HPE Fortify Jenkins Plugin - Post Build Action Cannot Upload FPRs

My Fortify build is working great with my Jenkins pipeline, except when I get to Post-Build Actions, the HPE Security Fortify Assesment plugin fails with the following output:

HPE Security Fortify Jenkins plugin v 1.16.10
Using FPR: file:/home/bld/target/fortify/app-11.fpr
Local FPR: /tmp/44a40a2b-2c59-4263-92fc-36c0fe09f217/app-11.fpr
Uploading FPR to SSC at https://fortify.company.com/ssc/
Error uploading to SSC: https://fortify.company.com/ssc/
com.fortify.ws.client.FortifyWebServiceException: Invalid URL:  [500]
	at com.fortify.ws.client.AbstractWSClient.transformException(AbstractWSClient.java:276)
	at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:173)
	at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:142)
	at com.fortify.ws.client.ProjectClient.getProjects(ProjectClient.java:38)
	at com.fortify.plugin.jenkins.fortifyclient.ProjectCreationService.<init>(ProjectCreationService.java:42)
	at com.fortify.plugin.jenkins.fortifyclient.FortifyClient.createProject(FortifyClient.java:277)
	at com.fortify.plugin.jenkins.FPRPublisher$2.runWith(FPRPublisher.java:471)
	at com.fortify.plugin.jenkins.FPRPublisher$2.runWith(FPRPublisher.java:468)
	at com.fortify.plugin.jenkins.FPRPublisher.runWithFortifyClient(FPRPublisher.java:689)
	at com.fortify.plugin.jenkins.FPRPublisher.createNewOrGetProject(FPRPublisher.java:468)
	at com.fortify.plugin.jenkins.FPRPublisher.perform(FPRPublisher.java:268)
	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744)
	at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690)
	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1073)
	at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635)
	at hudson.model.Run.execute(Run.java:1844)
	at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:543)
	at hudson.model.ResourceController.execute(ResourceController.java:97)
	at hudson.model.Executor.run(Executor.java:429)
Caused by: org.springframework.ws.client.WebServiceTransportException:  [500]
	at org.springframework.ws.client.core.WebServiceTemplate.handleError(WebServiceTemplate.java:663)
	at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:587)
	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:537)
	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:384)
	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:378)
	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:370)
	at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:163)
	... 18 more

The parameters in the Post-Build Action in the configuration of the build are correct i.e. Application Name / Version. Note that I can perform ping, CURL, and dig commands on the box with the exact build user. When I run the fortifyClient manually on that same box I can upload the FPR, however the manual process impedes the intended automation of the build. Any suggestions or direction is much appreciated.

Parents
  • Verified Answer

    Hi,

    Please try removing the forward slash in the SSC URL configured in jenkins > Manage Jenkins > Configure System > Fortify Assessment

    From :
    https://fortify.company.com/ssc/
    To : 
    https://fortify.company.com/ssc

    Regards,
    Tejesh Chandra K H

     

  • That solved my first issue however I am still receiving a failing build. Note that I am also using the Maven plugin and have failOnError = false, as outlined in the screenshots. My Maven build is marked as success from what I can see of this post-step output, however the post build HPE step, while appearing successful, marks the build as failing:. Thank you very much for your timeScreen Shot 2018-11-27 at 5.44.39 PM.pngScreen Shot 2018-11-27 at 5.44.10 PM.png

    [INFO] BUILD SUCCESS
    [INFO] ------------------------------------------------------------------------
    [INFO] Total time: 28:01 min
    [INFO] Finished at: 2018-11-27T05:21:35-05:00
    [INFO] Final Memory: 22M/267M
    [INFO] ------------------------------------------------------------------------
    HPE Security Fortify Jenkins plugin v 1.16.10
    Using FPR: file:/home/bld/target/fortify/app-11.fpr
    Local FPR: /tmp/44a40a2b-2c59-4263-92fc-36c0fe09f217/app-11.fpr
    Uploading FPR to SSC at fortify.company.com/.../
    Using existing application: "app"
    Application version already exists with name "1.1" under application "app".
    Obtained application version id=736 for 'app (1.1)'
    FPR uploaded successfully
    Sleep for 1 minute(s)
    Retrieving build statistics from SSC
    Using existing application: "app"
    Application version already exists with name "1.1" under application "app".
    Obtained application version id=736 for 'app (1.1)'
    Using existing application: "app"
    Application version already exists with name "1.1" under application "app".
    Obtained application version id=736 for 'app (1.1)'
    Calculated NVS=0.000000, failedCount=0
    Saving build summary
    [ci-game] evaluating rule: Build result
    [ci-game] evaluating rule: Increased number of passed tests
    [ci-game] evaluating rule: Decreased number of passed tests
    [ci-game] evaluating rule: Increased number of failed tests
    [ci-game] evaluating rule: Decreased number of failed tests
    [ci-game] evaluating rule: Increased number of skipped tests
    [ci-game] evaluating rule: Decreased number of skipped tests
    [ci-game] evaluating rule: Open HIGH priority tasks
    [ci-game] evaluating rule: Open NORMAL priority tasks
    [ci-game] evaluating rule: Open LOW priority tasks
    [ci-game] evaluating rule: PMD violation
    [ci-game] evaluating rule: pylint violation
    [ci-game] evaluating rule: CPD violation
    [ci-game] evaluating rule: Checkstyle violation
    [ci-game] evaluating rule: FindBugs violation
    [ci-game] evaluating rule: FXCop violation
    [ci-game] evaluating rule: Simian violation
    [ci-game] evaluating rule: StyleCop violation
    [ci-game] evaluating rule: HIGH priority PMD warnings
    [ci-game] evaluating rule: NORMAL priority PMD warnings
    [ci-game] evaluating rule: LOW priority PMD warnings
    [ci-game] evaluating rule: New HIGH priority Findbugs warnings
    [ci-game] evaluating rule: New NORMAL priority Findbugs warnings
    [ci-game] evaluating rule: New LOW priority Findbugs warnings
    [ci-game] evaluating rule: Fixed HIGH priority Findbugs warnings
    [ci-game] evaluating rule: Fixed NORMAL priority Findbugs warnings
    [ci-game] evaluating rule: Fixed LOW priority Findbugs warnings
    [ci-game] evaluating rule: Changed number of compiler warnings
    [ci-game] evaluating rule: Changed number of checkstyle warnings
    Finished: FAILURE
Reply
  • That solved my first issue however I am still receiving a failing build. Note that I am also using the Maven plugin and have failOnError = false, as outlined in the screenshots. My Maven build is marked as success from what I can see of this post-step output, however the post build HPE step, while appearing successful, marks the build as failing:. Thank you very much for your timeScreen Shot 2018-11-27 at 5.44.39 PM.pngScreen Shot 2018-11-27 at 5.44.10 PM.png

    [INFO] BUILD SUCCESS
    [INFO] ------------------------------------------------------------------------
    [INFO] Total time: 28:01 min
    [INFO] Finished at: 2018-11-27T05:21:35-05:00
    [INFO] Final Memory: 22M/267M
    [INFO] ------------------------------------------------------------------------
    HPE Security Fortify Jenkins plugin v 1.16.10
    Using FPR: file:/home/bld/target/fortify/app-11.fpr
    Local FPR: /tmp/44a40a2b-2c59-4263-92fc-36c0fe09f217/app-11.fpr
    Uploading FPR to SSC at fortify.company.com/.../
    Using existing application: "app"
    Application version already exists with name "1.1" under application "app".
    Obtained application version id=736 for 'app (1.1)'
    FPR uploaded successfully
    Sleep for 1 minute(s)
    Retrieving build statistics from SSC
    Using existing application: "app"
    Application version already exists with name "1.1" under application "app".
    Obtained application version id=736 for 'app (1.1)'
    Using existing application: "app"
    Application version already exists with name "1.1" under application "app".
    Obtained application version id=736 for 'app (1.1)'
    Calculated NVS=0.000000, failedCount=0
    Saving build summary
    [ci-game] evaluating rule: Build result
    [ci-game] evaluating rule: Increased number of passed tests
    [ci-game] evaluating rule: Decreased number of passed tests
    [ci-game] evaluating rule: Increased number of failed tests
    [ci-game] evaluating rule: Decreased number of failed tests
    [ci-game] evaluating rule: Increased number of skipped tests
    [ci-game] evaluating rule: Decreased number of skipped tests
    [ci-game] evaluating rule: Open HIGH priority tasks
    [ci-game] evaluating rule: Open NORMAL priority tasks
    [ci-game] evaluating rule: Open LOW priority tasks
    [ci-game] evaluating rule: PMD violation
    [ci-game] evaluating rule: pylint violation
    [ci-game] evaluating rule: CPD violation
    [ci-game] evaluating rule: Checkstyle violation
    [ci-game] evaluating rule: FindBugs violation
    [ci-game] evaluating rule: FXCop violation
    [ci-game] evaluating rule: Simian violation
    [ci-game] evaluating rule: StyleCop violation
    [ci-game] evaluating rule: HIGH priority PMD warnings
    [ci-game] evaluating rule: NORMAL priority PMD warnings
    [ci-game] evaluating rule: LOW priority PMD warnings
    [ci-game] evaluating rule: New HIGH priority Findbugs warnings
    [ci-game] evaluating rule: New NORMAL priority Findbugs warnings
    [ci-game] evaluating rule: New LOW priority Findbugs warnings
    [ci-game] evaluating rule: Fixed HIGH priority Findbugs warnings
    [ci-game] evaluating rule: Fixed NORMAL priority Findbugs warnings
    [ci-game] evaluating rule: Fixed LOW priority Findbugs warnings
    [ci-game] evaluating rule: Changed number of compiler warnings
    [ci-game] evaluating rule: Changed number of checkstyle warnings
    Finished: FAILURE
Children