Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip Auto-installation in Audit SCA scan if requested by user (Yarn, NPM, Go) #191

Open
wants to merge 18 commits into
base: dev
Choose a base branch
from
Open

Skip Auto-installation in Audit SCA scan if requested by user (Yarn, NPM, Go) #191

wants to merge 18 commits into from
+244 −54

Conversation

eranturgeman
Copy link
Contributor

@eranturgeman eranturgeman commented Sep 25, 2024
edited
Loading

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

This PR introduces a new ability that allows skip auto installation in a project/module that is not installed and not specifically forced to be installed (using provision of an install command)
This ability is currently available for Yarn and NPM only (and for Golang since no installation required in it).

The ability is usable through Frogbot using JF_SKIP_AUTO_INSTALL env var (jfrog/frogbot#758)
In addition, a new flag was added to enable using this ability through the CLI: --skip-auto-install

Linked PR: jfrog/build-info-go#277

@eranturgeman eranturgeman added new feature Automatically generated release notes safe to test Approve running integration tests on a pull request labels Sep 25, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 25, 2024
@eranturgeman eranturgeman mentioned this pull request Sep 25, 2024
Open
4 tasks
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Sep 25, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 25, 2024
attiasas
attiasas requested changes Sep 29, 2024
View reviewed changes
Copy link
Contributor

@attiasas attiasas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would also add it as a flag option to audit - --skip-install. we will need this in the future for the integrated tools

commands/audit/sca/npm/npm_test.go Outdated Show resolved Hide resolved
commands/audit/sca/npm/npm_test.go Show resolved Hide resolved
commands/audit/sca/yarn/yarn.go Show resolved Hide resolved
commands/audit/scarunner.go Outdated Show resolved Hide resolved
@eranturgeman
Copy link
Contributor Author

@attiasas Af for the comment you left - I will open a Jira ticket to add the flag, as this is not part of the current feature

@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Sep 30, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 30, 2024
@eranturgeman
Merge branch 'dev' of https://github.com/jfrog/jfrog-cli-security int…
6caa0bf 
…o skip-scan-if-auto-install-skipped-in-uninstalled-project
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Sep 30, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 30, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Sep 30, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 30, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Oct 1, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 1, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Oct 6, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 6, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 6, 2024

👍 Frogbot scanned this pull request and did not find any new security issues.

@eranturgeman eranturgeman changed the title Skip Auto-installation in Audit Sca scan if requested by user Skip Auto-installation in Audit SCA scan if requested by user Oct 10, 2024
@eranturgeman eranturgeman changed the title Skip Auto-installation in Audit SCA scan if requested by user Skip Auto-installation in Audit SCA scan if requested by user (Yarn, NPM, Go) Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@attiasas attiasas attiasas requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
new feature Automatically generated release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eranturgeman @attiasas