• Type: Bug
• Resolution: Unresolved
• Priority: Minor
• Component/s: hp-application-automation-tools-plugin
• Labels:

  • MicroFocus
  • MicroFocusApplicationAutomationTools
  • Octane
  • fortify
  • jcabot:001
  • jcabot:002
  • octane
• Environment:

  Jenkins LTS 2.303.1 on Kubernetes
  Micro Focus Application Automation Tools plugin 7.0
  Fortify on Demand plugin 6.1.0
  Octane 16.0.116.45
  Octane API key permissions verified
  Fortify permissions verified

1. 

   FoD Auth OK.jpg

   197 kB

   2021-10-11 11:19

[JENKINS-66792] Fortify On Demand vulnerabilities not loaded into Octane

Mark Serencha created issue - 2021-10-04 12:23

Zhipeng made changes - 2021-10-09 02:37

Assignee

Original: Paul-Adrian Tofan [ ptofan ]

New: radislav [ radislav_berkovich ]

Collapse comment: Daniel Shmaya added a comment - 2021-10-10 16:05

Daniel Shmaya added a comment - 2021-10-10 16:05

looks like problem in authentication with FOD, for some reason fod responds to the user as Unauthorized

com.hp.octane.integrations.exceptions.PermanentException: Cannot authenticate:Unauthorized
at com.hp.octane.integrations.services.vulnerabilities.fod.dto.FODConnector.getAccessToken(FODConnector.java:213) ~[integrations-sdk-2.0.72.8.jar:?]

require farther investigation.

Expand comment: Daniel Shmaya added a comment - 2021-10-10 16:05

Daniel Shmaya added a comment - 2021-10-10 16:05 looks like problem in authentication with FOD, for some reason fod responds to the user as  Unauthorized com.hp.octane.integrations.exceptions.PermanentException: Cannot authenticate:Unauthorized at com.hp.octane.integrations.services.vulnerabilities.fod.dto.FODConnector. getAccessToken(FODConnector.java :213) ~ [integrations-sdk-2.0.72.8.jar:?] require farther investigation.

Mark Serencha made changes - 2021-10-11 11:19

Attachment

New: FoD Auth OK.jpg [ 56529 ]

Collapse comment: Mark Serencha added a comment - 2021-10-11 11:22

Mark Serencha added a comment - 2021-10-11 11:22

It should be noted that the API key provided by the FoD team authorizes successfully in "Manage Jenkins / Configure System":

Expand comment: Mark Serencha added a comment - 2021-10-11 11:22

Mark Serencha added a comment - 2021-10-11 11:22 It should be noted that the API key provided by the FoD team authorizes successfully in "Manage Jenkins / Configure System":

Collapse comment: Daniel Shmaya added a comment - 2021-10-14 07:19

Daniel Shmaya added a comment - 2021-10-14 07:19

Fix is ready and will be push soon to the octane plugin ,

for the mean while a temporarly solution is to change all api keys role  that are set in any jenkins  that uses the FOD to "Security Lead"and RESTART JENKINS

while fixing this issue I ancontered in other defects that might cause this behavior so if the temporarly solution will not work you'll have to wait for the fixed version.

thanks.

Expand comment: Daniel Shmaya added a comment - 2021-10-14 07:19

Daniel Shmaya added a comment - 2021-10-14 07:19 Fix is ready and will be push soon to the octane plugin , for the mean while a temporarly solution is to change all api keys role  that are set in any jenkins  that uses the FOD to "Security Lead"and RESTART JENKINS while fixing this issue I ancontered in other defects that might cause this behavior so if the temporarly solution will not work you'll have to wait for the fixed version. thanks.

Jenkins CERT Bot made changes - 2022-02-02 20:18

Labels

Original: MicroFocus MicroFocusApplicationAutomationTools Octane fortify octane

New: MicroFocus MicroFocusApplicationAutomationTools Octane fortify jcabot:001 jcabot:002 octane