search

jfrog / jenkins-jfrog-plugin

Easy integration between Jenkins and the JFrog Platform.
https://github.com/jfrog/jenkins-jfrog-plugin
Apache License 2.0
39 stars 17 forks source link

JFrog plugin not marking build/stage/step as unstable based on jfrog CLI Scan result #20

Open Ceddaerrix opened 1 year ago

Ceddaerrix commented 1 year ago

Describe the bug

I have a Jenkins pipeline building a maven project and then executing the following stage:

stage('Apply JFrog X-Ray Scanning') {
tools { jfrog 'jfrog-cli' }
steps {
    script {                    
        // Show the installed version of JFrog CLI.
        jf '-v'

        // Show the configured JFrog Platform instances.
        jf 'c show'

        // Ping Artifactory.
        jf 'rt ping'

        // Start local X-Ray scan
        jf "s ${WORKSPACE}/**/my-artifact.tar.gz"
    }
}

Despite the fact that the scan summary displays every level of severities (from unknown to critical) in my case, the step and the stage are still marked as successful by Jenkins. (I have also tried using the --fail=true option into the command). See attachments...

jenkins-pipeline-jfrog-cli-xray-scan jfrog-cli-xray-scan-1 jfrog-cli-xray-scan-2

Current behavior

jf "s ${WORKSPACE}/**/my-artifact.tar.gz" does not mark the build/stage/step as unstable.

Reproduction steps

No response

Expected behavior

jf "s ${WORKSPACE}/**/my-artifact.tar.gz" to mark the build/stage/step as unstable (at least if an occurence of a medium or higher severity).

JFrog plugin version

1.0.5

JFrog CLI version

2.32.0

Operating system type and version

RHEL 7.7

JFrog Artifactory version

No response

JFrog Xray version

No response

yahavi commented 1 year ago

Thanks for reporting this issue, @Ceddaerrix! We'll look into it soon.