Closed valentijnscholten closed 2 years ago
@valentijnscholten @Maffooch After reviewing this issue and reproducing the same errors in Dojo with a JIRA cloud instance it appears that a solution is out of reach. When it comes to the basic authentication errors like 401 and 403, the 3 default JIRA calls cannot be controlled from the Dojo side. Unfortunately, any code fixes or modifications to the relevant files in DefectDojo won’t change what JIRA has for its connection calls.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
On our project, we're calling https://jira.example.com/rest/api/2/issue/ABC-123
in a loop in a cron job, and roughly 1 in a thousand calls fails with HTTP 401
(even though the previous call and the next cron job with same auth had successful responses).
according to HTTP you shouldn't retry on these, but I haven't seen any Jira REST API docs for whether a retry loop is a good approach or not...
Currently DD retries calls to JIRA 3 times. For 401 unauthorized errors this is not needed/desired. And maybe not even for other calls as well because it may result in 3 findings being created. It might be better to show the error to the user and let the use decide to retry / refresh / etc.