Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58387

Quality gates not working as expected

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      dependencyCheckPublisher unstableTotalCritical: 1,
                               unstableTotalHigh: 1,
                               unstableTotalMedium: 1,
                               unstableTotalLow: 1
      

      When there are no issues, the status is Success
      When there is one medium issue, the status is Unstable
      When there are two high and seven medium issues, the status is Success

        Attachments

          Issue Links

            Activity

            Hide
            sspringett Steve Springett added a comment -

            "When there are two high and seven medium issues, the status is Success"

            That's interesting and certainly a bug. Let me to and replicate

            Show
            sspringett Steve Springett added a comment - "When there are two high and seven medium issues, the status is Success" That's interesting and certainly a bug. Let me to and replicate
            Hide
            jameshowe James Howe added a comment -

            It doesn't appear to have saved the source xml under the job result, but attached is the ResultAction.

            I'll sort out rebuilding that commit and dig it out.

            Show
            jameshowe James Howe added a comment - It doesn't appear to have saved the source xml under the job result, but attached is the ResultAction. I'll sort out rebuilding that commit and dig it out.
            Hide
            jameshowe James Howe added a comment -

            I cannot trivially reproduce it either using the same commit as before (config is also the same, being via Jenkinsfile).
            I have since upgraded to 5.0.1.

            The build that didn't become unstable simply logged

            [DependencyCheck] Collecting Dependency-Check artifact

            Show
            jameshowe James Howe added a comment - I cannot trivially reproduce it either using the same commit as before (config is also the same, being via Jenkinsfile). I have since upgraded to 5.0.1. The build that didn't become unstable simply logged [DependencyCheck] Collecting Dependency-Check artifact
            Hide
            jameshowe James Howe added a comment - - edited

            Had a look at the code and realised the problem.

            It only evaluates the gates if the previous build exists, and had compatible dependency-check results.
            Instead it should always evaluate. If there are no previous results it should count that as zero issues.

            Show
            jameshowe James Howe added a comment - - edited Had a look at the code and realised the problem. It only evaluates the gates if the previous build exists, and had compatible dependency-check results. Instead it should always evaluate. If there are no previous results it should count that as zero issues.
            Show
            sspringett Steve Springett added a comment - Fixed in commit  https://github.com/jenkinsci/dependency-check-plugin/commit/aea47a6ac61f017786581b273dba76c67e74bb87
            Hide
            sspringett Steve Springett added a comment -

            Fixed in 5.0.2

            Show
            sspringett Steve Springett added a comment - Fixed in 5.0.2

              People

              Assignee:
              sspringett Steve Springett
              Reporter:
              jameshowe James Howe
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: