Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build-scan command does not log vulnerabilities #387

Open
mcanzerini opened this issue Mar 5, 2025 · 1 comment
Open

build-scan command does not log vulnerabilities #387

mcanzerini opened this issue Mar 5, 2025 · 1 comment
Labels
bug Something isn't working

Comments

@mcanzerini
Copy link

mcanzerini commented Mar 5, 2025
edited
Loading

Describe the bug

When I run the build-scan command with jfrog cli 2.64.0 on a build that contains Policy Violations, the command fails as expected but the vulnerabilities are missing in the table logs. The JSON logs work fine.

Current behavior

This is the current output I get from the build-scan command:

10:33:50 [Info] Scan of build my-app-1.0.0-snapshot is in progress
10:33:50 [Info] Waiting for Build Scan to complete...
10:34:15 [Info] The scan data is available at: https://my.artifactory.com/ui/scans-list/builds-scans/my-app-1.0.0-snapshot/scan-descendants/3236830?version=3236830&package_id=build%3A%2F%2Fmy-app-1.0.0-snapshot&build_repository=artifactory-build-info&component_id=build%3A%2F%2Fmy-app-1.0.0-snapshot%3A3236830&page_type=security-vulnerabilities&exposure_status=to_fix
10:34:15 [Info] Trace ID for JFrog Platform logs: f92eddb8471b8f44
10:34:15 [Error] One or more of the detected violations are configured to fail the build that including them
Security Violations
+-----------------------------------+
| No security violations were found |
+-----------------------------------+
License Compliance Violations
+---------------------------------------------+
| No license compliance violations were found |
+---------------------------------------------+
Operational Risk Violations
+-------------------------------------------+
| No operational risk violations were found |
+-------------------------------------------+

Reproduction steps

With jfrog-cli 2.64.0, publish a build with a policy violation, then scan the build and log the table result.

Expected behavior

10:34:15 [Error] One or more of the detected violations are configured to fail the build that including them
Security Violations
+-----------------------------------+
| **The actual violation** |
+-----------------------------------+

JFrog CLI version

2.64.0

Operating system type and version

In a docker image dotnet/sdk:8.0
@mcanzerini mcanzerini added the bug Something isn't working label Mar 5, 2025
@dNhax
Copy link

dNhax commented Mar 11, 2025

We are also affected by this, v2.67.0 seems to be the first affected version; this was also mentioned in the (possibly causing) PR: #163 (comment)

@shuvadipc shuvadipc transferred this issue from jfrog/jfrog-cli Mar 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mcanzerini @dNhax