Description
Describe the bug
Stumbled when working on #1035
The file was added here that broke our IDEs working on it: https://github.com/jfrog/jfrog-cli/blob/dev/.jfrog/jfrog-apps-config.yml
The issue is that if you run docker scan in a folder that has .jfrog/jfrog-apps-config.yml the folder is taken to JAS scan and not the docker container.
Current behavior
Take a look at:
https://github.com/jfrog/jfrog-cli-core/blame/dev/xray/commands/audit/jas/common.go#L73
func createJFrogAppsConfig(workingDirs []string) (*jfrogappsconfig.JFrogAppsConfig, error) {
if jfrogAppsConfig, err := jfrogappsconfig.LoadConfigIfExist(); err != nil {
return nil, errorutils.CheckError(err)
} else if jfrogAppsConfig != nil {
// jfrog-apps-config.yml exist in the workspace
return jfrogAppsConfig, nil // RETURN WITHOUT TAKING IN TO ACCOUNT workingDirs IN DOCKER SCAN
}
// jfrog-apps-config.yml does not exist in the workspace
fullPathsWorkingDirs, err := coreutils.GetFullPathsWorkingDirs(workingDirs)
if err != nil {
return nil, err
}
jfrogAppsConfig := new(jfrogappsconfig.JFrogAppsConfig)
for _, workingDir := range fullPathsWorkingDirs {
jfrogAppsConfig.Modules = append(jfrogAppsConfig.Modules, jfrogappsconfig.Module{SourceRoot: workingDir})
}
return jfrogAppsConfig, nil
}workingDirs is not taken in to account if the config file exists. In the case of docker scan the current dir is not passed but a docker .tar file.
Reproduction steps
Run jf docker scan [container] in the jfrog-cli project
Expected behavior
The container should be scanned. AKA the yaml file passed should include the docker tar file
JFrog CLI-Core version
dev
JFrog CLI version (if applicable)
dev
Operating system type and version
OS X 14
JFrog Artifactory version
No response
JFrog Xray version
No response
Workaround
Run in a different folder the docker scan