search

jenkinsci / dependency-track-plugin

Main repository for the official Dependency-Track Jenkins plugin
https://dependencytrack.org/
Apache License 2.0
44 stars 27 forks source link

Job still successful when policies violated #284

Closed rizziemma closed 1 month ago

rizziemma commented 1 month ago

Describe the bug

Trying the latest feature to set pipelines in states UNSTABLE or FAILURE is not working for us currently.

With 4 policies failure, the pipeline is still ending with state SUCCESSFUL : Image Image Image

Plugin Version

5.1.0

Jenkins Version

2.462.3

Java Version for Jenkins

21.0.4

Type of Jenkins Job

declarative pipeline

Dependency-Track Version

4.11.3

Steps to reproduce the behavior

  1. configure policies Image

  2. send a sbom with known vulnerabilities to fail policies

    dependencyTrackPublisher(artifact: sbomPath, 
        projectName: repository,
        projectVersion: tag, 
        synchronous: true, 
        dependencyTrackApiKey: API_KEY
    )

Expected behavior

The pipeline should end with FAILURE

Additional context

No response

sephiroth-j commented 1 month ago

Enabling synchronous will not automatically cause the build to fail if policy violations occur. You must also enable either one of failOnViolationFail or warnOnViolationWarn to have this happen. The former will cause a build to fail, the latter will mark it as unstable.

rizziemma commented 1 month ago

Thank you for your time @sephiroth-j I changed my pipeline and it works as expected now :

dependencyTrackPublisher(artifact: sbomPath, 
            projectName: repository,
            projectVersion: tag, 
            synchronous: true, 
            dependencyTrackApiKey: API_KEY,
            warnOnViolationWarn: true,
            failOnViolationFail: true
        )

This is not mentionned in the documentation here so may this post will help anyone confused like me