-
New Feature
-
Resolution: Fixed
-
Minor
-
Jenkins 2.387.1
Warnings-NG 10.0.2
AnalysisModel 11.0.0
I will acknowledge that bandit isn't listed as a tool, but believe AnalysisModel uses violations-lib which does list bandit as a supported tool if it uses the clang parser and a specific format line.
I am not sure where the issue is so putting this together and asking for some assistance. I've already reached out to the violations-lib folks and they confirmed it is not there. https://github.com/tomasbjerre/violations-lib/issues/175
The bandit issue for this test is generated by simply saying print(eval('1+2')) for testing purposes only.
jenkinsfile bandit call
sh """
. ./venv/bin/activate
bandit -r rc_smtp_bridge/ -f custom --msg-template '{abspath}:{line}: {severity}: {test_id}: {msg}' | tee bandit.log || true
"""
+ bandit -r rc_smtp_bridge/ -f custom --msg-template {abspath}:{line}: {severity}: {test_id}: {msg}
+ tee bandit.log
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.11.2
/jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2/rc_smtp_bridge/rc_smtp_bridge.py:42: MEDIUM: B307: Use of possibly insecure function - consider using safer ast.literal_eval.
recordIssues
recordIssues aggregatingResults: true, qualityGates: [[threshold: 1, type: 'TOTAL', unstable: false]], enabledForFailure: true, tools: [clang(name: 'bandit', pattern: "bandit.log")] [bandit] Searching for all files in '/jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2' that match the pattern 'bandit.log' [bandit] Traversing of symbolic links: enabled [bandit] -> found 1 file [bandit] Successfully parsed file /jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2/bandit.log [bandit] -> found 0 issues (skipped 0 duplicates) [bandit] Successfully processed file 'bandit.log' [bandit] Skipping post processing [bandit] No filter has been set, publishing all 0 issues [bandit] Repository miner is not configured, skipping repository mining [bandit] Searching for all files in '/jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2' that match the pattern 'bandit.log' [bandit] Traversing of symbolic links: enabled [bandit] -> found 1 file [bandit] Successfully parsed file /jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2/bandit.log [bandit] -> found 0 issues (skipped 0 duplicates) [bandit] Successfully processed file 'bandit.log' [bandit] Skipping post processing [bandit] No filter has been set, publishing all 0 issues [bandit] Ignoring 'aggregatingResults' and ID 'null' since only a single tool is defined. [bandit] Searching for all files in '/jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2' that match the pattern 'bandit.log' [bandit] Traversing of symbolic links: enabled [bandit] -> found 1 file [bandit] Successfully parsed file /jenkins/workspace/ure_RC_SMTP_Bridge_flake8-bandit@2/bandit.log [bandit] -> found 0 issues (skipped 0 duplicates) [bandit] Successfully processed file 'bandit.log' [bandit] Skipping post processing [bandit] No filter has been set, publishing all 0 issues [bandit] Repository miner is not configured, skipping repository mining [bandit] Reference build recorder is not configured [bandit] Obtaining reference build from same job (flake8-bandit) [bandit] Using reference build 'Infrastructure/RC SMTP Bridge/flake8-bandit #11' to compute new, fixed, and outstanding issues [bandit] Issues delta (vs. reference build): outstanding: 0, new: 0, fixed: 0 [bandit] Evaluating quality gates [bandit] -> PASSED - Total (any severity): 0 - Quality Gate: 1 [bandit] -> All quality gates have been passed [bandit] Health report is disabled - skipping [bandit] Created analysis result for 0 issues (found 0 new issues, fixed 0 issues) [bandit] Attaching ResultAction with ID 'clang' to build 'Infrastructure/RC SMTP Bridge/flake8-bandit #21'. [Checks API] No suitable checks publisher found.
- relates to
-
JENKINS-70826 warningsng (clang) puppetlint not parsing log file
-
- Fixed but Unreleased
-
