frogbot icon indicating copy to clipboard operation
frogbot copied to clipboard

Published 20 hours ago verified publisher icon jfrog

fix vulnerability using dotnet command if nuget not exist

Open justminime opened this issue 1 year ago • 6 comments

Is your feature request related to a problem? Please describe. I'm using frogbot inside a docker that does not have nuget but uses dotnet commands. when I run it I get:

Cloning repository with these details:
Clone url: [https://gitlab-ci-token:[MASKED]@gitlab.xxxx.net/develop/services/devops-xxxx.git](https://gitlab-ci-token:%5BMASKED%[email protected]/develop/services/devops-xxxx.git) remote name: origin, branch: refs/heads/develop
 -----------------------------------------------------------------
Start fixing Microsoft.NETCore.App with 2.0.3
Creating branch: frogbot-Microsoft.NETCore.App-1da05d022e80e8fb1bff4c48ea5bf8fe
[Warn] failed while fixing Microsoft.NETCore.App with version: 2.0.3 with error: 
nuget  microsoft.netcore.app2.0.3 command failed: exec: "nuget": executable file not found in $PATH
[Info] Running git checkout to base branch: develop

Describe the solution you'd like to see I would like it to use dotnet command instead of nuget

justminime avatar Apr 19 '23 11:04 justminime

Hello @justminime, thank you for your feature request and for using Frogbot. While Frogbot does not currently fix .NET or NuGet packages, it does have the capability to scan your pull requests and identify any potential vulnerabilities. We are committed to improving Frogbot's functionality and are working to add the ability to create fixing pull requests for NuGet and .NET packages in the future. I will keep you updated. Thank you again for bringing this to our attention.

omerzi avatar Apr 27 '23 04:04 omerzi

Do you have any estimation when this feature will be available? If you enable this for .NET environment then FrogBot will be very usefull for a lot of teams...

ermalbaj avatar Apr 27 '23 13:04 ermalbaj

@ermalbaj, We're hoping to add support for creating pull requests with fixes for NuGet packages during the next few months. We have a long and exciting features roadmap for Forgbot, and are trying to deliver as fast as we can.

eyalbe4 avatar Apr 27 '23 14:04 eyalbe4

Hello @eyalbe4, I am also interested in this feature to create pull requests with fixes for NuGet packages. Is there any progress or roadmap? Thanks in advance and regards

philipp-rauch-se avatar Jul 19 '23 13:07 philipp-rauch-se

Hello @justminime, @ermalbaj and @philipp-rauch-se, thank you for your patience! I'm pleased to inform you that Frogbot now supports create-fix for NuGet/.NET projects. Please note that the fix is applied using .NET CLI (v3.1+). Therefore, it's essential to have .NET CLI installed on your machine (NuGet CLI is not required for this operation). We trust that this new feature aligns with your requirements. Should you have any further questions or need additional assistance, please do not hesitate to reach out to us

eranturgeman avatar Sep 13 '23 08:09 eranturgeman

Hello @eranturgeman,

Thank you very much for the information and the update of the FrogBot. I will test the new feature and for sure it will be helpfull for us. I will let you know for the results.

ermalbaj avatar Sep 13 '23 08:09 ermalbaj