FCLI Bug in the action Scan-Summary

[Iperez95-ot]

Current Behavior

Apparently, there is a bug in the action “fcli ssc action run appversion-summary”. I have tested a pipeline using fcli and returned the count of issues from the scan. In this case “fcli ssc issue count” and “fcli util variable contents totalCount -q totalCount>0” commands returned “No data”. When those commands return no data (meaning that there are no issues found in the scan) the fcli crashes and returns an error when attempting to run “fcli ssc action run appversion-summary”. I attached the logs of the failed pipeline run that shows the exact issue I mentioned. My assumption is the issue is in the appversion-summary.yml template (attached also here) in fcli there is some check missing for the issues count.

log_fortify_failed_pipe_run.txt

appversion-summary.zip

Alternatively, I managed to fix the issue by doing a check in the shell of the pipeline:

Expected Behavior

The pipeline should not fail/fcli should not return a java error. FCLI should return that no issues has been found.

Steps To Reproduce

Run fcli ssc action run appversion-summary in a scan that has no issues found.

Environment

OS: Ubuntu 22.4
SSC: 24.2.0
FCLI: 2.4.0

Anything else?

No response

[rsenden]

Hi @NachoFortifyLab, thanks for reporting this issue. I can reproduce this with the latest fcli version:

• If an application version doesn't have any artifacts, the appversion-summary action succeeds without errors
• If an application version has an artifact with 0 issues, the appversion-summary action throws an exception

I'll have a look at fixing this issue.