Failing to run JFrog Bot Scan

[Sof0-0]

Hello, I have been trying to set up the JFrog Xray scanning for the repository in my organization and it keeps failing on something like this:

I want to ask how exactly are the scans being conducted? Does the product has to be fully functional for scan to work or do I have to manually add dependencies and environment variables. Here is the configuration file:

I would appreciate your help!

[gailazar300]

Hello @Sof0-0
Can you please share your "JF_REQUIREMENTS_FILE" environment variable content in the attached configuration file?
The error may occur if this variable is not set, as Frogbot will try to build the project without considering the requirements file.

You can try to add it manually to the configuration file:

        # Pip requirements.txt file path
        JF_REQUIREMENTS_FILE: ""

[sharvesh06]

I have similar issue,
22:22:44 [Info] Xray scan completed 22:22:53 [Error] the following errors occured while fixing vulnerabilities in '/tmp/jfrog.cli.temp.-1710281552-1494864668': an error occurred while attempting to read the requirements file: open setup.py: no such file or directory
We have a monorepo and JF_REQUIREMENTS_FILE is set to ""

[eranturgeman]

Hello @Sof0-0 and @sharvesh06
Let me break it down for you:
It all depends on how you configured your CI workflow file. In general- Frogbot is searching for descriptor files in the project. After finding them it can decide which technology is being used in the project so it can perform the dependencies graphs constructions and the fixes correctly.
When using python, since this language enables providing descriptor files in many different names, we require the customer to provide the descriptor file name.
Now, if you didn't define a structure to your project in the CI file (meaning didn't define workingDirs [modules] manually) Frogbot will recursively scan the entire project and will search for the descriptor files (in your case - the file's name you provided in through pipRequirementsFile or JF_REQUIREMENTS_FILE). If you have defined working dirs, Frogbot will NOT perform a recursive scan and will search for the descriptor in the path you provided for the workingDir.

The error you are experiencing indicates that a descriptor is not found in the searched working dir. I assume this happens due to one of the following:

1. you didn't provide the name of the python descriptor you use (unless you use setup.py)
2. you defined workingDirs and you don't have the descriptor in the root path you defined for the working dir

If one of the scenarios above applied to you let me know and it will be easier to resolve. If not, I'd like to further investigate and I'd appreciate if you can provide the full workflow file and frogbot-config.yml you use (if you use this file)