Can you kindly share your jenkinsfile

uploaded Jenkinsfile and csfAnchoreScan.groovy jequals5

What version of Jenkins are you on?

Jenkins ver. 2.204.2

No artifacts found that match the file pattern "**/anchore*.json" . Configuration error?
No artifacts found that match the file pattern  "anchore*.json" . Configuration error?

No artifacts found that match the file pattern  "*.json" . Configuration error?

From jenkins console log:
.....
20:49:05 Archiving artifacts
20:49:05 ‘anchore*.json’ doesn’t match anything
20:49:05 No artifacts found that match the file pattern "anchore*.json". Configuration error?
.....

But then ====>>>>>> From job summary page: (sometimes there are build artifacts, sometimes no)

Build Artifacts
anchore_gates.json 51.93 KB view
anchore_security.json 31.12 KB view
anchoreengine-api-response-evaluation-1.json 58.77 KB view
anchoreengine-api-response-evaluation-2.json 60.36 KB view
anchoreengine-api-response-evaluation-3.json 22.36 KB view
anchoreengine-api-response-vulnerabilities-1.json 54.31 KB view
anchoreengine-api-response-vulnerabilities-2.json 57.44 KB view
anchoreengine-api-response-vulnerabilities-3.json 3.32 KB view

https://build8.cci.myCompany.net/job/CTO/job/CSF/job/Common/job/CSF-CHARTS-PROMOTE/2648/artifact/AnchoreReport.CSF-CHARTS-PROMOTE_2648/anchore_security.json
https://build8.cci.myCompany.net/job/CTO/job/CSF/job/Common/job/CSF-CHARTS-PROMOTE/2648/artifact/AnchoreReport.CSF-CHARTS-PROMOTE_2648/anchore_gates.json

I will attempt to duplicate your setup later this AM

any update?

any clue?

Thanks!

My apologies for the delayed reply.

I tried reproducing this and could not. In looking at your Jenkinsfile, I see that you are using a library, that could be suspect. Can you provide the logs from Managed Jenkins>System Logs

From anchore plugin src, seems anchore plugin itself does archiving some json results, and in then end, clear the anchor folder, could it be the cause? If it is, why we can see them sometime?

walthhy you are correct. A directory with all the vulnerability data is what you are referring to, in most cases you should not see that because of the clean up that takes place. In some edge cases, that clean up doesn't happen and that is why you see it. 

I will leave.this open in till Friday. I think the main answer is mine from yesterday.
Let me know if I am misinterpreting

jequals5, thanks. we still have questions, forgive me not familiar with plugin code.

Could you help us identifying under which condition we will have aritifacts.

1. which artifacts/json report will be archived automatically under which condition
2. when clean up case will be executed and when not?
3. is it possible to keep those json output always?

1. The scan keeps a report of vulnerabilities and policy evaluations. This happens during each scan
2. Clean up should always take place unless there was some edge case that stopped that from happening. Network latency, Jenkins hiccup, etc.
3. Depending on how your scan job is configured, all jobs should retain the output of the report and there is a historical linkage in your workspace.

Hope that helps

Hi  jequals5 ,  How to config the job to keep the output report (*.json files) ?  

I would need to test that. I can do that but it will be a couple of days due to other priorities.

i changed the severity of this because saving the data is not the intended use case.

i will update in a day of 2