mbockus / veracode-scanner Goto Github PK
View Code? Open in Web Editor NEWA jenkins plug-in for submitting files for scanning to veracode.
A jenkins plug-in for submitting files for scanning to veracode.
Veracode scan failed.
FATAL: Veracode scan failed.
org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: Veracode scan failed.
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:169)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.perform(VeracodeNotifier.java:87)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:772)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:736)
at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.cleanUp(MavenModuleSetBuild.java:1064)
at hudson.model.Run.execute(Run.java:1778)
at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:529)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:234)
Caused by: java.io.FileNotFoundException: /my directory/ (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.(FileInputStream.java:146)
at com.veracode.util.http.ClientHttpRequest.setParameter(ClientHttpRequest.java:356)
at com.veracode.util.http.ClientHttpRequest.setParameter(ClientHttpRequest.java:384)
at com.veracode.util.http.ClientHttpRequest.setParameters(ClientHttpRequest.java:408)
at com.veracode.util.http.ClientHttpRequest.post(ClientHttpRequest.java:479)
at com.veracode.util.http.ClientHttpRequest.post(ClientHttpRequest.java:585)
at com.veracode.util.http.WebClient.consumeResponse(WebClient.java:140)
at com.veracode.util.http.WebClient.uploadFile(WebClient.java:35)
at com.veracode.apiwrapper.wrappers.UploadAPIWrapper.uploadFile(UploadAPIWrapper.java:1151)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:152)
... 9 more
I am facing with this problem. As Veracode User and Veracode Password are set globally in Jenkins configuration, it is not possible for me to parameterized jenkins builds based on these settings.
I explain a bit further: Because of different roles in a developer team, not all of users can have Veracode credentials to submitt code for review. It should be necessary that these parameters can be entered programatically for security reasons and also for tracking actions. As they are globally, someone who can run a task in Jenkins can initiate an upload of code for static review with global settings.
Is it possible in newer versions to add these configurations inside Tasks (like actual Files to scan or Application Name)?
Thanks in advance.
Regards
While trying to run previously working Veracode Scanner Plugin jobs, I get an SSLHandshakeException. I was able to test with the Veracode Java API jar (current version) and the request succeeded. Could it be that the current version of the plugin is using an old version of the Java API and needs to be updated?
Jenkins ver. 1.658
java -version
java version "1.7.0_131"
OpenJDK Runtime Environment (IcedTea 2.6.9) (7u131-2.6.9-0ubuntu0.14.04.2)
OpenJDK 64-Bit Server VM (build 24.131-b00, mixed mode)
Veracode Scanner Plugin Version: 1.6
Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
FATAL: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:298)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:164)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.perform(VeracodeNotifier.java:94)
at org.jenkins_ci.plugins.run_condition.BuildStepRunner$2.run(BuildStepRunner.java:110)
at org.jenkins_ci.plugins.run_condition.BuildStepRunner$DontRun.conditionalRun(BuildStepRunner.java:264)
at org.jenkins_ci.plugins.run_condition.BuildStepRunner.perform(BuildStepRunner.java:105)
at org.jenkins_ci.plugins.flexible_publish.ConditionalPublisher.perform(ConditionalPublisher.java:183)
at org.jenkins_ci.plugins.flexible_publish.FlexiblePublisher.perform(FlexiblePublisher.java:116)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:782)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:723)
at hudson.model.Build$BuildExecution.post2(Build.java:185)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:668)
at hudson.model.Run.execute(Run.java:1763)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:410)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1989)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1096)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1139)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.veracode.util.http.ClientHttpRequest.connect(ClientHttpRequest.java:99)
at com.veracode.util.http.ClientHttpRequest.write(ClientHttpRequest.java:110)
at com.veracode.util.http.ClientHttpRequest.boundary(ClientHttpRequest.java:148)
at com.veracode.util.http.ClientHttpRequest.doPost(ClientHttpRequest.java:445)
at com.veracode.util.http.ClientHttpRequest.post(ClientHttpRequest.java:480)
at com.veracode.util.http.ClientHttpRequest.post(ClientHttpRequest.java:585)
at com.veracode.util.http.WebClient.consumeResponse(WebClient.java:140)
at com.veracode.util.http.WebClient.downloadString(WebClient.java:28)
at com.veracode.apiwrapper.wrappers.UploadAPIWrapper.getAppList(UploadAPIWrapper.java:539)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:282)
... 16 more
java -jar VeracodeJavaAPI.jar -vuser USERNAME -vpassword PASSWORD -action getapplist
<?xml version="1.0" encoding="UTF-8"?>
<applist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/2.0/applist" xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/applist https://analysiscenter.veracode.com/resource/2.0/applist.xsd" applist_version="1.2" account_id="ID">
<app app_id="ID" app_name="NAME" policy_updated_date="2017-05-08T10:42:51-04:00"/>
...SNIP...
</applist>
I build several applications from one Jenkins server and have the need to upload each application against a separate Veracode AppId. However, the configuration for the Veracode plugin _seems _to be only allow one application id globally. Is there a way to modify the application/veracode user/veracode password on a "per build" basis?
When Iām trying to upload file using the Veracode plug-in, the following error occurred:
Connection timed out: connect
java.net.ConnectException: Connection timed out: connect
FATAL: java.net.ConnectException: Connection timed out: connect
org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: java.net.ConnectException: Connection timed out: connect
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:230)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:143)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.perform(VeracodeNotifier.java:87)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:781)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:753)
ā¦.
Proxy is already set in Jenkins. And I'm able to login to veracode site via browser. Is there any additional setting required?
X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\org.springframework.expression-3.0.5.RELEASE.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\org.springframework.security.core-3.0.5.RELEASE.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\org.springframework.web-3.0.5.RELEASE.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\org.springframework.web.servlet-3.0.5.RELEASE.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\ppm.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\simplecaptcha-1.2-jdk1.5.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\suitereporting.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-api-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-core-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-jsp-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-servlet-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\tiles-template-2.2.2.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\unboundid-ldapsdk-se.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\user_console.jar -filepath X:\21022017\sam\ppm\build\output\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib\wcom.jar -filepath X:\21022017\sam\ppm\build\output\lib\CryptoTool.jar -filepath X:\21022017\sam\ppm\build\output\lib\bc-fips-1.0.0.jar -filepath X:\21022017\sam\ppm\build\output\lib\bcprov-jdk15on-1.56.jar -filepath X:\21022017\sam\ppm\build\output\lib\commons-lang-2.6.jar -filepath X:\21022017\sam\ppm\build\output\lib\esapi-2.0.1.jar -filepath X:\21022017\sam\ppm\build\output\lib\idmutils.jar -filepath X:\21022017\sam\ppm\build\output\lib\ppmService.jar -filepath X:\21022017\sam\ppm\build\output\lib\unboundid-ldapsdk-se.jar -filepath X:\21022017\suitereporting\build\dist\suitereporting.jar -filepath X:\21022017\user_console\build\dist\user_console.jar -filepath X:\21022017\user_console\build\dist\war\user_console.war\WEB-INF\lib\bc-fips-1.0.0.jar -filepath X:\21022017\user_console\build\dist\war\user_console.war\WEB-INF\lib\bcprov-jdk15on-1.56.jar -filepath X:\21022017\user_console\build\dist\war\user_console.war\WEB-INF\lib\commons-lang-2.6.jar -filepath X:\21022017\user_console\build\dist\war\user_console.war\WEB-INF\lib\user_console.jar -filepath X:\21022017\wcom\build\dist\wcom.jar -useragent "VeracodeJenkinsPlugin/18.2.5.4 (Jenkins/2.7.1; Java/1.8.0_20)"
Cannot run program "java": CreateProcess error=206, The filename or extension is too longBuild step 'Upload and Scan with Veracode' marked build as failure
Notifying upstream projects of job completion
Finished: FAILURE
I see Veracode can generate API keys -- it would be nice if this plugin could authenticate with them (and, as other issues say, do so with different values per-project).
See also: https://analysiscenter.veracode.com/auth/index.jsp#APICredentialsGenerator
I'm uploading about 260MB, and 5 minutes into the job I get:
[18.03.26
15:11:20]
[18.03.26 15:11:20] Connection reset
Error- Returned code from wrapper:2
Build step 'Upload and Scan with Veracode' marked build as failure
Finished: FAILURE`
What do you recommend I do to try to resolve?
Jenkins Console Output:
Build step 'Submit Artifacts For Veracode Scan' marked build as failure
[INFO] HipChat notification sent to the following rooms: [Removed]
Finished: SUCCESS
HipChat Output:
[Removed] Build successful after 11 sec (View build)
veracode-scanner 1.6
Hi,
We are running Jenkins 1.483 with JDK 1.7.40 on a windows 2008 R2.
We installed "veracode-scanner" 1.2 on it and configured user/pass.
while running build we are getting the following exception.
Any help will be very appreciated
Thanks,
Idan
Illegal character(s) in message header value: Basic <base_String>==
java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic <base_String>==
FATAL: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic <base_String>==
org.jenkinsci.plugins.veracodescanner.exception.VeracodeScannerException: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic <base_String>==
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:230)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.performScan(VeracodeNotifier.java:143)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.perform(VeracodeNotifier.java:87)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:36)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:717)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:692)
at hudson.model.Build$BuildExecution.cleanUp(Build.java:192)
at hudson.model.Run.execute(Run.java:1546)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:236)
Caused by: java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic <base_String>==
at sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(HttpURLConnection.java:482)
at sun.net.www.protocol.http.HttpURLConnection.isExternalMessageHeaderAllowed(HttpURLConnection.java:434)
at sun.net.www.protocol.http.HttpURLConnection.setRequestProperty(HttpURLConnection.java:2753)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.setRequestProperty(HttpsURLConnectionImpl.java:316)
at com.veracode.util.http.WebClient.setUpURLConnection(WebClient.java:76)
at com.veracode.util.http.WebClient.downloadString(WebClient.java:29)
at com.veracode.apiwrapper.wrappers.UploadAPIWrapper.getAppList(UploadAPIWrapper.java:560)
at org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.getAppId(VeracodeNotifier.java:214)
... 10 more
Currently the tmp file used to determine the last upload date is stored in the workspace. This can be an issue when you clear your workspace for your builds to clean up previous artifacts.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ššš
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ā¤ļø Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.