{ "title": "Frogbot Configuration Schema", "description": "The configuration required for Frogbot to scan your Git repositories.", "$schema": "https://json-schema.org/draft-07/schema#", "type": "array", "items": { "required": ["params"], "additionalProperties": false, "properties": { "params": { "title": "Project Parameters", "required": ["git"], "description": "Includes the configuration of a single Git repository that needs to be scanned. For Azure Repos, Bitbucket Server and GitHub with JFrog Pipelines or Jenkins, you can define multiple 'params' sections one after the other, for scanning multiple Git repositories in the same organization.", "additionalProperties": false, "properties": { "git": { "$ref": "#/$git" }, "scan": { "$ref": "#/$scan" }, "jfrogPlatform": { "$ref": "#/$jfrogPlatform" } } } } }, "$git": { "title": "Git Parameter", "description": "Includes the required Git parameters such as repository name and branches.", "required": ["repoName", "branches"], "additionalProperties": false, "properties": { "repoName": { "type": "string", "title": "Repository Name", "description": "The name of the git repository to scan.", "examples": ["repo-name"] }, "branches": { "type": "array", "title": "Repository Branches", "description": "A list of branches to scan.", "items": { "type": "string", "default": "master", "title": "Repository Branch", "examples": ["master", "v1", "v2"] }, "examples": [["master", "v1", "v2"]] }, "commitMessageTemplate": { "type": "string", "default": "", "examples": [ "[Frogbot]", "fix(dependency) update {IMPACTED_PACKAGE} to {FIX_VERSION}" ] }, "branchNameTemplate": { "type": "string", "default": "", "examples": [ "Frogbot-{BRANCH_NAME_HASH}", "Security_Update-{BRANCH_NAME_HASH}", "{BRANCH_NAME_HASH}-Feature" ] }, "pullRequestTitleTemplate": { "type": "string", "default": "", "description": "Add a title to pull request comments generated by Frogbot.", "examples": [ "[Frogbot]-{IMPACTED_PACKAGE}", "[Security_Update]-{FIX_VERSION}", "[Feature]" ] }, "avoidExtraMessages": { "type": "boolean", "default": "false", "description": "Avoid adding extra info to pull request comments. that isn't related to the scan findings." }, "pullRequestCommentTitle": { "type": "string", "default": "", "examples": [ "Pipelines 1", "Build 2321" ] }, "aggregateFixes": { "type": "boolean", "default": "false" }, "emailAuthor": { "type": "string", "default": "eco-system+frogbot@jfrog.com", "examples": [ "myemail@jfrog.com" ] } }, "examples": [ { "repoName": "repo-name", "branches": ["master"] } ] }, "$scan": { "title": "Frogbot Scanning Parameters", "description": "Includes the scanning parameters such as the required scanning directories.", "additionalProperties": false, "properties": { "includeAllVulnerabilities": { "type": "boolean", "description": "Set to true to display all existing vulnerabilities, including the ones that were not added by the pull request.", "title": "Include All Vulnerabilities" }, "avoidPreviousPrCommentsDeletion": { "type": "boolean", "description": "When adding new comments on pull requests, keep old comments that were added by previous scans.", "title": "Keep Previous Frogbot Comments" }, "failOnSecurityIssues": { "type": "boolean", "description": "Set to true to fail the job if security issues were found.", "title": "Fail on Security Issues" }, "minSeverity": { "type": "string", "default": ["Show all severities"], "description": "Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests.", "title": "Minimum vulnerability severity to filter", "examples": ["low, medium, high, critical"] }, "fixableOnly": { "type": "boolean", "default": ["false"], "description": "Handle vulnerabilities with fix versions only.", "title": "Handle vulnerabilities with fix versions only" }, "allowedLicenses": { "type": [ "array", "null" ], "description": "List of allowed package licenses.", "title": "List of allowed package licenses", "items": { "type": "string", "title": "Allowed Package Licenses", "examples": [ "MIT", "Apache-2.0" ] } }, "emailReceivers": { "type": [ "array", "null" ], "description": "List of email addresses to receive emails about secrets that has been detected in a pull request scan.", "title": "List of email addresses to receive emails about secrets that has been detected in a pull request scan", "items": { "type": "string", "title": "Email Address", "examples": [ "user@company.com" ] } }, "projects": { "type": ["array", "null"], "title": "Projects in Git Repository", "description": "A list of sub-projects / project dirs inside the Git repository.", "items": { "additionalProperties": false, "properties": { "installCommand": { "type": "string", "title": "Install Command", "description": "An installation command to run to resolve the project dependencies.", "examples": ["nuget restore", "dotnet restore"] }, "workingDirs": { "type": "array", "title": "Working Directories", "description": "A list of relative paths to the projects directories in the git repository.", "default": ["."], "items": { "type": "string", "title": "Working Directory", "examples": [".", "npm-project/", "go/project-1/"], "default": "." } }, "pathExclusions": { "type": "array", "title": "Path Exclusions Patterns", "description": "List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.", "default": ["*.git*", "*node_modules*", "*target*", "*venv*", "*test*"], "items": { "type": "string", "title": "Path Exclusion Pattern", "examples": ["*.git*", "*node_modules*", "*target*", "*venv*", "*test*"] } }, "pipRequirementsFile": { "type": "string", "title": "Pip Requirements File", "description": "The requirements file name that used to install dependencies in case of Pip package manager.", "examples": ["requirements.txt"] }, "useWrapper": { "type": "boolean", "title": "Use Gradle Wrapper", "description": "Set to false to avoid using the Gradle wrapper.", "default": true }, "repository": { "type": "string", "title": "Virtual Artifactory Repository", "description": "Name of a Virtual Repository in Artifactory to resolve (download) the project dependencies from" } } } } } }, "$jfrogPlatform": { "title": "JFrog Platform Parameters", "description": "Includes the JFrog platform related parameters such as Project Watches.", "additionalProperties": false, "properties": { "jfrogProjectKey": { "type": "string", "title": "JFrog Project Key", "description": "The JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects." }, "watches": { "type": "array", "title": "JFrog Watches", "description": "JFrog Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches.", "items": { "type": "string", "title": "JFrog Watch" } } } }, "examples": [ [ { "params": { "git": { "repoName": "repo-name", "branches": ["master"] } } } ] ] }