From 4e5f166ca95d7610d2c302bf51be958f60b9ce0b Mon Sep 17 00:00:00 2001 From: Bar Belity Date: Sun, 15 Sep 2024 08:43:15 +0000 Subject: [PATCH 1/5] GITBOOK-135: Lina's Jul 21 changes --- jfrog-applications/SUMMARY.md | 1 + .../count-contributing-developers.md | 219 ++++++++++++++++++ 2 files changed, 220 insertions(+) create mode 100644 jfrog-applications/jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md diff --git a/jfrog-applications/SUMMARY.md b/jfrog-applications/SUMMARY.md index d7447ed..e5fdacc 100644 --- a/jfrog-applications/SUMMARY.md +++ b/jfrog-applications/SUMMARY.md @@ -33,6 +33,7 @@ * [Scan Published Builds](jfrog-cli/cli-for-jfrog-security/scan-published-builds.md) * [Scan your Binaries](jfrog-cli/cli-for-jfrog-security/scan-your-binaries.md) * [Download Updates for Xray's Database](jfrog-cli/cli-for-jfrog-security/download-updates-for-xrays-database.md) + * [Count Contributing Developers](jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md) * [CLI for JFrog Curation](jfrog-cli/cli-for-jfrog-curation.md) * [CLI for JFrog Distribution](jfrog-cli/cli-for-jfrog-distribution.md) * [CLI for JFrog Pipelines](jfrog-cli/cli-for-jfrog-pipelines.md) diff --git a/jfrog-applications/jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md b/jfrog-applications/jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md new file mode 100644 index 0000000..0df8049 --- /dev/null +++ b/jfrog-applications/jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md @@ -0,0 +1,219 @@ +# Count Contributing Developers + +{% hint style="info" %} +This feature is supported in JFrog CLI version 2.60.0 +{% endhint %} + +The `git count-contributors` command allows JFrog users to easily determine the number of Git developers contributing to their code. The counts indicate the number of contributing developers to the **default branch**. + +The command works by counting the contributing developers for all commits performed within a time range you specify. The results are based on email addresses, thus giving you the specific number of unique developers. + +We provide several options to obtain the developer count: + +* **A single repository**: Analyze a single Git repository by providing the repository name. +* **Across a project/group**: Analyze multiple repositories organized under a project/group by providing the owner command option. +* **Across multiple Git servers**: Analyze repositories across various Git servers by providing a YAML file as an input file with the required parameters outlined below. + +This information can be helpful when purchasing an Advanced Security subscription, as the number of developers is often a key factor in pricing. + +Supported Git providers: + +* GitHub +* GitLab +* Bitbucket + +> This command is intended to assist you in gaining insights to your contributors count. However, we recommend that in addition to utilizing this command that you confirm the data. + +### Usage + +The `git count-contributors` command can be run from the JFrog CLI with the following syntax: + +``` +git count-contributors [command options] +``` + +| Command Option | Description | +| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| --scm-type |

(optional) The type of SCM to use for the analysis.

Supported Values: github, gitlab, bitbucket Example: --scm-type=github

| +| --scm-api-url |

(optional) The base URL of the SCM system's API endpoint.

Format: The full URL, including the protocol Example: --scm-api-url=https://api.github.com

| +| --token | (optional) The authentication token required to access the SCM system's API. In the absence of a flag, tokens should be passed in the JF\_GIT\_TOKEN environment variable, or the corresponding environment variables 'JFROG\_CLI\_GITLAB\_TOKEN, JFROG\_CLI\_GITHUB\_TOKEN or JFROG\_CLI\_BITBUCKET\_TOKEN' Example: `--token:your_access_token` | +| --owner | (optional) The owner or organization of the repositories to be analyzed. Format: Depending on the Git provider. On GitHub and GitLab, the owner is typically an individual or an organization, On Bitbucket, the owner can also be a project. In the case of a private instance on Bitbucket, the individual or organization name should be prefixed with '\~'. When using this option without a specific repository name, all repositories will be analyzed at the group/project level. Example: `owner=your-organization` | +| --months | (optional) The number of months to analyze for developer activity. Default: `1` Example: `--months=6` | +| --detailed-summary | (optional) Generates a more detailed summary of the contributors. Default: `false` Example: `--detailed-summary=true` | +| --repo-name | (optional) List of semicolon-separated(;) repositories names to analyze, If not provided all repositories related to the provided owner will be analyzed. Example: --repo-name=repo1;repo2 | +| --input-file | (optional) The path to an input file in YAML format that contains multiple git providers. Example: `--input-file="/Users/path/to/file/input.yaml"` | +| --verbose |

(optional)

Enables verbose output, providing more detailed information.

| + +#### Example Commands + +**Single Repository** + +```javascript +git cc --scm-type=github --scm-api-url=https://api.github.com --token= --owner=jfrog --months=4 --detailed-summary=false --repo-name=cli-core +``` + +Required Parameters: + +* \--scm-type +* \--scm-api-url +* \--token +* \--repo-name + +**Group/Project** + +```javascript +git cc --scm-type=gitlab --scm-api-url=https://git.vdoo.io --token= --owner=vdoo --months=3 --detailed-summary +``` + +Required Parameters: + +* \--scm-type +* \--scm-api-url +* \--token +* \--owner + +**Multiple Git Servers- YAML File** + +```javascript +git-servers-list: + - scm-type: bitbucket + scm-api-url: "https://api.bitbucket.url" + token: "token" + owner: "owner" + repositories: + - "repo1" + - "repo2" + - scm-type: gitlab + scm-api-url: "https://api.github.com" + token: "token" + owner: "owner" +``` + +Sample Output: + +
{
+  "total_unique_contributors": 4,	-	        The number of unique developers (dedup)
+  "total_commits": 4,				-	The number of commits examined on the default branch (total)
+  "scanned_repos": [				-	The repositories that were scanned
+    "test-go",
+    "test-cli-core"
+  ],
+  "report_date": "2024-07-22T12:08:04+03:00",	-	The report date
+  "number_of_months": "5",			-	The time range specified
+  "unique_contributors_list": [			-	The evidence of the last seen developer
+    {
+      "email": "dev1@users.noreply.github.com",
+      "name": "`Developer 1",
+      "last_commit": {
+        "repo": "test-cli-core",
+        "date": "2024-02-22T14:21:55Z",
+        "hash": "3463b55aa453fb5dd3d5e7c6ebf45a3e33710e72"
+      }
+    },
+    {
+      "email": "dev2@users.noreply.github.com",
+      "name": "Developer 2",
+      "last_commit": {
+        "repo": "test-go",
+        "date": "2024-03-24T07:56:17Z",
+        "hash": "8b102603458044b434689fc3832e12d30af12d15"
+      }
+    },
+    {
+      "email": "dev3@jfrog.com",
+      "name": "Developer 3",
+      "last_commit": {
+        "repo": "test-cli-core",
+        "date": "2024-02-25T15:15:19Z",
+        "hash": "de88b95a38242b9984877a8e928ceafedb147843"
+      }
+    }
+  ],
+  "detailed_contributors_list": {		-	With verbose; detailed evidence per user
+    "dev2@users.noreply.github.com": [
+      {
+        "repo_path": "test-go",
+        "last_commit": {
+          "date": "2024-03-24T07:56:17Z",
+          "hash": "8b102603458044b434689fc3832e12d30af12d15"
+        }
+      },
+      {
+        "repo_path": "test-cli-core",
+        "last_commit": {
+          "date": "2024-02-25T12:40:40Z",
+          "hash": "0941c5ce1007501c2793efa0e09b0e9531b8d503"
+        }
+      }
+    ],
+    "dev3@jfrog.com": [
+      {
+        "repo_path": "test-cli-core",
+        "last_commit": {
+          "date": "2024-02-25T15:15:19Z",
+          "hash": "de88b95a38242b9984877a8e928ceafedb147843"
+        }
+      }
+    ],
+    "dev1@users.noreply.github.com": [
+      {
+        "repo_path": "test-cli-core",
+        "last_commit": {
+          "date": "2024-02-22T14:21:55Z",
+          "hash": "3463b55aa453fb5dd3d5e7c6ebf45a3e33710e72"
+        }
+      }
+    ]
+  },
+  "detailed_repos_list": { -	With verbose; detailed evidence per repo
+    "test-go": [
+      {
+        "email": "dev2@users.noreply.github.com",
+        "last_commit": {
+          "date": "2024-03-24T07:56:17Z",
+          "hash": "8b102603458044b434689fc3832e12d30af12d15"
+        }
+      }
+    ],
+    "test-cli-core": [
+      {
+        "email": "dev3@jfrog.com",
+        "last_commit": {
+          "date": "2024-02-25T15:15:19Z",
+          "hash": "de88b95a38242b9984877a8e928ceafedb147843"
+        }
+      },
+      {
+        "email": "dev2@users.noreply.github.com",
+        "last_commit": {
+          "date": "2024-02-25T12:40:40Z",
+          "hash": "0941c5ce1007501c2793efa0e09b0e9531b8d503"
+        }
+      },
+      {
+        "email": "dev1@users.noreply.github.com",
+        "last_commit": {
+          "date": "2024-02-22T14:21:55Z",
+          "hash": "3463b55aa453fb5dd3d5e7c6ebf45a3e33710e72"
+        }
+      }
+    ]
+  }
+}
+
+ +[^1]: + +[^2]: + +[^3]: + +[^4]: + +[^5]: + +[^6]: + +[^7]: + +[^8]: From 520b89ff8dcd4ab86dac8fe3dd813b5fe95421ee Mon Sep 17 00:00:00 2001 From: Lina Daher Date: Sun, 15 Sep 2024 08:44:52 +0000 Subject: [PATCH 2/5] GITBOOK-143: change request with no subject merged in GitBook --- .../cli-for-jfrog-security/count-contributing-developers.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/jfrog-applications/jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md b/jfrog-applications/jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md index 0df8049..182ea6c 100644 --- a/jfrog-applications/jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md +++ b/jfrog-applications/jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md @@ -6,7 +6,7 @@ This feature is supported in JFrog CLI version 2.60.0 The `git count-contributors` command allows JFrog users to easily determine the number of Git developers contributing to their code. The counts indicate the number of contributing developers to the **default branch**. -The command works by counting the contributing developers for all commits performed within a time range you specify. The results are based on email addresses, thus giving you the specific number of unique developers. +The command counts the contributing developers for all commits performed within a specified time range. The results are based on email addresses, thus giving you a specific number of unique developers. We provide several options to obtain the developer count: @@ -22,7 +22,9 @@ Supported Git providers: * GitLab * Bitbucket -> This command is intended to assist you in gaining insights to your contributors count. However, we recommend that in addition to utilizing this command that you confirm the data. +{% hint style="info" %} +The CLI outputs may include an estimation of the contributing developers based on the input provided by the user. They may be based on third-party resources and databases and JFrog does not guarantee that the CLI outputs are accurate and/or complete. The CLI outputs are not legal advice and you are solely responsible for your use of it. CLI outputs are provided "as is" and any representation or warranty of or concerning any third-party technology is strictly between the user and the third-party owner or distributor of the third-party technology. +{% endhint %} ### Usage From f8e33df9d64d3bde1d7fdbf95a6f168d362901f5 Mon Sep 17 00:00:00 2001 From: Bar Belity Date: Sun, 15 Sep 2024 18:52:05 +0300 Subject: [PATCH 3/5] Update SUMMARY.md --- jfrog-applications/SUMMARY.md | 1 + 1 file changed, 1 insertion(+) diff --git a/jfrog-applications/SUMMARY.md b/jfrog-applications/SUMMARY.md index e5fdacc..1146f50 100644 --- a/jfrog-applications/SUMMARY.md +++ b/jfrog-applications/SUMMARY.md @@ -34,6 +34,7 @@ * [Scan your Binaries](jfrog-cli/cli-for-jfrog-security/scan-your-binaries.md) * [Download Updates for Xray's Database](jfrog-cli/cli-for-jfrog-security/download-updates-for-xrays-database.md) * [Count Contributing Developers](jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md) + * [Enrich your SBOM JSONs & XMLs](jfrog-applications/jfrog-cli/cli-for-jfrog-security/enrich-your-sbom.md) * [CLI for JFrog Curation](jfrog-cli/cli-for-jfrog-curation.md) * [CLI for JFrog Distribution](jfrog-cli/cli-for-jfrog-distribution.md) * [CLI for JFrog Pipelines](jfrog-cli/cli-for-jfrog-pipelines.md) From e1f13243e9bc4c003541372060e884009c7eb2fa Mon Sep 17 00:00:00 2001 From: Bar Belity Date: Sun, 15 Sep 2024 18:56:27 +0300 Subject: [PATCH 4/5] Update SUMMARY.md --- jfrog-applications/SUMMARY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jfrog-applications/SUMMARY.md b/jfrog-applications/SUMMARY.md index 1146f50..5c2f332 100644 --- a/jfrog-applications/SUMMARY.md +++ b/jfrog-applications/SUMMARY.md @@ -32,9 +32,9 @@ * [cUrl Integration](jfrog-cli/cli-for-jfrog-security/curl-integration.md) * [Scan Published Builds](jfrog-cli/cli-for-jfrog-security/scan-published-builds.md) * [Scan your Binaries](jfrog-cli/cli-for-jfrog-security/scan-your-binaries.md) + * [Enrich your SBOM JSONs & XMLs](jfrog-cli/cli-for-jfrog-security/enrich-your-sbom.md) * [Download Updates for Xray's Database](jfrog-cli/cli-for-jfrog-security/download-updates-for-xrays-database.md) * [Count Contributing Developers](jfrog-applications/jfrog-cli/cli-for-jfrog-security/count-contributing-developers.md) - * [Enrich your SBOM JSONs & XMLs](jfrog-applications/jfrog-cli/cli-for-jfrog-security/enrich-your-sbom.md) * [CLI for JFrog Curation](jfrog-cli/cli-for-jfrog-curation.md) * [CLI for JFrog Distribution](jfrog-cli/cli-for-jfrog-distribution.md) * [CLI for JFrog Pipelines](jfrog-cli/cli-for-jfrog-pipelines.md) From bc23e7ca9426ba24d1be3883ecbcd73778137c62 Mon Sep 17 00:00:00 2001 From: Bar Belity Date: Sun, 15 Sep 2024 16:12:40 +0000 Subject: [PATCH 5/5] GITBOOK-145: Update required versions for SBOM Enrichment CLI command --- .../enrich-your-sbom.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/jfrog-applications/jfrog-cli/cli-for-jfrog-security/enrich-your-sbom.md b/jfrog-applications/jfrog-cli/cli-for-jfrog-security/enrich-your-sbom.md index 4cd03ba..56e275d 100644 --- a/jfrog-applications/jfrog-cli/cli-for-jfrog-security/enrich-your-sbom.md +++ b/jfrog-applications/jfrog-cli/cli-for-jfrog-security/enrich-your-sbom.md @@ -1,9 +1,8 @@ # Enrich your SBOM JSONs & XMLs -The sbom enrichment command takes an exported SBOM file in XML/JSON format and enriches your -file with package vulnerabilities found by XRAY. +The sbom enrichment command takes an exported SBOM file in XML/JSON format and enriches your file with package vulnerabilities found by XRAY. -This _**jf sbom enrich **_ command enriches a file that is found on file_path. +This _**jf sbom enrich \**_ command enriches a file that is found on file\_path. *** @@ -11,21 +10,21 @@ This _**jf sbom enrich **_ command enriches a file that is found on f > This command requires: -* Version X or above of Xray -* Version Y or above of JFrog CLI +* Version 3.101.3 or above of Xray +* Version 2.60.0 or above of JFrog CLI *** #### Commands Params | | | -|-----------------------|-----------------------------------------------------------------------------------------------------------------------------------------| +| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | | **Command name** | sbom-enrich | | **Abbreviation** | se | | **Command options** | | -| `--server-id` |

[Optional]
Server ID configured using the jf c add command. If not specified, the default configured server is used.

| -| **Command arguments** | - | `file_path` | the sbom file path. +| `--server-id` |

[Optional]
Server ID configured using the jf c add command. If not specified, the default configured server is used.

| +| **Command arguments** | | +| `file_path` | the sbom file path. | #### Example 1 @@ -36,8 +35,9 @@ jf se "path/to/file.xml" ``` #### Example 2 + Enriches a JSON file + ``` jf se "path/to/files/file.json" ``` -