From 6ef6208d274b008bcdce6e8503f21b7c5120ac6a Mon Sep 17 00:00:00 2001
From: Naveen Surabathuni <naveens@naveens-mac.attlocal.net>
Date: Thu, 29 Jun 2023 07:11:49 -0400
Subject: [PATCH] add frogbot workflow file

---
 .github/.DS_Store                           | Bin 0 -> 6148 bytes
 .github/workflows/frogbot-scan-pr-maven.yml | 103 ++++++++++++++++++++
 .gitignore                                  |   1 +
 3 files changed, 104 insertions(+)
 create mode 100644 .github/.DS_Store
 create mode 100644 .github/workflows/frogbot-scan-pr-maven.yml

diff --git a/.github/.DS_Store b/.github/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..98e283d466331ea169fc3fa150e8537f1667ea36
GIT binary patch
literal 6148
zcmeHK%}T>S5T0$TO(;SR3VI88E!YwZ1uvo27cim+mD<p%p)p&U)*MP9cYPsW#OHBl
zcO#Zo@FZeqVD{UcpDg=r*x3aD(U}dJ01g0HsDvdOn>9jy(iJHg3!zZoxQ7@dWRQm0
zN;Dh(A_KH{Htv{&35?*&{-xtEmLYoI!f_m>(?;W6l**N@?W$F^YSwM=D6?SNpU%=w
ze{xNu3n}BU==a0RXqfe!-BX!N`%yBSsDx-R#E_e-C>hACBWKAVRk?w7Shi*NoP+t?
zYkPIK+42^3ciwCr<DliW7Yp0kJ3Kl$?~UT8M80S~1^#+Ub_^Eqik&q}dk!W^ERzTH
z7MVo`BQwAZFasOHfI0rG+J>x`m&pt;13zbg&IcEj&^MTCR7VFkbbTa$g^&dM^p+rW
z4f+Oijp#uUIu%i;3iHGeIvwq<iSrHS8g)7dH8Xz4%q+|cMX1@)?y7JQzD91D0cK#C
zfwCStRR7PufB!Eh@rW5<2L2TTqS6hz9bA&Btt*S8TI-_Tp^{KsuJJPkJE|08ES2JY
bR3&J4se|Yn%r&9~g)ah%25y*vUuEC}WQR@=

literal 0
HcmV?d00001

diff --git a/.github/workflows/frogbot-scan-pr-maven.yml b/.github/workflows/frogbot-scan-pr-maven.yml
new file mode 100644
index 000000000..701e0a559
--- /dev/null
+++ b/.github/workflows/frogbot-scan-pr-maven.yml
@@ -0,0 +1,103 @@
+name: "Frogbot Scan Pull Request"
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+permissions:
+  pull-requests: write
+  contents: read
+jobs:
+  scan-pull-request:
+    runs-on: ubuntu-latest
+    # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
+    # "frogbot" GitHub environment can approve the pull request to be scanned.
+    environment: frogbot
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      # Install prerequisites
+      - name: Set up Java
+        uses: actions/setup-java@v3
+        with:
+          java-version: "11"
+          distribution: "temurin"
+
+      - uses: jfrog/frogbot@v2
+        env:
+          # [Mandatory]
+          # JFrog platform URL
+          JF_URL: ${{ secrets.JF_URL }}
+
+          # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+          # JFrog access token with 'read' permissions on Xray service
+          JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
+          # [Mandatory if JF_ACCESS_TOKEN is not provided]
+          # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
+          # JF_USER: ${{ secrets.JF_USER }}
+
+          # [Mandatory if JF_ACCESS_TOKEN is not provided]
+          # JFrog password. Must be provided with JF_USER
+          # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
+
+          # [Mandatory]
+          # The GitHub token automatically generated for the job
+          JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # [Optional, default: https://api.github.com]
+          # API endpoint to GitHub
+          # JF_GIT_API_ENDPOINT: https://github.example.com
+
+          # [Optional]
+          # If the machine that runs Frogbot has no access to the internet, set the name of a remote repository
+          # in Artifactory, which proxies https://releases.jfrog.io
+          # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
+          # JF_RELEASES_REPO: ""
+
+
+
+          ##########################################################################
+          ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
+          ##   the following variables inside the file, instead of here.          ##
+          ##########################################################################
+
+          # [Optional, default: "."]
+          # Relative path to the root of the project in the Git repository
+          # JF_WORKING_DIR: path/to/project/dir
+
+          # [Optional]
+          # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
+          # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>
+
+          # [Optional]
+          # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects
+          # JF_PROJECT: <project-key>
+
+          # [Optional, default: "FALSE"]
+          # Displays all existing vulnerabilities, including the ones that were added by the pull request.
+          # JF_INCLUDE_ALL_VULNERABILITIES: "TRUE"
+
+          # [Optional, default: "TRUE"]
+          # Fails the Frogbot task if any security issue is found.
+          # JF_FAIL: "FALSE"
+
+          # [Optional]
+          # Frogbot will download the project dependencies if they're not cached locally. To download the
+          # dependencies from a virtual repository in Artifactory, set the name of the repository. There's no
+          # need to set this value, if it is set in the frogbot-config.yml file.
+          # JF_DEPS_REPO: ""
+
+          # [Optional, Default: "FALSE"]
+          # If TRUE, Frogbot creates a single pull request with all the fixes.
+          # If FALSE, Frogbot creates a separate pull request for each fix.
+          # JF_GIT_AGGREGATE_FIXES: "FALSE"
+
+          # [Optional, Default: "FALSE"]
+          # Handle vulnerabilities with fix versions only
+          # JF_FIXABLE_ONLY: "TRUE"
+
+          # [Optional]
+          # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
+          # The following values are accepted: Low, Medium, High or Critical
+          # JF_MIN_SEVERITY: ""
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 191769767..94358c245 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@ target/*
 .sts4-cache/
 .vscode
 _site/
+.github/.DS_Store