I have a Jenkins pipeline building a maven project and then executing the following stage:
stage('Apply JFrog X-Ray Scanning') {
tools { jfrog 'jfrog-cli' }
steps {
script {
// Show the installed version of JFrog CLI.
jf '-v'
// Show the configured JFrog Platform instances.
jf 'c show'
// Ping Artifactory.
jf 'rt ping'
// Start local X-Ray scan
jf "s ${WORKSPACE}/**/my-artifact.tar.gz"
}
}
Despite the fact that the scan summary displays every level of severities (from unknown to critical) in my case, the step and the stage are still marked as successful by Jenkins. (I have also tried using the --fail=true option into the command).
See attachments...
Current behavior
jf "s ${WORKSPACE}/**/my-artifact.tar.gz" does not mark the build/stage/step as unstable.
Reproduction steps
No response
Expected behavior
jf "s ${WORKSPACE}/**/my-artifact.tar.gz" to mark the build/stage/step as unstable (at least if an occurence of a medium or higher severity).
Describe the bug
I have a Jenkins pipeline building a maven project and then executing the following stage:
Despite the fact that the scan summary displays every level of severities (from unknown to critical) in my case, the step and the stage are still marked as successful by Jenkins. (I have also tried using the --fail=true option into the command). See attachments...
Current behavior
jf "s ${WORKSPACE}/**/my-artifact.tar.gz" does not mark the build/stage/step as unstable.
Reproduction steps
No response
Expected behavior
jf "s ${WORKSPACE}/**/my-artifact.tar.gz" to mark the build/stage/step as unstable (at least if an occurence of a medium or higher severity).
JFrog plugin version
1.0.5
JFrog CLI version
2.32.0
Operating system type and version
RHEL 7.7
JFrog Artifactory version
No response
JFrog Xray version
No response