Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33603

SourceControl Type is not supported

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Not A Defect
    • checkmarx-plugin
    • None
    • Jenkins LTS v1.642.2 (Ubuntu master)
      Checkmarx plugin v8.0.0

    Description

      If you use Jenkins to trigger a scan that is configured to pull code from Source Control, it will always fail. The plugin will still attempt to zip up the workspace, and will fail with errors becuase there are no files to zip and submit.

      I think the plugin should check to see if the prohect's .SrcCodeSettings.SourceOrigin == SourceLocationType.SourceControl, and skip the zip process if true.

      Attachments

        Activity

          Explanation given

          checkmarxsupport Checkmarx Support added a comment - Explanation given
          elordahl Eric Lordahl added a comment -

          Good to know.

          While i still think it would be beneficial to bypass zipping & uploading for Source-Control projects, I understand the functionality now. Thank you.

          elordahl Eric Lordahl added a comment - Good to know. While i still think it would be beneficial to bypass zipping & uploading for Source-Control projects, I understand the functionality now. Thank you.

          Eric,

          When initiating the scan from/by Jenkins - the configuration in the web interface of Cx for Source Control will not make any difference as the code will be uploaded from the Jenkins - ignoring the settings in the web interface. Only if you initiate the scan from Cx Web Interface the code will be taken from where it is configured in the web interface..

          Make sense?

          checkmarxsupport Checkmarx Support added a comment - Eric, When initiating the scan from/by Jenkins - the configuration in the web interface of Cx for Source Control will not make any difference as the code will be uploaded from the Jenkins - ignoring the settings in the web interface. Only if you initiate the scan from Cx Web Interface the code will be taken from where it is configured in the web interface.. Make sense?
          elordahl Eric Lordahl added a comment -

          Understood---We're using the Jenkins plugin w/ Git and TFS projects. However, there is an open-issue here if the Checkmarx project is set to "Source Control." What happens if I configure Jenkins to point to a specific repository, but the Checkmarx project is set to Source Control? Will the Jenkins files be overwritten? I would suggest a solution among the following:

          When .SrcCodeSettings.SourceOrigin == SourceLocationType.SourceControl:
          1. Provide an error message and stop to avoid any contention.

          OR

          2. Provide a warning message and ignore files in Jenkins workspace (because Checkmarx will already pull them). Instead of uploading the Checkmarx, just start the scan.

          Does that make sense?

          elordahl Eric Lordahl added a comment - Understood---We're using the Jenkins plugin w/ Git and TFS projects. However, there is an open-issue here if the Checkmarx project is set to "Source Control." What happens if I configure Jenkins to point to a specific repository, but the Checkmarx project is set to Source Control? Will the Jenkins files be overwritten? I would suggest a solution among the following: When .SrcCodeSettings.SourceOrigin == SourceLocationType.SourceControl: 1. Provide an error message and stop to avoid any contention. OR 2. Provide a warning message and ignore files in Jenkins workspace (because Checkmarx will already pull them). Instead of uploading the Checkmarx, just start the scan. Does that make sense?

          Hi Eric,
          In order to scan code from GIT using Jenkins plugin you would need to fetch the code using GIT plugin in jenkins.
          That would clone the source to jenkins workspace and will upload it to checkmarx server when initiating the scan.

          checkmarxsupport Checkmarx Support added a comment - Hi Eric, In order to scan code from GIT using Jenkins plugin you would need to fetch the code using GIT plugin in jenkins. That would clone the source to jenkins workspace and will upload it to checkmarx server when initiating the scan.

          Hi Eric,

          In order to scan code from GIT using Jenkins plugin you would need to fetch the code using GIT plugin in jenkins.
          That would clone the source to jenkins workspace and will upload it to checkmarx server when initiating the scan.

          checkmarxsupport Checkmarx Support added a comment - Hi Eric, In order to scan code from GIT using Jenkins plugin you would need to fetch the code using GIT plugin in jenkins. That would clone the source to jenkins workspace and will upload it to checkmarx server when initiating the scan.
          elordahl Eric Lordahl added a comment -

          In my checkmarx project configuration, I am using "Source Control" for location. In this configuration, checkmarx appears to connect to source-control and pull the code directly.

          My thinking was this prevents the need for zipping and submitting the source to Checkmarx, and might save a few minutes during the Jenkins job. Jenkins just becomes the trigger, and the place to grab results/reports.

          elordahl Eric Lordahl added a comment - In my checkmarx project configuration, I am using "Source Control" for location. In this configuration, checkmarx appears to connect to source-control and pull the code directly. My thinking was this prevents the need for zipping and submitting the source to Checkmarx, and might save a few minutes during the Jenkins job. Jenkins just becomes the trigger, and the place to grab results/reports.
          sergeyk Sergey Kadaner added a comment - - edited

          Can you elaborate about your Job configuration?

          In general Jenkins pulls sources from Source Control to workspace and the plugin takes them from there.

          sergeyk Sergey Kadaner added a comment - - edited Can you elaborate about your Job configuration? In general Jenkins pulls sources from Source Control to workspace and the plugin takes them from there.

          People

            checkmarxsupport Checkmarx Support
            elordahl Eric Lordahl
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: