Closed arunkumarr-3 closed 1 month ago
We log the response headers and body from Slack in DEBUG
level. You can enable debug logging by passing the LOGGING_LEVEL=DEBUG
environment variable.
Debug logs will be quite noisy, you can grep / filter for SlackPublisher
to narrow it down to just the Slack-related stuff.
Knowing why they reject the notifications would be helpful to resolve the issue.
Hi @nscuro , Thanks for taking up this, I have done the above mentioned things and Now I got the following logs,
2024-05-24 09:08:02,260 WARN [SlackPublisher] Destination responded with with status code 400, likely indicating a processing failure (PublishContext{notificationGroup=POLICY_VIOLATION, notificationLevel=INFORMATIONAL, notificationScope=PORTFOLIO, notificationTimestamp=2024-05-24T09:07:52.426113846Z, notificationSubjects={component=Component[uuid=12284c58-bc90-4a25-b463-cfbd70ec0d40, group=null, name=wmi-lite, version=1.0.7], project=Project[uuid=116f05fb-5656-4cc5-bdb1-1557941e3b83, name=redacted, version=null]}, ruleName=test, ruleScope=PORTFOLIO, ruleLevel=INFORMATIONAL})
2024-05-24 09:08:02,260 DEBUG [SlackPublisher] Response headers: date: Fri, 24 May 2024 09:08:02 GMT 2024-05-24 09:08:02,260 DEBUG [SlackPublisher] Response body: invalid_blocks
Please let me know any additional information is required...
Thanks for checking. Sadly that doesn't really tell us what exactly is wrong. I think someone will need to manually debug under what conditions exactly this is happening.
I think there is a template issue, but i am not confident yet to tell, that, i have came through this issue https://github.com/DependencyTrack/dependency-track/issues/3170 which seems to similar to my problem, but even working with the updated template i faced same issue.
Hoping to get the solution to fix it :)
We have tests that assert the JSON we send to Slack, you can find it here:
Thanks, Based on this I will try to re create the template and check whether it will address my issue.
I did some manual testing with a bare-bones Dependency-Track installation, where nothing but the Slack alert is configured.
This is a Webhook that was rejected with invalid_blocks
:
The JSON is valid, and according to Slack's documentation it's not using any unknown or otherwise invalid blocks.
However, notice how the url
field at the bottom only has a path, not a full URL. The URLs are supposed to link back to your Dependency-Track instance. The base URL is configured in the settings:
After configuring the base URL (e.g. to http://localhost:8080
), all notifications are sent successfully. It seems Slack is validating the URLs being sent.
For reference, this payload is accepted by Slack:
Thanks very much its worked :)
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Current Behavior
Hi,
I was trying to create a Slack Alert for Policy violations notification, Audit change and New Vulnerability Identified, but the dependency tracker not pushing any notifications, while analysing the logs, i have got the following.
Destination responded with with status code 400, likely indicating a processing failure (PublishContext{notificationGroup=POLICY_VIOLATION, notificationLevel=INFORMATIONAL, notificationScope=PORTFOLIO, notificationTimestamp=2024-05-21T17:09:23.602580544Z, notificationSubjects={component=Component[uuid=a3502af8-24df-4f8f-accc-4fdd49f3697a, group=null, name=redacted, version=redacted], project=Project[uuid=9c617a7a-fd4d-4132-90a6-bf14d30b7e47, name=redacted, version=null]}, ruleName=Violation, ruleScope=PORTFOLIO, ruleLevel=INFORMATIONAL})
The same log info is said for all other notifications except BOM Consumed and BOM Processed, for this both I can able to get the respective slack notifications
Dependency Tracker Version: v4.10.1 Setup: Docker container DB: AWS RDS, Aurora Postgres.
Steps to Reproduce
1.Create a policy violation 2.Configure slack web hook link in the slack alert 3.Create a Slack notification for the Policy violation
Expected Behavior
Need to get notified for the policy violations and new vulnerability identified through slack.
Dependency-Track Version
4.10.x
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
16.2
Browser
Google Chrome
Checklist