Open instinet-lewis-boon opened 3 years ago
DarthHater
commented
3 years ago @instinet-lewis-boon I'll forward this to the team that works on IQ, I believe it's because we use two different APIs. AuditJS uses what is referred to as the Third Party API. Thanks for filing an issue!
DarthHater
commented
3 years ago Couple questions for you:
instinet-lewis-boon
commented
3 years ago Hi, sorry for the slow reply. We're using Nexus IQ v102.
So we've been previously using the Nexus IQ Evaluator jar to scan application's node_modules directory. We created a user in Nexus IQ to do this. It was given the Application Evaluator role on the application. This works successfully.
When trying out AuditJS, the same credentials didn't work until we gave the user the Developer role.
Does that help?
DarthHater
commented
3 years ago Yes, that helps quite a bit! I'll check with some people and see what I can figure out.
bhamail
commented
3 years ago FWIW, I confirmed this is still an issue, and adding the Developer role fixes the the error.
Example from a Jenkins build:
Submitting your dependencies
[91m[2021-07-27T16:49:36.305] [ERROR] auditjs - [39mThere was an issue auditing your application! Error: Error: No valid ID on response from Nexus IQ, potentially check the public application ID you are using
at IqRequestService.<anonymous> (/home/pi/.npm/_npx/9095/lib/node_modules/auditjs/bin/Services/IqRequestService.js:55:23)
at Generator.throw (<anonymous>)
at rejected (/home/pi/.npm/_npx/9095/lib/node_modules/auditjs/bin/Services/IqRequestService.js:21:65)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
Build step 'Execute shell' marked build as failure
vinishakurapati
commented
2 years ago @bhamail @DarthHater Hi, I am facing the same issue so I changed the role from "Application evaluator" to "Developer" but build is failing with a new error, Not sure what is causing this step failure, should the nexus user that is used in the command be given both developer and application evaluator role?
C:\Jenkins\workspace\development_application -frontend>npx auditjs iq -a application id in IQ -s build -h http://grs-sonatype1.company-server.linux:8080/ -u **** -p ****
npx: installed 105 in 19.408s
_ _ _ _
/_) /__ _ _ _/_ _ _ (/ /_._ _ _/ _
/_)/_/ ._//_// //_|/ /_//_//_' (_X / ///_'/ //_/_\
_/ _//
AuditJS version: 4.0.37
- Starting application
√ Starting application
- Getting coordinates for Sonatype IQ
√ Getting coordinates for Sonatype IQ
- Auditing your application with Sonatype IQ
√ Auditing your application with Sonatype IQ
- Authenticating with Sonatype IQ
√ Authenticating with Sonatype IQ
- Submitting your dependencies
× Submitting your dependencies
[91m[2022-05-04T01:37:18.832] [ERROR] auditjs - [39mThere was an issue auditing your application! Error: Unable to submit to Third Party API
at IqRequestService.<anonymous> (C:\Users\jenkins\AppData\Roaming\npm-cache\_npx\8484\node_modules\auditjs\bin\Services\IqRequestService.js:104:23)
at Generator.next (<anonymous>)
at fulfilled (C:\Users\jenkins\AppData\Roaming\npm-cache\_npx\8484\node_modules\auditjs\bin\Services\IqRequestService.js:20:58)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
Build step 'Execute Windows batch command' marked build as failure
@bhamail @DarthHater Hi, I am facing the same issue so I changed the role from "Application evaluator" to "Developer" but build is failing with a new error, Not sure what is causing this step failure, should the nexus user that is used in the command be given both developer and application evaluator role?
C:\Jenkins\workspace\development_application -frontend>npx auditjs iq -a application id in IQ -s build -h http://grs-sonatype1.company-server.linux:8080/ -u **** -p **** npx: installed 105 in 19.408s _ _ _ _ /_) /__ _ _ _/_ _ _ (/ /_._ _ _/ _ /_)/_/ ._//_// //_|/ /_//_//_' (_X / ///_'/ //_/_\ _/ _// AuditJS version: 4.0.37 - Starting application √ Starting application - Getting coordinates for Sonatype IQ √ Getting coordinates for Sonatype IQ - Auditing your application with Sonatype IQ √ Auditing your application with Sonatype IQ - Authenticating with Sonatype IQ √ Authenticating with Sonatype IQ - Submitting your dependencies × Submitting your dependencies �[91m[2022-05-04T01:37:18.832] [ERROR] auditjs - �[39mThere was an issue auditing your application! Error: Unable to submit to Third Party API at IqRequestService.<anonymous> (C:\Users\jenkins\AppData\Roaming\npm-cache\_npx\8484\node_modules\auditjs\bin\Services\IqRequestService.js:104:23) at Generator.next (<anonymous>) at fulfilled (C:\Users\jenkins\AppData\Roaming\npm-cache\_npx\8484\node_modules\auditjs\bin\Services\IqRequestService.js:20:58) at processTicksAndRejections (internal/process/task_queues.js:97:5) Build step 'Execute Windows batch command' marked build as failure
@vinishakurapati Yes, please give that a try and report your findings.
Describe the bug
AuditJS fails with the following if it hasn't been given the Developer role on the application.
To Reproduce Steps to reproduce the behavior:
Application Evaulatorfor the application you want to scan.DeveloperExpected behavior A clear and concise description of what you expected to happen.
The Nexus IQ evaluator jar works with only the Application Evaluator role. It would be good to have the same consistency with AuditJS.
Desktop (please complete the following information):