ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.
Cadet 1st Class
Cadet 1st Class
150 views

Unable to read the build session file (possibly because of an incompatible format version).

I am running fortify from the maven plugins in Jenkins. Fortify is installed as root in /opt/Fortify/... on the Jenkins machine, Jenkins runs as the jenkins user.

It fails in the scan.

How can I fix this?

Where is the fortify log?

What are the debugging properties?

This worked once in 16.10.

[2021-04-07T19:52:15.822Z] [main] INFO org.apache.maven.cli.event.ExecutionEventLogger - --- sca-maven-plugin:19.2.2:clean (default-cli) @ pcp-update ---
[2021-04-07T19:52:15.825Z] [main] INFO com.fortify.sca.plugins.maven.CleanMojo - Aggregate: true
[2021-04-07T19:52:15.825Z] [main] INFO com.fortify.sca.plugins.maven.CleanMojo - Index of Project: 108/108
[2021-04-07T19:52:15.825Z] [main] INFO com.fortify.sca.plugins.maven.CleanMojo - Packaging Type: ear
[2021-04-07T19:52:15.825Z] [main] INFO com.fortify.sca.plugins.maven.CleanMojo - Base Dir: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment
[2021-04-07T19:52:15.825Z] [main] INFO com.fortify.sca.plugins.maven.CleanMojo - POM: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment/pom.xml
[2021-04-07T19:52:15.826Z] [main] INFO com.fortify.sca.plugins.maven.CleanMojo - Skipping to clean in aggregate mode
[2021-04-07T19:52:15.826Z] [main] INFO org.apache.maven.cli.event.ExecutionEventLogger - 
[2021-04-07T19:52:15.826Z] [main] INFO org.apache.maven.cli.event.ExecutionEventLogger - --- sca-maven-plugin:19.2.2:translate (default-cli) @ pcp-update ---
[2021-04-07T19:52:15.826Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Aggregate: true
[2021-04-07T19:52:15.826Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Index of Project: 108/108
[2021-04-07T19:52:15.826Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Packaging Type: ear
[2021-04-07T19:52:15.827Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Base Dir: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment
[2021-04-07T19:52:15.827Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - POM: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment/pom.xml
[2021-04-07T19:52:15.827Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Fail on Error: false
[2021-04-07T19:52:15.827Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Translating pom.xml...
[2021-04-07T19:52:15.827Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Build ID: a3-7.1.0
[2021-04-07T19:52:15.827Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Executing Command: /bin/sh -c cd /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment && /opt/Fortify/Fortify_SCA_and_Apps_19.2.3/bin/sourceanalyzer -Xmx3g @/opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment/target/fortify/sca-translate-pcp-update-pom.txt
[2021-04-07T19:52:17.694Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Resources: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment/src/main/resources
[2021-04-07T19:52:17.694Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Translating main...
[2021-04-07T19:52:17.694Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Build ID: a3-7.1.0
[2021-04-07T19:52:17.694Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Source: 1.8
[2021-04-07T19:52:17.694Z] [main] INFO com.fortify.sca.plugins.maven.TranslateMojo - Executing Command: /bin/sh -c cd /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment && /opt/Fortify/Fortify_SCA_and_Apps_19.2.3/bin/sourceanalyzer -Xmx3g @/opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment/target/fortify/sca-translate-pcp-update-main.txt
[2021-04-07T19:52:19.592Z] [main] INFO org.apache.maven.cli.event.ExecutionEventLogger - 
[2021-04-07T19:52:19.592Z] [main] INFO org.apache.maven.cli.event.ExecutionEventLogger - --- sca-maven-plugin:19.2.2:scan (default-cli) @ pcp-update ---
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Aggregate: true
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Index of Project: 108/108
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Packaging Type: ear
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Base Dir: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - POM: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment/pom.xml
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Fail on Error: false
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Scanning...
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Build ID: a3-7.1.0
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Build Label: pcp-update-7.1.0
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Build Project: pcp-update
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Build Version: 7.1.0
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Results File: a3-7.1.0.fpr
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Findbugs: true
[2021-04-07T19:52:19.592Z] [main] INFO com.fortify.sca.plugins.maven.ScanMojo - Executing Command: /bin/sh -c cd /opt/jenkins/workspace/emaip-enrollment_develop && /opt/Fortify/Fortify_SCA_and_Apps_19.2.3/bin/sourceanalyzer -Xmx3g @/opt/jenkins/workspace/emaip-enrollment_develop/target/fortify/sca-scan-a3.txt
[2021-04-07T19:52:12.615Z] 
[2021-04-07T19:52:12.615Z] main:
[2021-04-07T19:52:12.615Z]      [echo] Include enrollment Service only
[2021-04-07T19:52:12.646Z]      [echo] Repackage the EAR file
[2021-04-07T19:52:12.664Z]       [ear] Building ear: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment/target/pcp-update-7.1.0.ear
[2021-04-07T19:52:15.806Z]       [ear] Warning: selected ear files include a META-INF/application.xml which will be ignored (please use appxml attribute to ear task)
[2021-04-07T19:52:17.005Z] Fortify Static Code Analyzer 19.2.3.0006 (using JRE 1.8.0_181)
[2021-04-07T19:52:18.905Z] Fortify Static Code Analyzer 19.2.3.0006 (using JRE 1.8.0_181)
[2021-04-07T19:52:23.369Z] [main] ERROR com.fortify.sca.plugins.maven.ScanMojo - Command exited with code 1.
[2021-04-07T19:52:23.369Z] [error]: Unable to read the build session file (possibly because of an incompatible format version).  Some entries may be lost.
[2021-04-07T19:52:23.369Z] org.exolab.castor.xml.MarshalException: XML document structures must start and end within the same entity.
[2021-04-07T19:52:23.369Z] 	at org.exolab.castor.xml.Unmarshaller.convertSAXExceptionToMarshalException(Unmarshaller.java:794) ~[castor-xml-1.3.1.jar:$VERSION$$RELEASE$]
[2021-04-07T19:52:23.369Z] 	at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:760) ~[castor-xml-1.3.1.jar:$VERSION$$RELEASE$]
[2021-04-07T19:52:23.369Z] 	at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:626) ~[castor-xml-1.3.1.jar:$VERSION$$RELEASE$]
[2021-04-07T19:52:23.369Z] 	at com.fortify.sca.metadata.BuildSession.unmarshal(BuildSession.java:1635) ~[fortify-sca-19.2.3.0006.jar:?]
[2021-04-07T19:52:23.369Z] 	at com.fortify.sca.metadata.BuildSession.read(BuildSession.java:1429) [fortify-sca-19.2.3.0006.jar:?]
[2021-04-07T19:52:23.369Z] 	at com.fortify.sca.metadata.BuildSession.load_(BuildSession.java:1254) [fortify-sca-19.2.3.0006.jar:?]
[2021-04-07T19:52:23.369Z] 	at com.fortify.sca.metadata.BuildSession.load(BuildSession.java:1173) [fortify-sca-19.2.3.0006.jar:?]
[2021-04-07T19:52:23.369Z] 	at com.fortify.sca.Main.getBuildSession(Main.java:253) [fortify-sca-19.2.3.0006.jar:?]
[2021-04-07T19:52:23.369Z] 	at com.fortify.sca.Main.requireBuildSession(Main.java:275) [fortify-sca-19.2.3.0006.jar:?]
[2021-04-07T19:52:23.369Z] 	at com.fortify.sca.Main.access$700(Main.java:75) [fortify-sca-19.2.3.0006.jar:?]
[2021-04-07T19:52:23.369Z] 	at com.fortify.sca.Main$Sourceanalyzer.run(Main.java:590) [fortify-sca-19.2.3.0006.jar:?]
[2021-04-07T19:52:23.369Z] Caused by: org.xml.sax.SAXParseException: XML document structures must start and end within the same entity.
[2021-04-07T19:52:23.369Z] 	at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.369Z] 	at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.369Z] 	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.369Z] 	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.369Z] 	at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.369Z] 	at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.369Z] 	at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.endEntity(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.370Z] 	at org.apache.xerces.impl.XMLDocumentScannerImpl.endEntity(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.370Z] 	at org.apache.xerces.impl.XMLEntityManager.endEntity(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.370Z] 	at org.apache.xerces.impl.XMLEntityScanner.load(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.370Z] 	at org.apache.xerces.impl.XMLEntityScanner.scanContent(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.370Z] 	at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanContent(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.370Z] 	at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.370Z] 	at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.370Z] 	at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.370Z] 	at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.371Z] 	at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.371Z] 	at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.371Z] 	at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ~[xercesImpl-2.11.0.jar:?]
[2021-04-07T19:52:23.371Z] 	at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:748) ~[castor-xml-1.3.1.jar:$VERSION$$RELEASE$]
[2021-04-07T19:52:23.371Z] 	... 9 more
[2021-04-07T19:52:23.373Z] [error]: An error was encountered while writing to file /home/jenkins/.fortify/sca19.2/build/a3-7.1.0.scasession.update
[2021-04-07T19:52:23.373Z] [error]: Unable to load build session. See log file for more details.
[2021-04-07T19:52:23.373Z] [error]: Unable to load build session with ID "a3-7.1.0". See log file for more details.
[2021-04-07T19:52:23.373Z] 
[2021-04-07T19:52:23.373Z] [main] INFO org.apache.maven.cli.event.ExecutionEventLogger - 
[2021-04-07T19:52:23.373Z] [main] INFO org.apache.maven.cli.event.ExecutionEventLogger - --- sca-maven-plugin:19.2.2:upload (default-cli) @ pcp-update ---
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - Aggregate: true
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - Index of Project: 108/108
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - Packaging Type: ear
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - Base Dir: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - POM: /opt/jenkins/workspace/emaip-enrollment_develop/Applications/sca-services/enrollment/service/pcp-update-deployment/pom.xml
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - Uploading analysis result to SSC...
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - 
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - EMAIP_Enrollment
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - 0.0.1
[2021-04-07T19:52:23.373Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - File: a3-7.1.0.fpr
[2021-04-07T19:52:23.374Z] [main] INFO com.fortify.sca.plugins.maven.UploadMojo - Executing Command: /bin/sh -c cd /opt/jenkins/workspace/emaip-enrollment_develop && /opt/Fortify/Fortify_SCA_and_Apps_19.2.3/bin/fortifyclient uploadFPR -f /opt/jenkins/workspace/emaip-enrollment_develop/target/fortify/a3-7.1.0.fpr -project EMAIP_Enrollment -version 0.0.1 -authtoken 2b9c8c73-a324-4227-aa6f-203c9e6a7fbc -url http://rc-lx2589:8080/ssc
[2021-04-07T19:52:23.679Z] [main] ERROR com.fortify.sca.plugins.maven.UploadMojo - Command exited with code 1.

This is the Jenkins build step - as you can see it resolves artifacts from Artifactory.

rtMavenRun (
  tool: "maven",
  pom: "${POM}",
  opts: "-Dfile.encoding=Cp1252 -Dmaven.install.skip=true -maven.test.skip=true -Denv=shared-dev",
  goals: "dependency:purge-local-repository \
          clean verify \
          com.fortify.sca.plugins.maven:sca-maven-plugin:19.2.2:clean \
          com.fortify.sca.plugins.maven:sca-maven-plugin:19.2.2:translate \
          com.fortify.sca.plugins.maven:sca-maven-plugin:19.2.2:scan \
          com.fortify.sca.plugins.maven:sca-maven-plugin:19.2.2:upload \
          -Dfortify.sca.sourceanalyzer.executable=${FORTIFY_HOME}/bin/sourceanalyzer \
          -Dfortify.fortifyclient.executable=${FORTIFY_HOME}/bin/fortifyclient \
          -Dfortify.sca.source.version=1.8 \
          -Dfortify.sca.encoding=Cp1252 \
          -Dfortify.sca.findbugs=true \
          -Dfortify.sca.Xmx=3g \
          -Dfortify.ssc.authToken=${FORTIFY_SSC_AUTHTOKEN} \
          -Dfortify.ssc.url=${FORTIFY_SSC_URL} \
          -Dfortify.ssc.applicationName=${NAME} \
          -Dfortify.ssc.applicationVersion=${VERSION} \
          -Dmaven.test.skip=true \
          -Dmaven.test.failure.ignore=true \
          -Dmaven.repo.local=${LOCAL_REPOSITORY} \
          -D  org.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
          --no-transfer-progress \
          -B",
 deployerId: "MAVEN_DEPLOYER",
 resolverId: "MAVEN_RESOLVER",
 buildName: "${BUILD_TAG}",
 buildNumber: "${BUILD_NUMBER}"
)

 

0 Likes
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.