Closed D0n9 closed 3 years ago
Are You sure You have provided correct mixeway api key? “api key” header.
EDIT: Fortify-ci script is out of date. I will introduce PR tonight to fix it
Are You sure You have provided correct mixeway api key? “api key” header.
EDIT: Fortify-ci script is out of date. I will introduce PR tonight to fix it
Yes, I checked the api key and I am sure it is correct. I want to implement ci/cd using Jenkins pipeline. Want to know how mixeway supports
Are You sure You have provided correct mixeway api key? “api key” header.
EDIT: Fortify-ci script is out of date. I will introduce PR tonight to fix it
Hello, siewer I want to know when Fortify-ci script can update PR
PR for removing fortify-ci script will be introduced shortly. For now pls use https://github.com/Mixeway/MixewayHub/tree/master/scripts/CIScripts it contains Fortify integration as well but introduce OWASP Dependency Track integration (which can be removed with --skipopensource)
PR for removing fortify-ci script will be introduced shortly. For now pls use https://github.com/Mixeway/MixewayHub/tree/master/scripts/CIScripts it contains Fortify integration as well but introduce OWASP Dependency Track integration (which can be removed with --skipopensource)
There are also bugs in https://github.com/Mixeway/MixewayHub/tree/master/scripts/CIScripts , such as parameter transfer
MIXEWAY_RESPONSE=$(curl --request GET --url $mixeway_url/v2/api/cicd/project/$mixeway_project_id/code/verify/$group_name/$app_name/$COMMITID --header'apikey:'"$mixeway_api_key"' '-k -s)
Some parameters are not defined to obtain, it seems to be copied fortify-fortify-ci script
Please check
I fixed the parameter transfer problem, but the interface $mixeway_url/v2/api/cicd/project/$mixeway_project_id/code/scan/$group_name/$app_name/$COMMITID still has an error (HTTP CODE 500) I am sure the apikey is correct
Reopening to see if fix works. PR was introduced and some changes to the CI Script were made.
EDIT: Now that I think of it, it may not work as expected. CIScript is getting information about repository like repo URL and pass it to MixewayBackend, next backend is contacting MixewayFortifySCARestAPI with same informations to start the scan. It may be required for User to edit created project (project -> Configuration -> Code Projects -> edit) and set password and username for repository to be cloned manually.
Reopening to see if fix works. PR was introduced and some changes to the CI Script were made.
EDIT: Now that I think of it, it may not work as expected. CIScript is getting information about repository like repo URL and pass it to MixewayBackend, next backend is contacting MixewayFortifySCARestAPI with same informations to start the scan. It may be required for User to edit created project (project -> Configuration -> Code Projects -> edit) and set password and username for repository to be cloned manually.
Mixewayhub add Fortify SCA Rest API failed
Here is my configuration, Can you tell me what is wrong with the configuration
` CN=172.80.28.4
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout pki/private.key -out pki/cert.crt -subj "/CN=$CN" &> /dev/null
openssl pkcs12 -export -inkey pki/private.key -in pki/cert.crt -out pki/certificate.p12 -name "$CN" -password pass:123456
keytool -import -alias fortifyscarestapi -file /tmp/scaapi/pki/cert.crt -storetype JKS -keystore /tmp/MixewayHub/pki/trust.jks keytool -import -alias mixeway -file /tmp/MixewayHub/pki/cert.crt -storetype JKS -keystore /tmp/scaapi/pki/trust.jks
java -jar fortifyscaapi-1.0.0-SNAPSHOT.jar \ --server.port=18888 \ --server.ssl.key-store=/tmp/scaapi/pki/certificate.p12 \ --server.ssl.key-store-password=123456 \ --server.ssl.trust-store=/tmp/scaapi/pki/trust.jks \ --server.ssl.trust-store-password=123456 \ --allowed.user=172.80.28.4
`
It should work. Is there anything in MixewayBackend or MixewayFortifySCARestAPI log?
closed due to inactivity
Mixway all API 500 error code,How to solve it
error log
MixerBackend | 2020-11-23 16:31:17.151 ERROR 1 --- [nio-8443-exec-8] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception MixerBackend | MixerBackend | java.lang.NullPointerException: null MixerBackend | at io.mixeway.rest.utils.JwtUserDetailsService.loadUserByApiKeyAndRequestUri(JwtUserDetailsService.java:92) ~[classes!/:0.9] MixerBackend | at io.mixeway.rest.utils.JwtRequestFilter.doFilterInternal(JwtRequestFilter.java:42) ~[classes!/:0.9] MixerBackend | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.8.RELEASE.jar!/:5.2.8.RELEASE] MixerBackend | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.8.RELEASE.jar!/:5.2.8.RELEASE] MixerBackend | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.8.RELEASE.jar!/:5.2.8.RELEASE] MixerBackend | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.8.RELEASE.jar!/:5.2.8.RELEASE] MixerBackend | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE] MixerBackend | at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.2.8.RELEASE.jar!/:5.2.8.RELEASE] MixerBackend | at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.2.8.RELEASE.jar!/:5.2.8.RELEASE] MixerBackend | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.8.RELEASE.jar!/:5.2.8.RELEASE] MixerBackend | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.8.RELEASE.jar!/:5.2.8.RELEASE] MixerBackend | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at io.mixeway.config.HstsHeaderPerventionFilter.doFilter(HstsHeaderPerventionFilter.java:39) ~[classes!/:0.9] MixerBackend | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_212] MixerBackend | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_212] MixerBackend | at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.37.jar!/:9.0.37] MixerBackend | at java.lang.Thread.run(Thread.java:748) [na:1.8.0_212] MixerBackend | MixerFrontend | 172.30.17.140 - - [23/Nov/2020:16:31:17 +0000] "GET /v2/api/cicd/project/webgoat/code/verify/test/webgoat/1e7e110069286fdc5ea1b6a0fd04891b7b6813f5 HTTP/1.1" 500 200 "-" "curl/7.29.0"