diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 111b6f0..0823ef4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,7 +36,7 @@ jobs: - name: Build and publish run: | # Configure the project - jf npmc --repo-resolve sharan-npm-virtual --repo-deploy sharan-npm-virtual + jf npmc --repo-resolve nag-npm-virtual --repo-deploy nag-npm-virtual # Build the project using JFrog CLI jf npm install --build-name ${{env.BUILD_NAME}} --build-number ${{github.run_number}} # Publish the project @@ -53,13 +53,13 @@ jobs: password: ${{ secrets.JF_PASSWORD }} - name: Docker Build 🐳🐸 run: | - jf docker build . -t demo.jfrog.io/docker-local/reactappimage:${{github.run_number}} + jf docker build . -t productdemo.jfrog.io/nag-docker-local/reactappimage:${{github.run_number}} - name: JFrog docker image scan 🐳🐸 run: | - jf docker scan demo.jfrog.io/docker-local/reactappimage:${{github.run_number}} + jf docker scan productdemo.jfrog.io/nag-docker-local/reactappimage:${{github.run_number}} - name: Docker Push 🐳🐸 run: | - jf docker push demo.jfrog.io/docker-local/reactappimage:${{github.run_number}} + jf docker push productdemo.jfrog.io/nag-docker-local/reactappimage:${{github.run_number}} - name: Publish build build-info run: | # Collect and store environment variables in the build-info diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml index 4bbdfc2..97632eb 100644 --- a/.github/workflows/frogbot-scan-and-fix.yml +++ b/.github/workflows/frogbot-scan-and-fix.yml @@ -34,7 +34,7 @@ jobs: # 2. The `installCommand` variable isn't set in your frogbot-config.yml file. # # The command that installs the project dependencies (e.g "npm i", "nuget restore" or "dotnet restore") - # JF_INSTALL_DEPS_CMD: "" + JF_INSTALL_DEPS_CMD: "" # [Mandatory] # JFrog platform URL diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml index 6506cef..9689ea3 100644 --- a/.github/workflows/frogbot-scan-pr.yml +++ b/.github/workflows/frogbot-scan-pr.yml @@ -71,6 +71,6 @@ jobs: # Frogbot will download the project dependencies, if they're not cached locally. To download the # dependencies from a virtual repository in Artifactory, set the name of of the repository. There's no # need to set this value, if it is set in the frogbot-config.yml file. - JF_DEPS_REPO: "sharan-npm-virtual" + JF_DEPS_REPO: "nag-npm-virtual" diff --git a/.github/workflows/frogbot-scan-repository.yml b/.github/workflows/frogbot-scan-repository.yml index 8f1270f..086d0ae 100644 --- a/.github/workflows/frogbot-scan-repository.yml +++ b/.github/workflows/frogbot-scan-repository.yml @@ -3,7 +3,7 @@ on: workflow_dispatch: schedule: # The repository will be scanned once a day at 00:00 GMT. - #- cron: "0 0 * * *" + - cron: "0 0 * * *" permissions: contents: write pull-requests: write diff --git a/README.md b/README.md index af10844..f128f1d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # react-node-app - +[![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.svg)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot) docker build . -t soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 -docker push soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 \ No newline at end of file +docker push soleng.jfrog.io/alpha-docker-virtual/reactappimage:1.0.6 + +updated from pr1 \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..034e848 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc.