Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52681

Anchore plugin fails with JSON error

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Not A Defect

    Description

      When I run a jenkins job using the anchore plugin, it submits it correctly but fails to load and parse the result.

      Attached are logs from the core, and jenkins plugin as well as the json resulting from this curl.

      curl -v -u admin:foobar "http://anchore.platform.vivint.com/v1/images/sha256:1e459072023393e9632e98961d84eccdf9ab926ce8e9aa55403fc4ec7610a914/check?tag=tp-registry.vivint.com:5005/test/vivint-base-prod:16.feature-pl-5600-anchore-3268de8&detail=true&policyId=2c53a13c-1765-11e8-82ef-23527761d060"

       

      Attachments

        1. anchore.json
          15 kB
        2. anchoreplugin.log
          6 kB
        3. core.log
          322 kB

        Activity

          benm, looks like your setup has the most updated Jenkins plugin release but a really old version of anchore engine (0.1.10). Current anchore engine release version is 0.2.3. This matters since the Jenkins plugin uses API to interact with anchore engine. "Security" tab of the Anchore build report is a new plugin feature that queries the anchore engine for vulnerabilities and renders the results. In this case the API response to vulnerability listing from the anchore engine is not what the plugin expects and hence the error in anchoreplugin.log. You might want to consider upgrading anchore engine for the Security tab results in the Anchore report.

          However, this error should not impact the rendering of the Anchore report for the Jenkins build. The Anchore report should display a "Policy" tab that contains a summary and detailed policy evaluation results. Let us know if this is not the case. 

          swathigangisetty Swathi Gangisetty added a comment - benm , looks like your setup has the most updated Jenkins plugin release but a really old version of anchore engine (0.1.10). Current anchore engine release version is 0.2.3. This matters since the Jenkins plugin uses API to interact with anchore engine. "Security" tab of the Anchore build report is a new plugin feature that queries the anchore engine for vulnerabilities and renders the results. In this case the API response to vulnerability listing from the anchore engine is not what the plugin expects and hence the error in anchoreplugin.log. You might want to consider upgrading anchore engine for the Security tab results in the Anchore report. However, this error should not impact the rendering of the Anchore report for the Jenkins build. The Anchore report should display a "Policy" tab that contains a summary and detailed policy evaluation results. Let us know if this is not the case. 
          benm Ben Mathews added a comment -

          I installed w/ the achore helm chart which at the time specified an older version. The helm chart has since been upgraded and all is working properly. Thanks.

          https://github.com/helm/charts/tree/master/stable/anchore-engine

          benm Ben Mathews added a comment - I installed w/ the achore helm chart which at the time specified an older version. The helm chart has since been upgraded and all is working properly. Thanks. https://github.com/helm/charts/tree/master/stable/anchore-engine

          People

            nurmi Daniel Nurmi
            benm Ben Mathews
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: