Audit SCA recursive scan (#555)

docs/frogbot-config.md

@@ -7,12 +7,6 @@ The [frogbot-config.yml](templates/.frogbot/frogbot-config.yml) file includes co
 
 ## Is the frogbot-config.yml file mandatory?
 Not all projects require the **frogbot-config.yml** file, but any project can use it.
-For projects with a single descriptor file (package.json, pom.xml, etc.), which is located 
-in the root directory of the project, the **frogbot-config.yml** file isn't mandatory.
-In other words, if the following conditions apply to your project, you don't have to create the file. 
-
-1. The project has only one descriptor file (pom.xml, package.json, go.mod, etc.) 
-2. The descriptor file is in the root directory of the project 
 
 If your project doesn't use a **frogbot-config.yml** file, all of the configuration Frogbot requires  
 should be provided as variables as part of the Frogbot workflows.

docs/install-azure-pipelines.md

@@ -115,6 +115,10 @@ jobs:
              # Relative path to the root of the project in the Git repository
              # JF_WORKING_DIR: maven
 
+             # [Default: "*node_modules*;*target*;*venv*;*test*"]
+             # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+             # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
              # [Optional]
              # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
              # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/install-gitlab.md

@@ -102,6 +102,10 @@ frogbot-scan:
     # Relative path to the root of the project in the Git repository
     # JF_WORKING_DIR: path/to/project/dir
 
+    # [Default: "*node_modules*;*target*;*venv*;*test*"]
+    # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+    # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
     # [Optional]
     # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
     # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/.frogbot/frogbot-config.yml

@@ -93,6 +93,11 @@
       #   workingDirs:
       #     - "."
 
+      # [Default: ["*node_modules*", "*target*", "*venv*", "*test*"]]
+      # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+      #   pathExclusions:
+      #     - "*node_modules*", "*target*", "*venv*", "*test*"
+
       # [Mandatory for pip only if using requirements file, Default: pip install .]
       # The requirements file name that is used to install dependencies in case of pip package manager
       #   pipRequirementsFile: ""

docs/templates/github-actions/frogbot-scan-pull-request.yml

@@ -83,6 +83,10 @@ jobs:
           # Relative path to the root of the project in the Git repository
           # JF_WORKING_DIR: path/to/project/dir
 
+          # [Default: "*node_modules*;*target*;*venv*;*test*"]
+          # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+          # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
           # [Optional]
           # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
           # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/github-actions/frogbot-scan-repository.yml

@@ -71,6 +71,10 @@ jobs:
           # Relative path to the root of the project in the Git repository
           # JF_WORKING_DIR: path/to/project/dir
 
+          # [Default: "*node_modules*;*target*;*venv*;*test*"]
+          # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+          # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
           # [Optional]
           # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
           # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/jenkins/scan-pull-request.jenkinsfile

@@ -99,6 +99,10 @@ pipeline {
         // Relative path to the root of the project in the Git repository
         // JF_WORKING_DIR= path/to/project/dir
 
+        // [Default: "*node_modules*;*target*;*venv*;*test*"]
+        // List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+        // JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
         // [Optional]
         // Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
         // JF_WATCHES= <watch-1>,<watch-2>...<watch-n>

docs/templates/jenkins/scan-repository.jenkinsfile

@@ -70,6 +70,10 @@ pipeline {
         // Relative path to the root of the project in the Git repository
         // JF_WORKING_DIR= path/to/project/dir
 
+        // [Default: "*node_modules*;*target*;*venv*;*test*"]
+        // List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+        // JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
         // [Optional]
         // Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
         // JF_WATCHES= <watch-1>,<watch-2>...<watch-n>

docs/templates/jfrog-pipelines/pipelines-dotnet.yml

@@ -118,6 +118,10 @@ pipelines:
             # Relative path to the root of the project in the Git repository
             # JF_WORKING_DIR: path/to/project/dir
 
+            # [Default: "*node_modules*;*target*;*venv*;*test*"]
+            # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+            # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
             # [Optional]
             # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
             # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/jfrog-pipelines/pipelines-go.yml

@@ -111,6 +111,10 @@ pipelines:
             # Relative path to the root of the project in the Git repository
             # JF_WORKING_DIR: path/to/project/dir
 
+            # [Default: "*node_modules*;*target*;*venv*;*test*"]
+            # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+            # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
             # [Optional]
             # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
             # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/jfrog-pipelines/pipelines-gradle.yml

@@ -111,6 +111,10 @@ pipelines:
             # Relative path to the root of the project in the Git repository
             # JF_WORKING_DIR: path/to/project/dir
 
+            # [Default: "*node_modules*;*target*;*venv*;*test*"]
+            # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+            # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
             # [Optional]
             # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
             # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/jfrog-pipelines/pipelines-maven.yml

@@ -125,6 +125,10 @@ pipelines:
             # Relative path to the project in the git repository
             # JF_WORKING_DIR: path/to/project/dir
 
+            # [Default: "*node_modules*;*target*;*venv*;*test*"]
+            # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+            # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
             # [Optional]
             # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
             # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/jfrog-pipelines/pipelines-npm.yml

@@ -118,6 +118,10 @@ pipelines:
             # Relative path to the root of the project in the Git repository
             # JF_WORKING_DIR: path/to/project/dir
 
+            # [Default: "*node_modules*;*target*;*venv*;*test*"]
+            # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+            # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
             # [Optional]
             # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
             # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/jfrog-pipelines/pipelines-pip.yml

@@ -128,6 +128,10 @@ pipelines:
             # Relative path to the project in the git repository
             # JF_WORKING_DIR: path/to/project/dir
 
+            # [Default: "*node_modules*;*target*;*venv*;*test*"]
+            # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+            # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
             # [Optional]
             # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
             # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/jfrog-pipelines/pipelines-pipenv.yml

@@ -111,6 +111,10 @@ pipelines:
             # Relative path to the root of the project in the Git repository
             # JF_WORKING_DIR: path/to/project/dir
 
+            # [Default: "*node_modules*;*target*;*venv*;*test*"]
+            # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+            # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
             # [Optional]
             # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
             # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/jfrog-pipelines/pipelines-poetry.yml

@@ -121,6 +121,10 @@ pipelines:
             # Relative path to the project in the git repository
             # JF_WORKING_DIR: path/to/project/dir
 
+            # [Default: "*node_modules*;*target*;*venv*;*test*"]
+            # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+            # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
             # [Optional]
             # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
             # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

docs/templates/jfrog-pipelines/pipelines-yarn2.yml

@@ -128,6 +128,10 @@ pipelines:
             # Relative path to the project in the git repository
             # JF_WORKING_DIR: path/to/project/dir
 
+            # [Default: "*node_modules*;*target*;*venv*;*test*"]
+            # List of exclusion patterns (utilizing wildcards) for excluding paths in the source code of the Git repository during SCA scans.
+            # JF_PATH_EXCLUSIONS: "*node_modules*;*target*;*venv*;*test*"
+
             # [Optional]
             # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches
             # JF_WATCHES: <watch-1>,<watch-2>...<watch-n>

go.mod

@@ -121,6 +121,8 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20231031151842-e2f7d850ce11
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20231105090858-7296ed5f0f95
 
 replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20231031143744-13f94ab07bbc
+
+replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20231101142932-422f20520a28

go.sum

@@ -886,10 +886,10 @@ github.com/jfrog/gofrog v1.3.1 h1:QqAwQXCVReT724uga1AYqG/ZyrNQ6f+iTxmzkb+YFQk=
 github.com/jfrog/gofrog v1.3.1/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20231031151842-e2f7d850ce11 h1:qOR/T+8u6/AQOHCR8x9/41a26SOwfHgLuJX2qNPUrr4=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20231031151842-e2f7d850ce11/go.mod h1:NuupJonHkjQzjK63uV6p8RrD+Sv40hZbRghSnrsLd9E=
-github.com/jfrog/jfrog-client-go v1.34.3 h1:kDfw3FUQQvOsTKFqonIgLlziez6CSX80xCYZIH9YYcg=
-github.com/jfrog/jfrog-client-go v1.34.3/go.mod h1:fuxhYzWEkA16+ZV5cP/BJUGjA3SXVKbBoDmb8ZS6J4g=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20231105090858-7296ed5f0f95 h1:15rDFbmb19Tdg06C1Ruo0SZ9uR7EszXjIv6ykeBPGtI=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20231105090858-7296ed5f0f95/go.mod h1:tvQHXRqHJn8k3aWhMmM5iEBSLfWlZpP1TIGHv7wKZfw=
+github.com/jfrog/jfrog-client-go v1.28.1-0.20231101142932-422f20520a28 h1:CeuORbXaa9E+jDTT/DX1Ozuo8HGzDO7B8PIs0O35MNo=
+github.com/jfrog/jfrog-client-go v1.28.1-0.20231101142932-422f20520a28/go.mod h1:fuxhYzWEkA16+ZV5cP/BJUGjA3SXVKbBoDmb8ZS6J4g=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=