search

jfrog / frogbot

🐸 Scans your Git repository with JFrog Xray for security vulnerabilities. 🤖
https://docs.jfrog-applications.jfrog.io/
Apache License 2.0
301 stars 69 forks source link

GitLab Pipeline Artifacts/Reports #723

Closed teodem closed 2 months ago

teodem commented 2 months ago

As a developer, i trigger SCA scans from GitLab pipeline but i would like to see the results (security report with the list of the vulnerabilities) directly in the pipeline execution, either as log or - even better - as a job artifact.

Result would be a pipeline log that summarize all the findings or a job artifact (with the same content as the merge request generated by Frogbot) in HTML.

eranturgeman commented 2 months ago

Hello @teodem and thank you for using Frogbot! We already have this feature in our future plans! You will be able to see the scan results in the job's execution log. Stay tuned for future updated!

teodem commented 2 months ago

Hi there, this links also to my last question. I think it would be beneficial to display also the indirect dependencies. I know what the purpose of Frogbot is, but it would still make sense to report the vulnerabilities along with the pull request. Otherwise i would need to use Jfrog CLI together with Frogbot for a complete overview of the vulnerabilities, which - in my opinion - increases complexity and maintenance.