Closed santhosh042 closed 3 years ago
Overall Status: FAILURE_POLICY_VIOLATION - Detect found policy violations
Looks like the step failed because it found policy violations. Works as expected.
we have configuration to ignore handle step error as below. so my understand, if it is only policy vilation the pipeline should go ahead right, and set the step/stage as unstable. But the pipeline still fails in this step. handlePipelineStepErrors: failOnError: false
The is an issue that no maven executable is found. Maven is not included in the default Docker image. There is already an issue in piper for that: https://github.com/SAP/jenkins-library/issues/1841
Please configure a Docker image for the detect step that contains all the tools you need: https://sap.github.io/jenkins-library/steps/detectExecuteScan/
Facing same issue even after providing the vaid docker image.
'''
[2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- ======== Detect Issues ======== [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- DETECTORS: [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- /home/jenkins/agent/workspace/qm-pspa_Blackduckscan_santhosh [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Failure: MAVEN - Maven Pom [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Executing command '--settings milestoneSettings.xml -Dmaven.repo.local=/home/jenkins/agent/workspace/qm-pspa_Blackduckscan_santhosh/s4hana_pipeline/maven_local_repo dependency:tree -T1' returned a non-zero exit code 1 [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- ======== Detect Status ======== [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- MAVEN: FAILURE [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Signature scan / Snippet scan on /home/jenkins/agent/workspace/qm-pspa_Blackduckscan_santhosh: SUCCESS [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Overall Status: FAILURE_DETECTOR - Detect had one or more detector failures while extracting dependencies. Check that all projects build and your environment is configured correctly. [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- =============================== [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Detect duration: 00h 27m 11s 540ms [2020-10-15T10:16:05.179Z] error detectExecuteScan - 2020-10-15 10:15:50 ERROR [main] --- Exiting with code 5 - FAILURE_DETECTOR [2020-10-15T10:16:05.179Z] info detectExecuteScan - Result code of 5, exiting [2020-10-15T10:16:05.179Z] fatal detectExecuteScan - failed to execute detect scan - running shell script failed with /bin/bash: cmd.Run() failed: exit status 5 script returned exit code 1 '''
As per tools recommendation to replace vulas with blackduck scan. we configured blackduck scan as per the document https://sap.github.io/jenkins-library/steps/detectExecuteScan/ but facing issue with blackduck scan.
Issue Description (Mandatory)
please find the configuration below for mta. detectExecuteScan: detectTokenCredentialsId: bot_user-qmpspa groups: ["SHC - QM SUPLR PROB ANLYS OD 1.0"] projectName: 'SHC - QM SUPLR PROB ANLYS OD 1.0' projectVersion: 'master' serverUrl: 'https://sap.blackducksoftware.com' detectActive: 'mta' but the facing below error as in log. i tried setting paramter scanpaths: to maven module. still facing same issue.
The pipeline is failing in the stage: PUT NAME OF THE STAGE HERE
Thirdparty scans detectexecutescan
Log Output (Mandatory)
Link to Jenkins Job (if it can be shared)
https://qmpspa.jaas-gcp.cloud.sap.corp/blue/organizations/jenkins/qm-pspa/detail/Blackduckscan_santhosh/36/pipeline
Reproduce the Issue Locally (Mandatory)
nope
Search for existing solution beforehand (Mandatory)
searched https://stackoverflow.com/questions/tagged/sap-cloud-sdk,GitHub issue, https://github.com/SAP/cloud-s4-sdk-pipeline/blob/master/configuration.md and https://github.com/SAP/cloud-s4-sdk-pipeline/tree/master/doc/pipeline) for an answer of my issue. could not find a solution.
Please try the GitHub search, it works really well
Project Details (Mandatory)