frogbot: could not determine the package manager / build tool used by this project for Dotnet Projects

We Followed similar pattern for Dotnet Project and Kinda getting below pasted error

19:09:20 [Info] Running Frogbot "scan-pull-request" command 
19:09:21 [Info] Auditing project: /home/runner/work/test/test
Error: 1 [Error] audit command in /home/runner/work/test/test failed:
could not determine the package manager / build tool used by this project.
Error: The process '/opt/hostedtoolcache/frogbot/[RELEASE]/x64/frogbot' failed with exit code 1

It would be good to have enough documentation for Dotnet. My Github action workflows looks like below:

name: "Frogbot Scan Pull Request"
on:
  pull_request_target:
    types: [opened, synchronize]
permissions:
  pull-requests: write
  contents: read
jobs:
  scan-pull-request:
    runs-on: ubuntu-latest
    # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
    # "frogbot" GitHub environment can approve the pull request to be scanned.
    environment: frogbot
    steps:
      - uses: actions/checkout@v2
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      # Install prerequisites
      - uses: actions/setup-dotnet@v2
        with:
          dotnet-version: "6.0.x"

      - uses: jfrog/frogbot@v2
        env:
          JF_URL: 
          JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_DEPLOYER }}
          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"
          JF_REQUIREMENTS_FILE: "test/test.sln"

Regards Sri

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Reactions: 1
  • Comments: 21 (11 by maintainers)

Most upvoted comments

Sure @yalamarthisr. If you’d like Frogbot to scan every pull request without the need to approve the scan by one of the project maintainers, the scanned repository must be private (not have public access). If the project is public, the approval step cannot be removed.

+1
eyalbe4 on Feb 16, 2023

@yalamarthisr - The frogbot/frogbot-config.yml file is the way to go in any case. It includes information that Frogbot needs, like your git repository name and branches to scan. Also, once Frogbot will have the ability to restore dependencies from Artifactory, Frogbot will use the information about the working dir and install command (dotnet restore for example) stored in the frogbot/frogbot-config.yml file.

+1
eyalbe4 on Feb 13, 2023

Hey @yalamarthisr, at the moment, we do not support resolving dependencies through Artifactory on Frogbot. However, this feature is currently in development and should be released soon. I’ll keep you updated.

+1
omerzi on Feb 13, 2023
Read more comments on GitHub
← charts: xray template does not process key external database values
jfrog-cli: Artifactory focal contrib package lists error in releases.jfrog.io →