Skip to content

Commit

Permalink
Merge branch 'main' into token_validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@barv-jfrog
barv-jfrog authored Sep 18, 2024
2 parents 067d904 + bc23e7c commit 6c4a8ac
Show file tree
Hide file tree
Showing 3 changed files with 233 additions and 10 deletions.
2 changes: 2 additions & 0 deletions jfrog-applications/SUMMARY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@
* [cUrl Integration](jfrog-cli/cli-for-jfrog-security/curl-integration.md)
* [Scan Published Builds](jfrog-cli/cli-for-jfrog-security/scan-published-builds.md)
* [Scan your Binaries](jfrog-cli/cli-for-jfrog-security/scan-your-binaries.md)
* [Enrich your SBOM JSONs & XMLs](jfrog-cli/cli-for-jfrog-security/enrich-your-sbom.md)
* [Download Updates for Xray's Database](jfrog-cli/cli-for-jfrog-security/download-updates-for-xrays-database.md)
* [Count Contributing Developers](jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md)
* [CLI for JFrog Curation](jfrog-cli/cli-for-jfrog-curation.md)
* [CLI for JFrog Distribution](jfrog-cli/cli-for-jfrog-distribution.md)
* [CLI for JFrog Pipelines](jfrog-cli/cli-for-jfrog-pipelines.md)
Expand Down
221 changes: 221 additions & 0 deletions ...-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,221 @@
# Count Contributing Developers

{% hint style="info" %}
This feature is supported in JFrog CLI version 2.60.0
{% endhint %}

The `git count-contributors` command allows JFrog users to easily determine the number of Git developers contributing to their code. The counts indicate the number of contributing developers to the **default branch**. 

The command counts the contributing developers for all commits performed within a specified time range. The results are based on email addresses, thus giving you a specific number of unique developers. 

We provide several options to obtain the developer count:

* **A single repository**: Analyze a single Git repository by providing the repository name.
* **Across a project/group**: Analyze multiple repositories organized under a project/group by providing the owner command option.
* **Across multiple Git servers**: Analyze repositories across various Git servers by providing a YAML file as an input file with the required parameters outlined below.

This information can be helpful when purchasing an Advanced Security subscription, as the number of developers is often a key factor in pricing.

Supported Git providers:

* GitHub
* GitLab
* Bitbucket

{% hint style="info" %}
The CLI outputs may include an estimation of the contributing developers based on the input provided by the user. They may be based on third-party resources and databases and JFrog does not guarantee that the CLI outputs are accurate and/or complete. The CLI outputs are not legal advice and you are solely responsible for your use of it. CLI outputs are provided "as is" and any representation or warranty of or concerning any third-party technology is strictly between the user and the third-party owner or distributor of the third-party technology.
{% endhint %}

### Usage

The `git count-contributors` command can be run from the JFrog CLI with the following syntax:

```
git count-contributors [command options]
```

| Command Option | Description |
| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| --scm-type | <p>(optional) The type of SCM to use for the analysis. </p><p>Supported Values: <code>github, gitlab, bitbucket</code> Example: <code>--scm-type=github</code></p> |
| --scm-api-url | <p>(optional) The base URL of the SCM system's API endpoint. </p><p>Format: The full URL, including the protocol Example: <code>--scm-api-url=https://api.github.com</code></p> |
| --token | (optional) The authentication token required to access the SCM system's API. In the absence of a flag, tokens should be passed in the JF\_GIT\_TOKEN environment variable, or the corresponding environment variables 'JFROG\_CLI\_GITLAB\_TOKEN, JFROG\_CLI\_GITHUB\_TOKEN or JFROG\_CLI\_BITBUCKET\_TOKEN' Example: `--token:your_access_token` |
| --owner | (optional) The owner or organization of the repositories to be analyzed. Format: Depending on the Git provider. On GitHub and GitLab, the owner is typically an individual or an organization, On Bitbucket, the owner can also be a project. In the case of a private instance on Bitbucket, the individual or organization name should be prefixed with '\~'. When using this option without a specific repository name, all repositories will be analyzed at the group/project level. Example: `owner=your-organization` |
| --months | (optional) The number of months to analyze for developer activity. Default: `1` Example: `--months=6` |
| --detailed-summary | (optional) Generates a more detailed summary of the contributors. Default: `false` Example: `--detailed-summary=true` |
| --repo-name | (optional) List of semicolon-separated(;) repositories names to analyze, If not provided all repositories related to the provided owner will be analyzed. Example: --repo-name=repo1;repo2 |
| --input-file | (optional) The path to an input file in YAML format that contains multiple git providers. Example: `--input-file="/Users/path/to/file/input.yaml"` |
| --verbose | <p>(optional) </p><p>Enables verbose output, providing more detailed information.</p> |

#### Example Commands <a href="#example-commands" id="example-commands"></a>

**Single Repository**

```javascript
git cc --scm-type=github --scm-api-url=https://api.github.com --token=<token> --owner=jfrog --months=4 --detailed-summary=false --repo-name=cli-core
```

Required Parameters:

* \--scm-type
* \--scm-api-url
* \--token
* \--repo-name

**Group/Project**

```javascript
git cc --scm-type=gitlab --scm-api-url=https://git.vdoo.io --token=<token> --owner=vdoo --months=3 --detailed-summary
```

Required Parameters:

* \--scm-type
* \--scm-api-url
* \--token
* \--owner

**Multiple Git Servers- YAML File**

```javascript
git-servers-list:
- scm-type: bitbucket
scm-api-url: "https://api.bitbucket.url"
token: "token"
owner: "owner"
repositories:
- "repo1"
- "repo2"
- scm-type: gitlab
scm-api-url: "https://api.github.com"
token: "token"
owner: "owner"
```

Sample Output:

<pre><code>{
"total_unique_contributors": 4, - <a data-footnote-ref href="#user-content-fn-1">The number of unique developers (dedup)</a>
"total_commits": 4, - <a data-footnote-ref href="#user-content-fn-2">The number of commits examined on the default branch (total)</a>
"scanned_repos": [ - <a data-footnote-ref href="#user-content-fn-3">The repositories that were scanned</a>
"test-go",
"test-cli-core"
],
"report_date": "2024-07-22T12:08:04+03:00", - <a data-footnote-ref href="#user-content-fn-4">The report date</a>
"number_of_months": "5", - <a data-footnote-ref href="#user-content-fn-5">The time range specified</a>
"unique_contributors_list": [ - <a data-footnote-ref href="#user-content-fn-6">The evidence of the last seen developer</a>
{
"email": "[email protected]",
"name": "`Developer 1",
"last_commit": {
"repo": "test-cli-core",
"date": "2024-02-22T14:21:55Z",
"hash": "3463b55aa453fb5dd3d5e7c6ebf45a3e33710e72"
}
},
{
"email": "[email protected]",
"name": "Developer 2",
"last_commit": {
"repo": "test-go",
"date": "2024-03-24T07:56:17Z",
"hash": "8b102603458044b434689fc3832e12d30af12d15"
}
},
{
"email": "[email protected]",
"name": "Developer 3",
"last_commit": {
"repo": "test-cli-core",
"date": "2024-02-25T15:15:19Z",
"hash": "de88b95a38242b9984877a8e928ceafedb147843"
}
}
],
"detailed_contributors_list": { - <a data-footnote-ref href="#user-content-fn-7">With verbose; detailed evidence per user</a>
"[email protected]": [
{
"repo_path": "test-go",
"last_commit": {
"date": "2024-03-24T07:56:17Z",
"hash": "8b102603458044b434689fc3832e12d30af12d15"
}
},
{
"repo_path": "test-cli-core",
"last_commit": {
"date": "2024-02-25T12:40:40Z",
"hash": "0941c5ce1007501c2793efa0e09b0e9531b8d503"
}
}
],
"[email protected]": [
{
"repo_path": "test-cli-core",
"last_commit": {
"date": "2024-02-25T15:15:19Z",
"hash": "de88b95a38242b9984877a8e928ceafedb147843"
}
}
],
"[email protected]": [
{
"repo_path": "test-cli-core",
"last_commit": {
"date": "2024-02-22T14:21:55Z",
"hash": "3463b55aa453fb5dd3d5e7c6ebf45a3e33710e72"
}
}
]
},
"detailed_repos_list": { - <a data-footnote-ref href="#user-content-fn-8">With verbose; detailed evidence per repo</a>
"test-go": [
{
"email": "[email protected]",
"last_commit": {
"date": "2024-03-24T07:56:17Z",
"hash": "8b102603458044b434689fc3832e12d30af12d15"
}
}
],
"test-cli-core": [
{
"email": "[email protected]",
"last_commit": {
"date": "2024-02-25T15:15:19Z",
"hash": "de88b95a38242b9984877a8e928ceafedb147843"
}
},
{
"email": "[email protected]",
"last_commit": {
"date": "2024-02-25T12:40:40Z",
"hash": "0941c5ce1007501c2793efa0e09b0e9531b8d503"
}
},
{
"email": "[email protected]",
"last_commit": {
"date": "2024-02-22T14:21:55Z",
"hash": "3463b55aa453fb5dd3d5e7c6ebf45a3e33710e72"
}
}
]
}
}
</code></pre>

[^1]:

[^2]:

[^3]:

[^4]:

[^5]:

[^6]:

[^7]:

[^8]:
20 changes: 10 additions & 10 deletions jfrog-applications/jfrog-cli/cli-for-jfrog-security/enrich-your-sbom.md
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,30 @@
# Enrich your SBOM JSONs & XMLs

The sbom enrichment command takes an exported SBOM file in XML/JSON format and enriches your
file with package vulnerabilities found by XRAY.
The sbom enrichment command takes an exported SBOM file in XML/JSON format and enriches your file with package vulnerabilities found by XRAY.

This _**jf sbom enrich <file_path>**_ command enriches a file that is found on file_path.
This _**jf sbom enrich \<file\_path>**_ command enriches a file that is found on file\_path.

***

**Note**

> This command requires:
* Version X or above of Xray
* Version Y or above of JFrog CLI
* Version 3.101.3 or above of Xray
* Version 2.60.0 or above of JFrog CLI

***

#### Commands Params

| | |
|-----------------------|-----------------------------------------------------------------------------------------------------------------------------------------|
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| **Command name** | sbom-enrich |
| **Abbreviation** | se |
| **Command options** | |
| `--server-id` | <p>[Optional]<br>Server ID configured using the <em>jf c add</em> command. If not specified, the default configured server is used.</p> |
| **Command arguments** |
| `file_path` | the sbom file path.
| `--server-id` | <p>[Optional]<br>Server ID configured using the <em>jf c add</em> command. If not specified, the default configured server is used.</p> |
| **Command arguments** | |
| `file_path` | the sbom file path. |

#### Example 1

Expand All @@ -36,8 +35,9 @@ jf se "path/to/file.xml"
```

#### Example 2

Enriches a JSON file

```
jf se "path/to/files/file.json"
```

0 comments on commit 6c4a8ac

Please sign in to comment.