Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66792

Fortify On Demand vulnerabilities not loaded into Octane

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Same issue occurring as in JENKINS-61116

      Fortify scan is triggered, and runs to completion, but no Vulnerabilities are loaded into Octane.

      nga.log is empty.

       

        Attachments

          Activity

          Hide
          daniels Daniel Shmaya added a comment -

          looks like problem in authentication with FOD, for some reason fod responds to the user as Unauthorized

          com.hp.octane.integrations.exceptions.PermanentException: Cannot authenticate:Unauthorized
          at com.hp.octane.integrations.services.vulnerabilities.fod.dto.FODConnector.getAccessToken(FODConnector.java:213) ~[integrations-sdk-2.0.72.8.jar:?]

          require farther investigation.

          Show
          daniels Daniel Shmaya added a comment - looks like problem in authentication with FOD, for some reason fod responds to the user as  Unauthorized com.hp.octane.integrations.exceptions.PermanentException: Cannot authenticate:Unauthorized at com.hp.octane.integrations.services.vulnerabilities.fod.dto.FODConnector. getAccessToken(FODConnector.java :213) ~ [integrations-sdk-2.0.72.8.jar:?] require farther investigation.
          Hide
          mserencha Mark Serencha added a comment -

          It should be noted that the API key provided by the FoD team authorizes successfully in "Manage Jenkins / Configure System":

          Show
          mserencha Mark Serencha added a comment - It should be noted that the API key provided by the FoD team authorizes successfully in "Manage Jenkins / Configure System":
          Hide
          daniels Daniel Shmaya added a comment -

          Fix is ready and will be push soon to the octane plugin ,

          for the mean while a temporarly solution is to change all api keys role  that are set in any jenkins  that uses the FOD to "Security Lead"and RESTART JENKINS

          while fixing this issue I ancontered in other defects that might cause this behavior so if the temporarly solution will not work you'll have to wait for the fixed version.

          thanks.

          Show
          daniels Daniel Shmaya added a comment - Fix is ready and will be push soon to the octane plugin , for the mean while a temporarly solution is to change all api keys role  that are set in any jenkins  that uses the FOD to "Security Lead"and RESTART JENKINS while fixing this issue I ancontered in other defects that might cause this behavior so if the temporarly solution will not work you'll have to wait for the fixed version. thanks.

            People

            Assignee:
            radislav_berkovich radislav
            Reporter:
            mserencha Mark Serencha
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: