github-actions[bot]
commented
2 months ago
[](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)
[šø JFrog Frogbot](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)
[x] Update documentation about new features / new supported technologies
This PR updates the Audit parameters to include a specified technology from the install command, if provided.
This change leverages a new enhancement introduced here: https://github.com/jfrog/jfrog-cli-security/pull/175
In that improvement, we enhanced the technology detection when an install command is provided, allowing Frogbot to better handle complex structures where technologies are incorrectly identified. For instance, in a Yarn project with several sub-projects (not in a multi-module setup), where the sub-projects only have a package.json file without other Yarn indicators, these sub-projects are mistakenly identified as NPM projects.
This fix addresses that issue by enabling tech detection using descriptors when an install command is provided, rather than relying solely on indicators (which we typically use to avoid collisions between technologies with similar descriptors, like Yarn and NPM). If an install command is specified along with the working directories to scan (via frogbot-config.yml), we enforce this technology on each of the directories and use descriptors alone for verification, resolving the issue described.