Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62040

pipeline cannot find and archiveArtifacts anchore.json after anchore plugin scan

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Reopened (View Workflow)
    • Priority: Trivial
    • Resolution: Unresolved
    • Labels:
      None
    • Environment:
      openstack, linux

      Enterprise Client Version: 0.6.0
        Anchore Engine Version: 0.6.0
        Anchore DB Version: 0.0.12
    • Similar Issues:

      Description

      1. Jenkins anchore plugin scan docker image,
      then archive artifacts: '**/*.json',
      But no anchore.json archived, this anchore.json is missing

      2. Jenkins anchore plugin scan docker image,
      then archive artifacts: 'AnchoreReport.${JOB_BASE_NAME}_${BUILD_NUMBER}/*.json',
      No artifacts found that match the file pattern "AnchoreReport.CSF-Anchore-Scan_82/*.json". Configuration error?

       
      13:07:39 ‘anchore*.json’ doesn’t match anything*

      13:07:39* No artifacts found that match the file pattern "anchore*.json". Configuration error?

       

      So, how to archive the anchore.json file?

      Enterprise Client Version: 0.6.0
      Anchore Engine Version: 0.6.0
      Anchore DB Version: 0.0.12

        Attachments

          Activity

          Hide
          jequals5 Marky Jackson added a comment -

          Can you kindly share your jenkinsfile

          Show
          jequals5 Marky Jackson added a comment - Can you kindly share your jenkinsfile
          Hide
          guobaisheng Anthony Guo added a comment -

          uploaded Jenkinsfile and csfAnchoreScan.groovy Marky Jackson

          Show
          guobaisheng Anthony Guo added a comment - uploaded Jenkinsfile and csfAnchoreScan.groovy Marky Jackson
          Hide
          jequals5 Marky Jackson added a comment -

          What version of Jenkins are you on?

          Show
          jequals5 Marky Jackson added a comment - What version of Jenkins are you on?
          Hide
          guobaisheng Anthony Guo added a comment -

          Jenkins ver. 2.204.2

          Show
          guobaisheng Anthony Guo added a comment - Jenkins ver. 2.204.2
          Hide
          guobaisheng Anthony Guo added a comment - - edited

          No artifacts found that match the file pattern "**/anchore*.json" . Configuration error?
          No artifacts found that match the file pattern  "anchore*.json" . Configuration error?

          No artifacts found that match the file pattern  "*.json" . Configuration error?

          Show
          guobaisheng Anthony Guo added a comment - - edited No artifacts found that match the file pattern "** /anchore *.json" . Configuration error? No artifacts found that match the file pattern  "anchore*.json" . Configuration error? No artifacts found that match the file pattern  "*.json" . Configuration error?
          Hide
          guobaisheng Anthony Guo added a comment - - edited

          From jenkins console log:
          .....
          20:49:05 Archiving artifacts
          20:49:05 ‘anchore*.json’ doesn’t match anything
          20:49:05 No artifacts found that match the file pattern "anchore*.json". Configuration error?
          .....

          But then ====>>>>>> From job summary page: (sometimes there are build artifacts, sometimes no)

          Build Artifacts
          anchore_gates.json 51.93 KB view
          anchore_security.json 31.12 KB view
          anchoreengine-api-response-evaluation-1.json 58.77 KB view
          anchoreengine-api-response-evaluation-2.json 60.36 KB view
          anchoreengine-api-response-evaluation-3.json 22.36 KB view
          anchoreengine-api-response-vulnerabilities-1.json 54.31 KB view
          anchoreengine-api-response-vulnerabilities-2.json 57.44 KB view
          anchoreengine-api-response-vulnerabilities-3.json 3.32 KB view

          https://build8.cci.myCompany.net/job/CTO/job/CSF/job/Common/job/CSF-CHARTS-PROMOTE/2648/artifact/AnchoreReport.CSF-CHARTS-PROMOTE_2648/anchore_security.json
          https://build8.cci.myCompany.net/job/CTO/job/CSF/job/Common/job/CSF-CHARTS-PROMOTE/2648/artifact/AnchoreReport.CSF-CHARTS-PROMOTE_2648/anchore_gates.json

          Show
          guobaisheng Anthony Guo added a comment - - edited From jenkins console log: ..... 20:49:05 Archiving artifacts 20:49:05 ‘anchore*.json’ doesn’t match anything 20:49:05 No artifacts found that match the file pattern "anchore*.json". Configuration error? ..... But then ====>>>>>> From job summary page: (sometimes there are build artifacts, sometimes no) Build Artifacts anchore_gates.json 51.93 KB view anchore_security.json 31.12 KB view anchoreengine-api-response-evaluation-1.json 58.77 KB view anchoreengine-api-response-evaluation-2.json 60.36 KB view anchoreengine-api-response-evaluation-3.json 22.36 KB view anchoreengine-api-response-vulnerabilities-1.json 54.31 KB view anchoreengine-api-response-vulnerabilities-2.json 57.44 KB view anchoreengine-api-response-vulnerabilities-3.json 3.32 KB view https://build8.cci.myCompany.net/job/CTO/job/CSF/job/Common/job/CSF-CHARTS-PROMOTE/2648/artifact/AnchoreReport.CSF-CHARTS-PROMOTE_2648/anchore_security.json https://build8.cci.myCompany.net/job/CTO/job/CSF/job/Common/job/CSF-CHARTS-PROMOTE/2648/artifact/AnchoreReport.CSF-CHARTS-PROMOTE_2648/anchore_gates.json
          Hide
          jequals5 Marky Jackson added a comment -

          I will attempt to duplicate your setup later this AM

          Show
          jequals5 Marky Jackson added a comment - I will attempt to duplicate your setup later this AM
          Hide
          guobaisheng Anthony Guo added a comment -

          any update?

          any clue?

          Thanks!

          Show
          guobaisheng Anthony Guo added a comment - any update? any clue? Thanks!
          Hide
          jequals5 Marky Jackson added a comment -

          My apologies for the delayed reply.

          I tried reproducing this and could not. In looking at your Jenkinsfile, I see that you are using a library, that could be suspect. Can you provide the logs from Managed Jenkins>System Logs

          Show
          jequals5 Marky Jackson added a comment - My apologies for the delayed reply. I tried reproducing this and could not. In looking at your Jenkinsfile, I see that you are using a library, that could be suspect. Can you provide the logs from Managed Jenkins>System Logs
          Hide
          walthhy Tony Wen added a comment -

          From anchore plugin src, seems anchore plugin itself does archiving some json results, and in then end, clear the anchor folder, could it be the cause? If it is, why we can see them sometime?

          Show
          walthhy Tony Wen added a comment - From anchore plugin src, seems anchore plugin itself does archiving some json results, and in then end, clear the anchor folder, could it be the cause? If it is, why we can see them sometime?
          Hide
          jequals5 Marky Jackson added a comment -

          Tony Wen you are correct. A directory with all the vulnerability data is what you are referring to, in most cases you should not see that because of the clean up that takes place. In some edge cases, that clean up doesn't happen and that is why you see it. 

          Show
          jequals5 Marky Jackson added a comment - Tony Wen you are correct. A directory with all the vulnerability data is what you are referring to, in most cases you should not see that because of the clean up that takes place. In some edge cases, that clean up doesn't happen and that is why you see it. 
          Hide
          jequals5 Marky Jackson added a comment -

          I will leave.this open in till Friday. I think the main answer is mine from yesterday.
          Let me know if I am misinterpreting

          Show
          jequals5 Marky Jackson added a comment - I will leave.this open in till Friday. I think the main answer is mine from yesterday. Let me know if I am misinterpreting
          Hide
          walthhy Tony Wen added a comment -

          Marky Jackson, thanks. we still have questions, forgive me not familiar with plugin code.

          Could you help us identifying under which condition we will have aritifacts.

          1. which artifacts/json report will be archived automatically under which condition
          2. when clean up case will be executed and when not?
          3. is it possible to keep those json output always?
          Show
          walthhy Tony Wen added a comment - Marky Jackson , thanks. we still have questions, forgive me not familiar with plugin code. Could you help us identifying under which condition we will have aritifacts. which artifacts/json report will be archived automatically under which condition when clean up case will be executed and when not? is it possible to keep those json output always?
          Hide
          jequals5 Marky Jackson added a comment -
          1. The scan keeps a report of vulnerabilities and policy evaluations. This happens during each scan
          2. Clean up should always take place unless there was some edge case that stopped that from happening. Network latency, Jenkins hiccup, etc.
          3. Depending on how your scan job is configured, all jobs should retain the output of the report and there is a historical linkage in your workspace.

           

          Hope that helps

          Show
          jequals5 Marky Jackson added a comment - The scan keeps a report of vulnerabilities and policy evaluations. This happens during each scan Clean up should always take place unless there was some edge case that stopped that from happening. Network latency, Jenkins hiccup, etc. Depending on how your scan job is configured, all jobs should retain the output of the report and there is a historical linkage in your workspace.   Hope that helps
          Hide
          guobaisheng Anthony Guo added a comment -

          Hi  Marky Jackson ,  How to config the job to keep the output report (*.json files) ?  

           

          Show
          guobaisheng Anthony Guo added a comment - Hi  Marky Jackson  ,  How to config the job to keep the output report (*.json files) ?    
          Hide
          jequals5 Marky Jackson added a comment -

          I would need to test that. I can do that but it will be a couple of days due to other priorities.

          i changed the severity of this because saving the data is not the intended use case.

          i will update in a day of 2

          Show
          jequals5 Marky Jackson added a comment - I would need to test that. I can do that but it will be a couple of days due to other priorities. i changed the severity of this because saving the data is not the intended use case. i will update in a day of 2

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            guobaisheng Anthony Guo
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: