Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52803

IBM Application Security on Cloud plugin does not currently allow for third party code to be scanned

XMLWordPrintable

      I get the following message when trying to scan code on our jenkins server using the plugin mentioned above:

      Static Analyzer has determined that you are only scanning third party code. To enable the scanning of third party code, regenerate the IRX file using the --thirdParty option.

      ERROR: Failed to run the security scan: Problems occurred generating the IRX file. See /home/ibmadmin/rpcatal/Spark-DK/core/SparkyScan_2018-07-27_15-37-04_logs.zip for details.
      Finished: FAILURE

       

      Since this --thirdparty command is to be issued on the command line before the IRX file is generated, I have no way of doing this. There should be an option, like a checkbox or something in the build step for this plugin that allows you to specify whether or not the code is third party so the code scan can run.

        1. jenkins_asoc_plugin_error.PNG
          jenkins_asoc_plugin_error.PNG
          39 kB

          [JENKINS-52803] IBM Application Security on Cloud plugin does not currently allow for third party code to be scanned

          Robert Catalano created issue -
          Robert Catalano made changes -
          Description Original: I get the following message when trying to scan code on our jenkins server using the plugin mentioned above:



          {{Static Analyzer has determined that you are only scanning third party code. To enable the scanning of third party code, regenerate the IRX file using the --thirdParty option.}}

          {{ERROR: Failed to run the security scan: Problems occurred generating the IRX file. See /home/ibmadmin/rpcatal/Spark-DK/core/SparkyScan_2018-07-27_15-37-04_logs.zip for details.}}
          {{Finished: FAILURE}}

           

          {{Since this command is to be issued on the command line before the IRX file is generated, I have no way of doing this. There should be an option, like a checkbox or something in the build step for this plugin that allows you to specify whether or not the code is third party.}}           		New: I get the following message when trying to scan code on our jenkins server using the plugin mentioned above:

          {{Static Analyzer has determined that you are only scanning third party code. To enable the scanning of third party code, regenerate the IRX file using the --thirdParty option.}}

          {{ERROR: Failed to run the security scan: Problems occurred generating the IRX file. See /home/ibmadmin/rpcatal/Spark-DK/core/SparkyScan_2018-07-27_15-37-04_logs.zip for details.}}
           {{Finished: FAILURE}}

           

          {{Since this --thirdparty command is to be issued on the command line before the IRX file is generated, I have no way of doing this. There should be an option, like a checkbox or something in the build step for this plugin that allows you to specify whether or not the code is third party so the code scan can run.}}

            kevinfealey Kevin Fealey
            robcatalano77 Robert Catalano
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: