Open
Conversation
- Replace placeholder test.yml with proper test workflow supporting multiple OS - Add security-scan.yml for JFrog audit and vulnerability scanning - Add credential-validation.yml for Artifactory credentials validation - Add frogbot.yml for automated security scanning and PR checks - All workflows use Java 17 as required by Bamboo plugin - Tests run on Ubuntu, Windows, and macOS for better coverage
- Add explicit JFrog CLI configuration step before audit commands - Configure server details with URL and access token - Fixes 'JFrog Xray URL must be provided' error in security-scan.yml - Apply same fix to credential-validation.yml for consistency
- Sanitize error messages in BuildLog.java to prevent internal structure exposure - Improve error handling in ServerConfigManagerImpl.java with generic messages - Sanitize exception messages in JfrogServerConfigAction.java - Add warning for HTTP connections to promote HTTPS usage - Remove detailed exception information from user-facing error messages Fixes 5 low-severity SAST findings from security audit
- Remove StringEscapeUtils dependency causing commons-lang3 compatibility issues - Replace HTML escaping with simple character validation for Server ID - Update test expectations to match sanitized error messages - Fix test case for URL validation to match actual validation logic
- Update test to use truly malformed URL (https://[invalid-host) - https:// alone is actually valid according to Java URL class - All tests now pass successfully
- Remove manual JFrog CLI configuration steps - The jfrog/setup-jfrog-cli@v4 action automatically configures CLI - Fix 'Wrong number of arguments' error in jf config use command - Use ARTIFACTORY_ACCESS_TOKEN consistently in security-scan.yml
agrasth
force-pushed
the
testPipelineChanges
branch
from
2d25541 to
b0ce5d3
Compare
- Remove exception details from log.error calls to prevent information disclosure - Improve HTTP validation logic with enhanced security messaging - Address all remaining SAST findings for production security compliance
- Remove exception parameter from log.error calls in ServerConfigManagerImpl - Prevents internal code structure exposure through error messages - Addresses final SAST information disclosure vulnerabilities
agrasth
force-pushed
the
feature/improve-workflows
branch
from
95134d0 to
6b4ff09
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.