to PR information froggit-go#148
Analyzer-Manager version: 1.18.0

Adding a diff mode to audit indicated by 2 new params:

diffMode
resultsToCompare

if provided only diffMode the sca will not run and will only generate SBOM information
if both provided:
- for SCA we will get the SBOM, compare using the provided SBOM of the similar target and will only scan the dependencies that exists in the current and not the provided
- for JAS the return result will already contain the diff (calculated by the analyzer manager)

github-actions · 2025-05-14T07:54:36Z

🐸 JFrog Frogbot

commands/audit/audit_test.go

commands/audit/scarunner.go

jas/iac/iacscanner.go

jas/common.go

jas/sast/sastscanner.go

jas/secrets/secretsscanner.go

attiasas added 2 commits March 10, 2025 17:22

pass files to scan arg to audit to scarunner and jasrunner

83d1089

clean

5ad14d6

attiasas added the ignore for release Automatically generated release notes label Mar 11, 2025

attiasas had a problem deploying to frogbot March 11, 2025 13:44 — with GitHub Actions Failure

Merge remote-tracking branch 'upstream/dev' into diff_scan

198b6ee

attiasas had a problem deploying to frogbot March 11, 2025 13:44 — with GitHub Actions Failure

attiasas added 2 commits March 12, 2025 13:53

Merge remote-tracking branch 'upstream/dev' into diff_scan

86dc54c

Update deps to point to froggit

0a991ad

attiasas had a problem deploying to frogbot March 12, 2025 11:56 — with GitHub Actions Failure

attiasas mentioned this pull request Mar 13, 2025

Refactor PR diff scan logic to cli-security jfrog/frogbot#839

Open

4 tasks

jas options and add new results to compare param

5b245e3

attiasas had a problem deploying to frogbot March 13, 2025 15:45 — with GitHub Actions Failure

remove old code

7003f26

attiasas marked this pull request as draft March 16, 2025 08:47

add diff mode flag to params

c2c4550

attiasas had a problem deploying to frogbot March 18, 2025 11:55 — with GitHub Actions Failure

start to pass new vars to AM

0b8b141

attiasas had a problem deploying to frogbot March 18, 2025 13:37 — with GitHub Actions Failure

pass targetResults to JAS scanner

a2c98b4

attiasas had a problem deploying to frogbot March 19, 2025 07:22 — with GitHub Actions Failure

Merge remote-tracking branch 'upstream/dev' into diff_scan

41090e7

attiasas had a problem deploying to frogbot March 19, 2025 07:22 — with GitHub Actions Failure

attiasas added 4 commits March 19, 2025 12:14

finalized passing vars to AM

c823f14

adjust secrets scan

3619d3d

adjust Iac scan

9a43894

adjust SAST scan

05ff286

attiasas temporarily deployed to frogbot March 19, 2025 11:38 — with GitHub Actions Inactive

attiasas marked this pull request as ready for review March 19, 2025 11:38

attiasas added the safe to test Approve running integration tests on a pull request label Mar 19, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Mar 19, 2025

attiasas requested a deployment to frogbot May 12, 2025 08:42 — with GitHub Actions Waiting

attiasas added the safe to test Approve running integration tests on a pull request label May 12, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label May 12, 2025

remove requested descriptor for conan

67d608c

attiasas requested a deployment to frogbot May 12, 2025 12:05 — with GitHub Actions Waiting

attiasas added the safe to test Approve running integration tests on a pull request label May 12, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label May 12, 2025

skip if no deps

5e38228

attiasas requested a deployment to frogbot May 12, 2025 12:42 — with GitHub Actions Waiting

attiasas added the safe to test Approve running integration tests on a pull request label May 12, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label May 12, 2025

update analyzer manager to 1.18.0

eec0a9a

attiasas requested a deployment to frogbot May 12, 2025 15:08 — with GitHub Actions Waiting

attiasas added the safe to test Approve running integration tests on a pull request label May 12, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label May 12, 2025

fix tests

9b33c01

attiasas temporarily deployed to frogbot May 13, 2025 13:41 — with GitHub Actions Inactive

attiasas added the safe to test Approve running integration tests on a pull request label May 13, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label May 13, 2025