Uploaded image for project: 'Jenkins Artifactory Plug-in'
  1. Jenkins Artifactory Plug-in
  2. HAP-1226

Jenkins pipeline not receiving X-ray scan results from Artifactory post WAR publish.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: 3 - High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Common, Gradle
    • Labels:
      None

      Description

      Problem statement: 

                                        Jenkins declarative pipeline  job successfully receives the X-ray scan response through the ArtifactoryXrayClient for the JAR artifactoryPublish. But for the WAR publish, the job hangs during the step of x-ray scan and job fails due to timeout after couple of minutes. But I am able to verify that the WAR has been published in the artifactory and also the X-ray has scanned and able to view the results in the X-ray Dashboard. 

      Expected behavior:

      Jar - The Jar which was published had passed the security in X-ray and were able to get the response in jenkins which works as expected.

      WAR - The published WAR has security issues in X-ray and expecting to receive a failure message as X-ray scan response which should lead to failing the Jenkins pipeline as I have configured as 'failBuild' : false.

      Not sure why the X-ray scan results are not getting received for WAR based publish?

      Below is the stack-trace from Jenkins pipeline.
      java.lang.RuntimeException: Artifactory response: [\{"status":-1,"message":"Request timed out"}]
      at org.jfrog.build.extractor.clientConfiguration.client.ArtifactoryXrayClient.parseXrayScanResponse(ArtifactoryXrayClient.java:94)
      at org.jfrog.build.extractor.clientConfiguration.client.ArtifactoryXrayClient.execute(ArtifactoryXrayClient.java:113)
      at org.jfrog.build.extractor.clientConfiguration.client.ArtifactoryXrayClient.xrayScanBuild(ArtifactoryXrayClient.java:59)
      at org.jfrog.hudson.pipeline.scripted.steps.XrayScanBuildStep$Execution.run(XrayScanBuildStep.java:78)
      at org.jfrog.hudson.pipeline.scripted.steps.XrayScanBuildStep$Execution.run(XrayScanBuildStep.java:44)
      at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
      at hudson.security.ACL.impersonate(ACL.java:290)
      at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at java.lang.Thread.run(Thread.java:748)
      Finished: FAILURE
       

       

       

      Thanks,

      Saravanan

       

                       

        Attachments

          Activity

            People

            Assignee:
            eyalb Eyal Ben Moshe
            Reporter:
            saradharsh saravanan
            Votes:
            3 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: