-
Bug
-
Resolution: Unresolved
-
Minor
-
Jenkins LTS 2.303.1 on Kubernetes
Micro Focus Application Automation Tools plugin 7.0
Fortify on Demand plugin 6.1.0
Octane 16.0.116.45
Octane API key permissions verified
Fortify permissions verified
Same issue occurring as in JENKINS-61116
Fortify scan is triggered, and runs to completion, but no Vulnerabilities are loaded into Octane.
nga.log is empty.
[JENKINS-66792] Fortify On Demand vulnerabilities not loaded into Octane
Mark Serencha
added a comment - It should be noted that the API key provided by the FoD team authorizes successfully in "Manage Jenkins / Configure System":
Mark Serencha
added a comment - It should be noted that the API key provided by the FoD team authorizes successfully in "Manage Jenkins / Configure System":
Daniel Shmaya
added a comment - Fix is ready and will be push soon to the octane plugin ,
for the mean while a temporarly solution is to change all api keys role that are set in any jenkins that uses the FOD to "Security Lead"and RESTART JENKINS
while fixing this issue I ancontered in other defects that might cause this behavior so if the temporarly solution will not work you'll have to wait for the fixed version.
thanks.
Daniel Shmaya
added a comment - Fix is ready and will be push soon to the octane plugin ,
for the mean while a temporarly solution is to change all api keys role that are set in any jenkins that uses the FOD to "Security Lead"and RESTART JENKINS
while fixing this issue I ancontered in other defects that might cause this behavior so if the temporarly solution will not work you'll have to wait for the fixed version.
thanks. 
looks like problem in authentication with FOD, for some reason fod responds to the user as Unauthorized
com.hp.octane.integrations.exceptions.PermanentException: Cannot authenticate:Unauthorized
at com.hp.octane.integrations.services.vulnerabilities.fod.dto.FODConnector.getAccessToken(FODConnector.java:213) ~[integrations-sdk-2.0.72.8.jar:?]
require farther investigation.