search

jfrog / frogbot

🐸 Scans your Git repository with JFrog Xray for security vulnerabilities. 🤖
https://docs.jfrog-applications.jfrog.io/
Apache License 2.0
301 stars 69 forks source link

Question about scanning repository or pull request process #759

Open LSH0809 opened 4 days ago

LSH0809 commented 4 days ago

Hi I'm running JFrog Artifactory 7.63.8 and JFrog Xray 3.78.9. I'm testing Frogbot 2.21.9 with Bitbucket 8.7.9 and Jenkins 2.462.2.

During the test, something came up that I was curious about.

  1. Do Scan repository or Scan Pull reqeust (single repository, multi repository) functions require build successfully?
  2. Do those function clone repository in the build machine during the scan process?
  3. There is no concept called 'Organization' in the Bitbucket Data Center. Then is it proper to use scanning multiple repository or pull request ?
  4. And if I can scan multiple repository or pull request, does it only work by using frogbot-config.yml? not jenkins pipeline using env?
  5. if I use .frogbot/frogbot-config.yml then Can I use it in the Bamboo Data Center?

Thanks for your support.