Closed 40x closed 5 years ago
stavvy-akamen
commented
5 years ago @40x The best way to verify whether the plugin is misfiring vs. Black Duck knowledge base is by checking the specific component in the Black Duck UI. Right now I am looking at our list of versions and see both 7.4.3 and 7.4.4 in our knowledge base.
Specifically the babeljs component. Will have @rottebds help you out.
rottebds
commented
5 years ago @40x this is an issue which occurs if the Black Duck Artifactory inspection module does not detect sufficient artifactory-populated metadata on the artifact to successfully identify the artifact in Black Duck. Can you confirm that npm.name and npm.version are present on the artifact? If not, can you confirm that Artifactory has populated a Module ID for the artifact? We need one of those two things to identify the artifact.
40x
commented
5 years ago When I searched for @babel/core I found 4 projects but only two with the exact names
I looked manually under number 2 which has only 5 versions and not under number 1 which has 48 versions (including 7.4.3). Does BD automatically look under the right project?
I checked the metadata on artifactory and the npm.name and npm.version fields are populated as expected:
npm.name: @babel/core npm.version: 7.4.3
PS: Sorry I am unable to upload screenshots because of some error while uploading.
rottebds
commented
5 years ago Aha! I have reproduced this on my end. Looks like we were not expecting slashes in the artifact name. I'll fix this for 7.0.0.
rottebds
commented
5 years ago Fixed by 50dc0a2c4f682a6a471375e695f7c8285a750da1
40x
commented
5 years ago @rottebds Thank you for getting this done so quickly! When can we expect this release to be rolled out?
I am not using the template to create the issue because I am unsure if this is the right place to ask this question. Please let me know how and where I should be posting this instead.
We are using blackduck for analyzing our NPM dependencies which are placed in an Artifactory Repo.
After the run, I see the following error in Artifactory against the
blackduck.inspectionStatusMessagetag under the Properties section of the package details:artifactory failed to provide sufficient information to identify the artifactI manually searched on blackduck for @babel/core and noticed that version 7.4.3 is not available in artifactory but it is available in NPM (released almost a month ago).
There are quite a few packages which are throwing similar error. Is this because that version of the package is not available in BlackDuck?
We obvious cannot control all the implicit dependencies of the packages that we wish to use. I was wondering if there is a painless resolution to this?
Thanks in advance