You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently DD retries calls to JIRA 3 times. For 401 unauthorized errors this is not needed/desired. And maybe not even for other calls as well because it may result in 3 findings being created. It might be better to show the error to the user and let the use decide to retry / refresh / etc.
dojo_async_task: running task in the foreground as block_execution is set to True for admin
trying to create a new jira issue for 49871:app-1.0.0-SNAPSHOT.war: Groovy-2.2.2.jar | CVE-2015-3253
Trying to create a new JIRA issue for finding 49871...
Starting new HTTPS connection (1): jira-uat.isaac.nl:443
https://jira:443 "GET /rest/api/2/serverInfo HTTP/1.1" 401 None
Got recoverable error from GET https://jira-uat.isaac.nl/rest/api/2/serverInfo, will retry [1/3] in 6.240514827858767s. Err: 401
https://jira:443 "GET /rest/api/2/serverInfo HTTP/1.1" 401 None
Got recoverable error from GET https://jira-uat.isaac.nl/rest/api/2/serverInfo, will retry [2/3] in 24.53720235545771s. Err: 401
https://jira:443 "GET /rest/api/2/serverInfo HTTP/1.1" 401 None
Got recoverable error from GET https://jira-uat.isaac.nl/rest/api/2/serverInfo, will retry [3/3] in 54.21921545508111s. Err: 401
https://jira:443 "GET /rest/api/2/serverInfo HTTP/1.1" 401 None
JiraError HTTP 401 url: https://jira-uat.isaac.nl/rest/api/2/serverInfo
text:
The text was updated successfully, but these errors were encountered:
@valentijnscholten@Maffooch
After reviewing this issue and reproducing the same errors in Dojo with a JIRA cloud instance it appears that a solution is out of reach. When it comes to the basic authentication errors like 401 and 403, the 3 default JIRA calls cannot be controlled from the Dojo side. Unfortunately, any code fixes or modifications to the relevant files in DefectDojo won’t change what JIRA has for its connection calls.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
On our project, we're calling https://jira.example.com/rest/api/2/issue/ABC-123 in a loop in a cron job, and roughly 1 in a thousand calls fails with HTTP 401 (even though the previous call and the next cron job with same auth had successful responses).
according to HTTP you shouldn't retry on these, but I haven't seen any Jira REST API docs for whether a retry loop is a good approach or not...
Currently DD retries calls to JIRA 3 times. For 401 unauthorized errors this is not needed/desired. And maybe not even for other calls as well because it may result in 3 findings being created. It might be better to show the error to the user and let the use decide to retry / refresh / etc.
The text was updated successfully, but these errors were encountered: