Disenchantment with functionality

[Jan-Pleva]

I have to say I'm a little disappointed. We try the FrogBot on Azure DevOps, but it shows, that there is lot of configuration for each project and in the end it is the same process as for build process, which we primary focus on set-up (so duplication).

The current Frogbot running is also high resource consumption according to the number of pull requests and the length of the build time.

What I would like to see? It should be easy to set-up as global settings for all projects, even when thay dont have yet JFrog in build pipeline. I expect functionality similar to JFrog Xray in IDE, where JFrog just takes the connection, components and show the results. No other settings is required. (for example from pom file, or requirement.txt file or cproj file )

[omerzi]

Hi @Jan-Pleva, Thanks a lot for the feedback. We're taking the feedback we receive for Frogbot very seriously and are constantly working to improve it.

To make the setup process easier, we have a feature planned, to allow creating the frogbot-config.yml automatically, and allow you to modify it if needed. Also, we're working on improving the scan-and-fix-repos command so that it won't scan repositories unless there has been a new commit. If you have additional suggestions for us to make the setup process easier, please let us know.

As for your feedback in regard to resource utilization, we'd like to understand it better. Will you be able to elaborate more on this? You mentioned that the build takes a long time. What type of projects is Frogbot scanning for you? Which part of the workflow takes a lot of time?

Thanks for helping Frogbot improve.

[Jan-Pleva]

Hi, some of our builds take 30minutes, it is maven, gradle. The misunderstanding is, that Frogbot is trying to do build withnout the detail configuration. How does work the JFrog IDE plugin? Is it also doing build behind?

[eyalbe4]

@Jan-Pleva, I assume that the process takes 30 minutes for you because this is time it takes for your project depedencies to downloaded. This time can be reduced to zero by using a local cache. Which runtime are you using? Let ua know and we'll assist you avoid this download time. The JFrog IDE integrations the cache on the local machine. Can you also clarify what do you mean by the "detail configuration"?

[Jan-Pleva]

I mean this configuration https://github.com/jfrog/frogbot/blob/master/docs/install-azure-repos.md So every project has to set-up. Then I dont see the different with the build settings...

[yahavi]

@Jan-Pleva thanks for your important feedback.

This setup can happen one time. You can scan multiple repositories with one task - just add the frogbot-config.yml file in a single repository containing the bare minimal info for each one of your repositories. For example:

- params:
    git:
      repoName: repo-1
      branches:
        - master
- params:
    git:
      repoName: repo-2
      branches:
        - master
        - dev
- params:
    git:
      repoName: repo-3
      branches:
        - master
    scan:
      projects:
        - pipRequirementsFile: requirements.txt

A word about the long scan time - I'd like to share that we had some progress for Gradle in Frogbot 2.6.4. This change should significantly improve the scan time for large Gradle projects by avoiding compiling the code. We have plans to do the same for Maven in the near future.

We give Frogbot a lot of attention and keep improving it constantly. With that said, we'd appreciate your feedback and ideas for how to make it easier for you.

[Jan-Pleva]

Ok. Great tip.

But the main issue is that the use is not so easy as in plugin in IDE. The idea was to setup on one please for ALL our Azure DevOps projects, not separately in every project, because thats, what we do with the JFrog build process.

[eyalbe4]

@Jan-Pleva, We're open to receiving feedback and improving the solution following it. There's a chance there's a gap that I'm missing, so please forgive me if this is the case. My question is this: Are you saying that you're not able to create a single Azure DevOps pipeline for scanning all of your repositories? Doesn't the solution! @yahavi proposed above allow just that?

[Jan-Pleva]

Hi, i would like to create just one set-up for all my DevOps projects and their repositories.

At the same time, I'm afraid that the build settings are very specific from project to project.

[eyalbe4]

Thanks for feedback. With your help we may be able to improve the setup! I think I understand the issue you're describing @Jan-Pleva. Let me know what you think. The Frogbot pipelines are currently bounded to a single Azure DevOps project. This is because of this variable that the pipeline template includes -

JF_GIT_PROJECT: $(System.TeamProject)

If the template allowed including multiple projects, would that get us closer to simplifying the setup? Also, did you set a value for the 'JF_GIT_OWNER' variable the template includes, or is this variable redundant for your setup?

[Jan-Pleva]

Sorry, after discovering the principle, we didnt try closer. But yes, I thing you now understand the point.