jfrog / frogbot

🐸 Scans your Git repository with JFrog Xray for security vulnerabilities. 🤖
https://docs.jfrog-applications.jfrog.io/
Apache License 2.0
305 stars 73 forks source link

git clone failed with error: authentication required #665

Closed kasadna closed 8 months ago

kasadna commented 8 months ago

Describe the bug

Get error "git clone master from https:///scm//.git failed with error: authentication required".

If I try to login e.g. with curl against Bitbucket REST API with same environment variables, nothing wrong there

Current behavior

~ env |grep JF
JF_URL=https://<self-hosted-artifactory-url>
JF_USER=<user_same_for_bitbucket_and_artifactory>
JF_GIT_PROVIDER=bitbucketServer
JF_GIT_OWNER=<project>
JF_GIT_BASE_BRANCH=master
JF_GIT_REPO=<repo>
JF_GIT_API_ENDPOINT=https://<self-hosted-bitbucket-url>
JF_GIT_TOKEN=<bitbucket-token>
JFROG_CLI_LOG_LEVEL=DEBUG
JF_PASSWORD=<pass> 
~/frogbot ./frogbot scan-repository       
16:13:45 [🔵Info] Frogbot version: 2.19.10
16:13:45 [Debug] Reading config from file system. Looking for .frogbot/frogbot-config.yml
16:13:45 [Debug] frogbot-config.yml wasn't found in <path>/frogbot/.frogbot/frogbot-config.yml. Searching for it in upstream directories
16:13:45 [Debug] Attempting to download frogbot-config.yml from <path>/<repo>
16:13:45 [Debug] The frogbot-config.yml will be downloaded from master branch
16:13:46 [Debug] The .frogbot/frogbot-config.yml file wasn't recognized in <path>/<repo>
16:13:46 [Debug] Sending HTTP HEAD request to: 'https://github.com/jfrog/frogbot'
16:13:46 [Debug] Locking config file to run config AddOrEdit command.
16:13:46 [Debug] Creating lock in: /var/folders/jy/<path>/T/jfrog.cli.temp.-1710339226-1608102647/locks/config
16:13:46 [Debug] Releasing lock: /var/folders/jy/<path>/T/jfrog.cli.temp.-1710339226-1608102647/locks/config/jfrog-cli.conf.lck.64966.1710339226107811000
16:13:46 [Debug] Config AddOrEdit command completed successfully. config file is released.
16:13:46 [Debug] Usage Report: Sending info...
16:13:46 [🔵Info] Running Frogbot "scan-repository" command
16:13:46 [Debug] Sending HTTP GET request to: https://<self-hosted-artifactory-url>/artifactory/api/system/version
16:13:46 [Debug] Sending HTTP GET request to: https://<self-hosted-artifactory-url>/xray/api/v1/system/version
16:13:46 [Debug] Sending HTTP POST request to: https://usage-ecosystem.jfrog.io/api/usage/report
16:13:47 [Debug] Setting timeout for go-git to 120 seconds ...
16:13:47 [Debug] Created temp working directory: /var/folders/jy/c6nnrtvj0cz984hsmmx46yr40000gq/T/jfrog.cli.temp.-1710339227-160679609
16:13:47 [Debug] Running git clone https://<self-hosted-bitbucket-url>/scm/<project>/<repo>.git (master branch)...
16:13:57 [Debug] JFrog Xray version is: 3.82.10
16:13:57 [Debug] Artifactory response: 200 
16:13:57 [Debug] JFrog Artifactory version is: 7.68.13
16:13:57 [Debug] Sending HTTP POST request to: https://<self-hosted-artifactory-url>/artifactory/api/system/usage
16:13:58 [🚨Error] git clone master from https://<self-hosted-bitbucket-url>/scm/<project>/<repo>.git failed with error: authentication required

~ curl -u $JF_USER:$JF_GIT_TOKEN 'https://<self-hosted-bitbucket-url>/rest/api/latest/projects/<project>/repos/<repo>/branches' \
  --header 'Accept: application/json'
{"size":25, [...]}

Reproduction steps

No response

Expected behavior

No response

JFrog Frogbot version

2.19.10

Package manager info

Using binary from https://releases.jfrog.io/artifactory/frogbot/v2/[RELEASE]//frogbot-mac-386/frogbot

Git provider

Bitbucket Server

JFrog Frogbot configuration yaml file

No response

Operating system type and version

macOS 14.4

JFrog Xray version

3.82.10

attiasas commented 8 months ago

Hi @kasadna,

Thank you for using Frogbot!

It appears that the JF_GIT_USERNAME environment variable (Username of the git provider account) is missing, which is mandatory for Bitbucket.

Please feel free to reach out if you have any further questions or encounter any issues.

kasadna commented 8 months ago

Thanks for checking this! Could you add a check for the variable since it's mandatory as is JF_GIT_TOKEN?