Fine tune JFrog Advanced Security on this project (#2299)

.jfrog/jfrog-apps-config.yml

@@ -0,0 +1,21 @@
+version: "1.0"
+modules:
+  - exclude_patterns:
+      - "**/.git/**"
+      - "**/node_modules/**"
+      - "**/out/**"
+
+      # Included in .gitignore:
+      - "**/.vscode/**"
+      - "**/.idea/**"
+    exclude_scanners:
+      - "iac"
+    scanners:
+      sast:
+        exclude_patterns:
+          - "**/testdata/**"
+          - "**/docs/**"
+      secrets:
+        exclude_patterns:
+          - "**/testdata/xray/jas-config/secrets/**"
+          - "**/testdata/xray/jas-test/secrets/**"

Jenkinsfile

@@ -194,6 +194,7 @@ def downloadToolsCert() {
 // Config Repo21 as default server.
 def configRepo21() {
     withCredentials([
+        // jfrog-ignore - false positive
         usernamePassword(credentialsId: 'repo21', usernameVariable: 'REPO21_USER', passwordVariable: 'REPO21_PASSWORD'),
         string(credentialsId: 'repo21-url', variable: 'REPO21_URL')
     ]) {
@@ -466,6 +467,7 @@ def publishChocoPackage(version, jfrogCliRepoDir, architectures) {
 
 def dockerLogin(){
     withCredentials([
+        // jfrog-ignore - false positive
         usernamePassword(credentialsId: 'repo21', usernameVariable: 'REPO21_USER', passwordVariable: 'REPO21_PASSWORD'),
         string(credentialsId: 'repo21-url', variable: 'REPO21_URL')
     ]) {

testdata/npm/npmnpmrcproject/.npmrc

@@ -3,4 +3,5 @@ registry=http://NO-NO-REPO/
 _auth=YWRtaW46QVBFG1ZkZFMzN3NCakJiaRFVBThVb0JlZzFl
 always-auth=true
 email=[email protected]
+# jfrog-ignore - not a real token
 //NO-NO-REPO/:_authToken=eyJ2ZXIiOzfsdhiOiIyR3A5cDlUYW44NmpaTkxDNlBpa0lmWTU1Uk9Kc1pfNGlFUnRQLVsdfhZmFjdG9yeUBsdhjZDc2MGJmOC0wNjI0LTQwYTYtOGEyMS0zOTViMzg1OWQzNzVcL3VzZXJzXC9hZG1pbiIsInNjcCI6Im1lbWJlci1vZi1ncm91cHM6KiBhcGk6KiIsImF1ZCI6ImpmLWFydGlmYWN0b3J5QGNkNzYwYmY4LTA2MjQtNDBhNisdhmpmLWFydGlmYWN0b3J5QGNkNzYwYmY4LTA2MjQtNDBhNi04YTIxLTM5NWIzODU5ZDM3NSIsImlhdCI6MTUxMzI0MjcxMywianRpIjoiNWZiYmY1ZDAtYjUzNC00ZWMxLWE3NDItZTRiMjNmZDA4YTI5In0.pwNys1ek1v7BtjESjlEMgiVLAdD60vwh1EWvuoGSaxAvu1ppW1fwCJmNjJ69HJbA58tq-AfkusKhr7juoIw2TaIsikyrnrDHv1ELaFupAxDMkDfx4w1GQO3dMzWYDAYoVfeaImpdXQ3_pKemR5eLiRiqJrtEfj52OfIFyVPOuBTvtoqDe8-DvFNFz0TyUAfbLvya8S9I6KGr2mxR4v8eir4me8zp0lPBm7oIKL_tfgr5uP9naTrUg5Ydfkc-vhwU0jK-45R3RQPbpW-NE78yy17TVJuxgE0s2OtMWmLpvr3FJaPCJ5VGPtRexJFbN_7BhR2tl02Wys41lk6pqSpRlA

testdata/xray/jas-config/sast/flask_webgoat/__init__.py

@@ -19,6 +19,7 @@ def query_db(query, args=(), one=False, commit=False):
 
 def create_app():
     app = Flask(__name__)
+    # jfrog-ignore - disable secrets scan findings
     app.secret_key = "aeZ1iwoh2ree2mo0Eereireong4baitixaixu5Ee"
 
     db_path = Path(DB_FILENAME)

testdata/xray/jas-test/sast/flask_webgoat/__init__.py

@@ -19,6 +19,7 @@ def query_db(query, args=(), one=False, commit=False):
 
 def create_app():
     app = Flask(__name__)
+    # jfrog-ignore - disable secrets scan findings
     app.secret_key = "aeZ1iwoh2ree2mo0Eereireong4baitixaixu5Ee"
 
     db_path = Path(DB_FILENAME)

utils/tests/consts.go

@@ -220,9 +220,11 @@ var (
 	GoPublishWithExclusionPath  = "github.com/jfrog/dependency/@v/github.com/jfrog/[email protected]/"
 
 	// Users
-	UserName1  = "alice"
-	Password1  = "A12356789z"
-	UserName2  = "bob"
+	UserName1 = "alice"
+	// jfrog-ignore - not a real password
+	Password1 = "A12356789z"
+	UserName2 = "bob"
+	// jfrog-ignore - not a real password
 	Password2  = "1B234578y9"
 	ProjectKey = "prj"
 )

xray_test.go

@@ -421,6 +421,8 @@ func TestXrayAuditMultiProjects(t *testing.T) {
 	multiProject := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray")
 	// Copy the multi project from the testdata to a temp dir
 	assert.NoError(t, biutils.CopyDir(multiProject, tempDirPath, true, nil))
+	prevWd := changeWD(t, tempDirPath)
+	defer clientTestUtils.ChangeDirAndAssert(t, prevWd)
 	workingDirsFlag := fmt.Sprintf("--working-dirs=%s, %s ,%s, %s",
 		filepath.Join(tempDirPath, "maven"), filepath.Join(tempDirPath, "nuget", "single4.0"),
 		filepath.Join(tempDirPath, "python", "pip"), filepath.Join(tempDirPath, "jas-test"))