search

SAP-archive / cloud-s4-sdk-pipeline

The Cloud SDK pipeline uses the Cloud SDK continuous delivery server for building, checking, and deploying extension applications. Projects based on the SAP Cloud SDK archetype will automatically use this pipeline.
Apache License 2.0
65 stars 25 forks source link

BlackDuck scan issue with V40 #52

Closed santhosh042 closed 3 years ago

santhosh042 commented 3 years ago

As per tools recommendation to replace vulas with blackduck scan. we configured blackduck scan as per the document https://sap.github.io/jenkins-library/steps/detectExecuteScan/ but facing issue with blackduck scan.

Issue Description (Mandatory)

please find the configuration below for mta. detectExecuteScan: detectTokenCredentialsId: bot_user-qmpspa groups: ["SHC - QM SUPLR PROB ANLYS OD 1.0"] projectName: 'SHC - QM SUPLR PROB ANLYS OD 1.0' projectVersion: 'master' serverUrl: 'https://sap.blackducksoftware.com' detectActive: 'mta' but the facing below error as in log. i tried setting paramter scanpaths: to maven module. still facing same issue.

The pipeline is failing in the stage: PUT NAME OF THE STAGE HERE

Thirdparty scans detectexecutescan

Log Output (Mandatory)

[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] ---   /home/jenkins/agent/workspace/qm-pspa_Blackduckscan_santhosh
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] ---       Not Extractable: MAVEN - Maven Pom
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] ---           No mvn executable was found.
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- 
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- ======== Detect Result ========
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- 
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- Black Duck Project BOM: https://sap.blackducksoftware.com/api/projects/350523d6-0924-4508-9d59-4da943a992f9/versions/c12756ff-c49a-47b5-a958-fae567e580b0/components
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- 
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- ======== Detect Status ========
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- 
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- MAVEN: FAILURE
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- 
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- Signature scan / Snippet scan on /home/jenkins/agent/workspace/qm-pspa_Blackduckscan_santhosh: SUCCESS
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- Overall Status: FAILURE_POLICY_VIOLATION - Detect found policy violations.
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- 
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- ===============================
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] ---
[2020-10-15T05:30:11.616Z] info  detectExecuteScan - 2020-10-15 05:30:09 INFO  [main] --- Detect duration: 00h 02m 41s 870ms
[2020-10-15T05:30:11.616Z] error detectExecuteScan - 2020-10-15 05:30:09 ERROR [main] --- Exiting with code 3 - FAILURE_POLICY_VIOLATION
[2020-10-15T05:30:13.592Z] info  detectExecuteScan - Result code of 3, exiting
[2020-10-15T05:30:13.593Z] fatal detectExecuteScan - failed to execute detect scan - running shell script failed with /bin/bash: cmd.Run() failed: exit status 3
script returned exit code 1
Verify if file exists in workspace

Link to Jenkins Job (if it can be shared)

https://qmpspa.jaas-gcp.cloud.sap.corp/blue/organizations/jenkins/qm-pspa/detail/Blackduckscan_santhosh/36/pipeline

Reproduce the Issue Locally (Mandatory)

nope

Search for existing solution beforehand (Mandatory)

searched https://stackoverflow.com/questions/tagged/sap-cloud-sdk,GitHub issue, https://github.com/SAP/cloud-s4-sdk-pipeline/blob/master/configuration.md and https://github.com/SAP/cloud-s4-sdk-pipeline/tree/master/doc/pipeline) for an answer of my issue. could not find a solution.

Please try the GitHub search, it works really well

Project Details (Mandatory)

fwilhe commented 3 years ago

Overall Status: FAILURE_POLICY_VIOLATION - Detect found policy violations

Looks like the step failed because it found policy violations. Works as expected.

santhosh042 commented 3 years ago

we have configuration to ignore handle step error as below. so my understand, if it is only policy vilation the pipeline should go ahead right, and set the step/stage as unstable. But the pipeline still fails in this step. handlePipelineStepErrors: failOnError: false

daniel-kurzynski commented 3 years ago

The is an issue that no maven executable is found. Maven is not included in the default Docker image. There is already an issue in piper for that: https://github.com/SAP/jenkins-library/issues/1841

Please configure a Docker image for the detect step that contains all the tools you need: https://sap.github.io/jenkins-library/steps/detectExecuteScan/

santhosh042 commented 3 years ago

Facing same issue even after providing the vaid docker image.

'''

[2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- ======== Detect Issues ======== [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- DETECTORS: [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- /home/jenkins/agent/workspace/qm-pspa_Blackduckscan_santhosh [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Failure: MAVEN - Maven Pom [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Executing command '--settings milestoneSettings.xml -Dmaven.repo.local=/home/jenkins/agent/workspace/qm-pspa_Blackduckscan_santhosh/s4hana_pipeline/maven_local_repo dependency:tree -T1' returned a non-zero exit code 1 [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- ======== Detect Status ======== [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- MAVEN: FAILURE [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Signature scan / Snippet scan on /home/jenkins/agent/workspace/qm-pspa_Blackduckscan_santhosh: SUCCESS [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Overall Status: FAILURE_DETECTOR - Detect had one or more detector failures while extracting dependencies. Check that all projects build and your environment is configured correctly. [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- =============================== [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- [2020-10-15T10:16:05.179Z] info detectExecuteScan - 2020-10-15 10:15:50 INFO [main] --- Detect duration: 00h 27m 11s 540ms [2020-10-15T10:16:05.179Z] error detectExecuteScan - 2020-10-15 10:15:50 ERROR [main] --- Exiting with code 5 - FAILURE_DETECTOR [2020-10-15T10:16:05.179Z] info detectExecuteScan - Result code of 5, exiting [2020-10-15T10:16:05.179Z] fatal detectExecuteScan - failed to execute detect scan - running shell script failed with /bin/bash: cmd.Run() failed: exit status 5 script returned exit code 1 '''