Skip to content

Fix parallel jfrog cli installation#140

Merged
bhanurp merged 19 commits intojfrog:mainfrom
bhanurp:fix-parallel-jfrog-cli-installation
Mar 15, 2026
Merged

Fix parallel jfrog cli installation#140
bhanurp merged 19 commits intojfrog:mainfrom
bhanurp:fix-parallel-jfrog-cli-installation

Conversation

@bhanurp
Copy link

@bhanurp bhanurp commented Feb 12, 2026
edited
Loading

Description

improvements included in this PR

  • Parallel JFrog CLI install race condition fixed (Windows-safe)
  • Graceful CLI upgrade fallback when binary is in use
  • Per-node synchronized install flow in BinaryInstaller
  • Windows SHA256 version-check path bug fixed (jf.exe)
  • Encryption key env var fix (getKey() instead of path)
  • Password stdin behavior enhanced and env-controlled
  • Freestyle build step added: Run JFrog CLI
  • Freestyle build wrapper added: Set up JFrog CLI environment
  • Freestyle post-build action added: Publish JFrog Build Info

@bhanurp bhanurp added the improvement Automatically generated release notes label Feb 12, 2026
@bhanurp bhanurp added the safe to test Approve running integration tests on a pull request label Feb 12, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 12, 2026
@bhanurp bhanurp added the safe to test Approve running integration tests on a pull request label Feb 12, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 12, 2026
agrasth
agrasth reviewed Feb 17, 2026
View reviewed changes
@github-actions
Copy link

github-actions bot commented Feb 24, 2026

🚨 Frogbot scanned this pull request and found the below:

📗 Scan Summary

  • Frogbot scanned for vulnerabilities and found 1 issues
Scan Category Status Security Issues
Software Composition Analysis ℹ️ Not Scanned -
Contextual Analysis ✅ Done -
Static Application Security Testing (SAST) ✅ Done
1 Issues Found 1 Low
Secrets ✅ Done -
Infrastructure as Code (IaC) ✅ Done Not Found

@github-actions
Copy link

github-actions bot commented Feb 24, 2026 

"http://"

at src/main/java/io/jenkins/plugins/jfrog/CliEnvConfigurator.java (line 60)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity Finding
low
Low		 Detected usage of communication methods lacking encryption.
Full description

Vulnerability Details
Rule ID: java-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;

public class insecure_protocol_vuln {

    public void connectToFrogService(String server) throws IOException {
        String insecureHttpProtocol = "http://"; // Insecure protocol
        String url = insecureHttpProtocol + server + "/frogEndpoint";
        URL obj = new URL(url);
        URLConnection conn = obj.openConnection(); // Vulnerable: Insecure protocol
        conn.connect();
    }
}

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
import javax.net.ssl.HttpsURLConnection;

public class insecure_protocol_safe {

    public void connectToFrogService(String server) throws IOException {
        String secureHttpProtocol = "https://"; // Secure protocol
        String url = secureHttpProtocol + server + "/frogEndpoint";
        URL obj = new URL(url);
        HttpsURLConnection conn = (HttpsURLConnection) obj.openConnection(); // Safe: Secure protocol
        conn.connect();
    }
}

<br></details>

---
<div align='center'>

[🐸 JFrog Frogbot](https://jfrog.com/help/r/jfrog-security-user-guide/shift-left-on-security/frogbot)

</div>

naveenku-jfrog
naveenku-jfrog approved these changes Mar 4, 2026
View reviewed changes
Copy link

@naveenku-jfrog naveenku-jfrog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might revert changes done in

  1. #142
  2. #141
    Please resolve the conflicts accordingly.

@bhanurp bhanurp added the safe to test Approve running integration tests on a pull request label Mar 15, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Mar 15, 2026
@bhanurp bhanurp added the safe to test Approve running integration tests on a pull request label Mar 15, 2026
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Mar 15, 2026
@bhanurp bhanurp merged commit 5274402 into jfrog:main Mar 15, 2026
5 of 8 checks passed
strangelookingnerd pushed a commit to strangelookingnerd/jenkins-jfrog-plugin that referenced this pull request Mar 23, 2026
@bhanurp @strangelookingnerd
Fix parallel jfrog cli installation (jfrog#140)
f140e39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@agrasth agrasth agrasth left review comments

@fluxxBot fluxxBot fluxxBot approved these changes

@naveenku-jfrog naveenku-jfrog naveenku-jfrog approved these changes

@itsmeleela itsmeleela Awaiting requested review from itsmeleela

Assignees

No one assigned

Labels

improvement Automatically generated release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bhanurp @agrasth @fluxxBot @naveenku-jfrog