-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
Jenkins 2.174
Checkmarx plugin 8.90.1
Checkmarx server 8.8.0HF8
Pipeline plugin 2.6
The snippet generator does not display a checkbox for generateXmlReport, so the resulting snippet doesn't have it either.
During job execution, the following error is raised:
[Cx-Warning]: Failed to generate HTML report: The following has evaluated to null or missing: ==> config.generateXmlReport [in template "report.ftl" at line 1583, column 32] ---- Tip: It's the step after the last dot that caused this error, not those before it. ---- Tip: If the failing expression is known to legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#else>when-missing</#if>. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)?? ---- ---- FTL stack trace ("~" means nesting-related): - Failed at: #if config.sastEnabled && config.gene... [in template "report.ftl" at line 1583, column 5] ----
Manually adding
generateXmlReport: true,
To the snippet resolves this issue and the report is successfully published in Jenkins.
Here is the original generated snippet (all defaults):
step([$class: 'CxScanBuilder', comment: '', credentialsId: '', excludeFolders: 'test,tests,fonts,docker,datagen,testing', excludeOpenSourceFolders: '', exclusionsSetting: 'global', failBuildOnNewResults: false, filterPattern: '''!**/_cvs/**/*, !**/.svn/**/*, !**/.hg/**/*, !**/.git/**/*, !**/.bzr/**/*, !**/bin/**/*, !**/obj/**/*, !**/backup/**/*, !**/.idea/**/*, !**/*.DS_Store, !**/*.ipr, !**/*.iws, !**/*.bak, !**/*.tmp, !**/*.aac, !**/*.aif, !**/*.iff, !**/*.m3u, !**/*.mid, !**/*.mp3, !**/*.mpa, !**/*.ra, !**/*.wav, !**/*.wma, !**/*.3g2, !**/*.3gp, !**/*.asf, !**/*.asx, !**/*.avi, !**/*.flv, !**/*.mov, !**/*.mp4, !**/*.mpg, !**/*.rm, !**/*.swf, !**/*.vob, !**/*.wmv, !**/*.bmp, !**/*.gif, !**/*.jpg, !**/*.png, !**/*.psd, !**/*.tif, !**/*.swf, !**/*.jar, !**/*.zip, !**/*.rar, !**/*.exe, !**/*.dll, !**/*.pdb, !**/*.7z, !**/*.gz, !**/*.tar.gz, !**/*.tar, !**/*.gz, !**/*.ahtm, !**/*.ahtml, !**/*.fhtml, !**/*.hdm, !**/*.hdml, !**/*.hsql, !**/*.ht, !**/*.hta, !**/*.htc, !**/*.htd, !**/*.war, !**/*.ear, !**/*.htmls, !**/*.ihtml, !**/*.mht, !**/*.mhtm, !**/*.mhtml, !**/*.ssi, !**/*.stm, !**/*.stml, !**/*.ttml, !**/*.txn, !**/*.xhtm, !**/*.xhtml, !**/*.class, !**/*.iml, !Checkmarx/Reports/*.*, !**/*.xml, !**/*.xsd, !**/*.gradle, !**/*.properties, !**/*.csv, !**/*.txt, !**/*.md, !**/.gitignore, !**/*.yml, !**/*.yaml, !**/*.sh, !**/*.adoc, !**/*.css, !**/*.md, ''', fullScanCycle: 10, groupId: 'XXXXXXXXX', includeOpenSourceFolders: '', osaArchiveIncludePatterns: '*.zip, *.war, *.ear, *.tgz', osaInstallBeforeScan: false, password: 'XXXXXXXXXXXX', preset: '36', projectName: 'XXXXXXXXX', sastEnabled: true, serverUrl: 'XXXXXXXXXX', sourceEncoding: '1', username: ''])
I discovered the following through trial and error:
Lack of backwards compatibility is not intuitive in my opinion. In my company, one department maintains the server and leaves it up to each team to set up their CI. Server and client will thus have different upgrade paths, and backwards compatibility is a reasonable expectation.