Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update help text to mention the need for the VIEW_VULNERABILITY permission when synchronous mode is enabled #91

Closed
mcr-paulanand opened this issue Mar 29, 2022 · 0 comments · Fixed by #94
Closed

Update help text to mention the need for the VIEW_VULNERABILITY permission when synchronous mode is enabled #91

mcr-paulanand opened this issue Mar 29, 2022 · 0 comments · Fixed by #94
Assignees
@sephiroth-j
Labels
enhancement New feature or request
Milestone
v4.2.0

Comments

@mcr-paulanand
Copy link

Is your feature request related to a problem? Please describe.

  1. Setup Dependency-Track.
    • Frontend version: 4.4.0
    • Backend version: 4.4.2
  2. Configure the Dependency-Track Jenkins plugin (v4.1.1).
  3. Configure the API key with the following permissions.
    • VIEW_PORTFOLIO
    • BOM_UPLOAD
    • PROJECT_CREATION_UPLOAD
  4. Add the pipeline step to upload the BOM file with synchronous mode enabled. 
    def projectName = sh script: 'mvn help:evaluate -Dexpression=project.name -q -DforceStdout', returnStdout: true
def projectVersion = sh script: 'mvn help:evaluate -Dexpression=project.version -q -DforceStdout', returnStdout: true

withCredentials([string(credentialsId: 'dependency-track-api-key', variable: 'API_KEY')]) {
    dependencyTrackPublisher artifact: 'target/bom.xml', projectName: projectName, projectVersion: projectVersion, synchronous: true, dependencyTrackApiKey: API_KEY
}
  5. Pipeline step fails with HTTP error 403. 
    [DependencyTrack] Publishing artifact to Dependency-Track - https://xxx.xxx.xxx/
[DependencyTrack] The artifact was successfully published. You may now navigate to https://xxx.xxx.xxx/projects/ to view the results.
[DependencyTrack] Polling Dependency-Track for BOM processing status
[DependencyTrack] Looking up id of newly created project with name "xxx" and version "xxx"
[DependencyTrack] Processing findings
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
org.jenkinsci.plugins.DependencyTrack.ApiClientException: An error occurred while retrieving findings - HTTP response code: 403 Forbidden
    at org.jenkinsci.plugins.DependencyTrack.ApiClient.getFindings(ApiClient.java:190)
    at org.jenkinsci.plugins.DependencyTrack.DependencyTrackPublisher.publishAnalysisResult(DependencyTrackPublisher.java:302)
    at org.jenkinsci.plugins.DependencyTrack.DependencyTrackPublisher.perform(DependencyTrackPublisher.java:279)
    at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:101)
    at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:71)
    at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:829)
Finished: FAILURE
  6. Added the permission VIEW_VULNERABILITY to the API key.
  7. Pipeline step is successful. 
    [DependencyTrack] Publishing artifact to Dependency-Track - https://xxx.xxx.xxx/
[DependencyTrack] The artifact was successfully published. You may now navigate to https://xxx.xxx.xxx/projects/ to view the results.
[DependencyTrack] Polling Dependency-Track for BOM processing status
[DependencyTrack] Looking up id of newly created project with name "xxx" and version "xxx"
[DependencyTrack] Processing findings
[DependencyTrack] Evaluating new findings against previous build #602
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS

Describe the solution you'd like

Update the help text in the Pipeline Syntax to mention the need for the VIEW_VULNERABILITY permission to be given to the API key if the synchronous mode is enabled.

This might help someone else set this up.

Additional context

Pipeline-Syntax-Snippet-Generator-Jenkins
@mcr-paulanand mcr-paulanand added the enhancement New feature or request label Mar 29, 2022
@sephiroth-j sephiroth-j self-assigned this Apr 2, 2022
@sephiroth-j sephiroth-j added this to the v4.2.0 milestone Apr 2, 2022
sephiroth-j added a commit that referenced this issue Apr 6, 2022
@sephiroth-j
mention the need for VIEW_VULNERABILITY when using sync mode with D…
8292aed 
…Track 4.4+

fixes #91
@sephiroth-j sephiroth-j linked a pull request Apr 6, 2022 that will close this issue
modify connection test to check team permission as well #94
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sephiroth-j sephiroth-j

Labels
enhancement New feature or request
Projects
None yet
Milestone
v4.2.0
Development

Successfully merging a pull request may close this issue.

modify connection test to check team permission as well jenkinsci/dependency-track-plugin
2 participants
@sephiroth-j @mcr-paulanand