Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Cadet 3rd Class
Cadet 3rd Class
8725 views

HPE Fortify Jenkins Plugin - Post Build Action Cannot Upload FPRs

Jump to solution

My Fortify build is working great with my Jenkins pipeline, except when I get to Post-Build Actions, the HPE Security Fortify Assesment plugin fails with the following output:

HPE Security Fortify Jenkins plugin v 1.16.10
Using FPR: file:/home/bld/target/fortify/app-11.fpr
Local FPR: /tmp/44a40a2b-2c59-4263-92fc-36c0fe09f217/app-11.fpr
Uploading FPR to SSC at https://fortify.company.com/ssc/
Error uploading to SSC: https://fortify.company.com/ssc/
com.fortify.ws.client.FortifyWebServiceException: Invalid URL:  [500]
	at com.fortify.ws.client.AbstractWSClient.transformException(AbstractWSClient.java:276)
	at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:173)
	at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:142)
	at com.fortify.ws.client.ProjectClient.getProjects(ProjectClient.java:38)
	at com.fortify.plugin.jenkins.fortifyclient.ProjectCreationService.<init>(ProjectCreationService.java:42)
	at com.fortify.plugin.jenkins.fortifyclient.FortifyClient.createProject(FortifyClient.java:277)
	at com.fortify.plugin.jenkins.FPRPublisher$2.runWith(FPRPublisher.java:471)
	at com.fortify.plugin.jenkins.FPRPublisher$2.runWith(FPRPublisher.java:468)
	at com.fortify.plugin.jenkins.FPRPublisher.runWithFortifyClient(FPRPublisher.java:689)
	at com.fortify.plugin.jenkins.FPRPublisher.createNewOrGetProject(FPRPublisher.java:468)
	at com.fortify.plugin.jenkins.FPRPublisher.perform(FPRPublisher.java:268)
	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744)
	at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690)
	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1073)
	at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635)
	at hudson.model.Run.execute(Run.java:1844)
	at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:543)
	at hudson.model.ResourceController.execute(ResourceController.java:97)
	at hudson.model.Executor.run(Executor.java:429)
Caused by: org.springframework.ws.client.WebServiceTransportException:  [500]
	at org.springframework.ws.client.core.WebServiceTemplate.handleError(WebServiceTemplate.java:663)
	at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:587)
	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:537)
	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:384)
	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:378)
	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:370)
	at com.fortify.ws.client.AbstractWSClient.sendRequest(AbstractWSClient.java:163)
	... 18 more

The parameters in the Post-Build Action in the configuration of the build are correct i.e. Application Name / Version. Note that I can perform ping, CURL, and dig commands on the box with the exact build user. When I run the fortifyClient manually on that same box I can upload the FPR, however the manual process impedes the intended automation of the build. Any suggestions or direction is much appreciated.

0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Hi,

Please try removing the forward slash in the SSC URL configured in jenkins > Manage Jenkins > Configure System > Fortify Assessment

From :
https://fortify.company.com/ssc/
To : 
https://fortify.company.com/ssc

Regards,
Tejesh Chandra K H

 

View solution in original post

0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

Hi,

Please try removing the forward slash in the SSC URL configured in jenkins > Manage Jenkins > Configure System > Fortify Assessment

From :
https://fortify.company.com/ssc/
To : 
https://fortify.company.com/ssc

Regards,
Tejesh Chandra K H

 

View solution in original post

0 Likes
Cadet 3rd Class
Cadet 3rd Class

That solved my first issue however I am still receiving a failing build. Note that I am also using the Maven plugin and have failOnError = false, as outlined in the screenshots. My Maven build is marked as success from what I can see of this post-step output, however the post build HPE step, while appearing successful, marks the build as failing:. Thank you very much for your timeScreen Shot 2018-11-27 at 5.44.39 PM.pngScreen Shot 2018-11-27 at 5.44.10 PM.png

[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 28:01 min
[INFO] Finished at: 2018-11-27T05:21:35-05:00
[INFO] Final Memory: 22M/267M
[INFO] ------------------------------------------------------------------------
HPE Security Fortify Jenkins plugin v 1.16.10
Using FPR: file:/home/bld/target/fortify/app-11.fpr
Local FPR: /tmp/44a40a2b-2c59-4263-92fc-36c0fe09f217/app-11.fpr
Uploading FPR to SSC at https://fortify.company.com/ssc/
Using existing application: "app"
Application version already exists with name "1.1" under application "app".
Obtained application version id=736 for 'app (1.1)'
FPR uploaded successfully
Sleep for 1 minute(s)
Retrieving build statistics from SSC
Using existing application: "app"
Application version already exists with name "1.1" under application "app".
Obtained application version id=736 for 'app (1.1)'
Using existing application: "app"
Application version already exists with name "1.1" under application "app".
Obtained application version id=736 for 'app (1.1)'
Calculated NVS=0.000000, failedCount=0
Saving build summary
[ci-game] evaluating rule: Build result
[ci-game] evaluating rule: Increased number of passed tests
[ci-game] evaluating rule: Decreased number of passed tests
[ci-game] evaluating rule: Increased number of failed tests
[ci-game] evaluating rule: Decreased number of failed tests
[ci-game] evaluating rule: Increased number of skipped tests
[ci-game] evaluating rule: Decreased number of skipped tests
[ci-game] evaluating rule: Open HIGH priority tasks
[ci-game] evaluating rule: Open NORMAL priority tasks
[ci-game] evaluating rule: Open LOW priority tasks
[ci-game] evaluating rule: PMD violation
[ci-game] evaluating rule: pylint violation
[ci-game] evaluating rule: CPD violation
[ci-game] evaluating rule: Checkstyle violation
[ci-game] evaluating rule: FindBugs violation
[ci-game] evaluating rule: FXCop violation
[ci-game] evaluating rule: Simian violation
[ci-game] evaluating rule: StyleCop violation
[ci-game] evaluating rule: HIGH priority PMD warnings
[ci-game] evaluating rule: NORMAL priority PMD warnings
[ci-game] evaluating rule: LOW priority PMD warnings
[ci-game] evaluating rule: New HIGH priority Findbugs warnings
[ci-game] evaluating rule: New NORMAL priority Findbugs warnings
[ci-game] evaluating rule: New LOW priority Findbugs warnings
[ci-game] evaluating rule: Fixed HIGH priority Findbugs warnings
[ci-game] evaluating rule: Fixed NORMAL priority Findbugs warnings
[ci-game] evaluating rule: Fixed LOW priority Findbugs warnings
[ci-game] evaluating rule: Changed number of compiler warnings
[ci-game] evaluating rule: Changed number of checkstyle warnings
Finished: FAILURE
0 Likes
Cadet 3rd Class
Cadet 3rd Class

How do we do this in a pipeline? can someone help.

0 Likes
Micro Focus Expert
Micro Focus Expert

What version of SCA are you running? Also, can you provide the log file output after adding the -debug option?

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

 

 

Here is an example that I got from the Jenkins pipeline-syntax Snippet Generator. 

 

fortifyUpload appName: 'AppName', appVersion: '1', failureCriteria: '', filterSet: '', pollingInterval: '', resultsFile: './**/*.fpr'

0 Likes
Cadet 3rd Class
Cadet 3rd Class

Thanks you for your response. I added the following line in my pipelines steps.

stage('Fortify Upload') {
steps {
fortifyUpload appName: 'jenkinstest', appVersion: '1.0', failureCriteria: '', filterSet: '', pollingInterval: '', resultsFile: './**/*.fpr'
}
}

Getting following error, any guess where is mistake: 

java.lang.RuntimeException: Can't locate FPR file './**/*.fpr' under workspace: /var/lib/jenkins/workspace/dcos-mvn-docker-pipeline

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.