-
Bug
-
Resolution: Fixed
-
Major
-
Aqua Plugin Version 3.2.2
looking at AquaDockerScannerBuilder.java there is a problematic code:
public synchronized static void setCount(int count){
AquaDockerScannerBuilder.count = count;
}
**
public synchronized static void setBuildId(int buildId){
AquaDockerScannerBuilder.buildId = buildId;
}
Whenever the aqua plugin is called (can be used multiple time per build) a new instance of AquaDockerScannerBuilder is created.
Because the count and buildId are static they are shared between instances of the same build, but also by instances of other builds from the same job or from another job.
So if a two builds are running in parallel, and each build is scanning multiple images, each build will override the buildId, causing both to be stuck in the first execution:
String artifactSuffix, artifactName;
if (build.hashCode() != buildId){
// New build
setBuildId(build.hashCode());
setCount(1);
artifactSuffix = null; // When ther is only one step, there should be no suffix at all
artifactName = "scanout.html";
} else {
setCount(count + 1);
artifactSuffix = Integer.toString(count);
artifactName = "scanout-" + artifactSuffix + ".html";
}
Each time a different build toggles the buildId to it own value and if (build.hashCode() != buildId) is always met.
This causes the reports to override each other and make the reports of the first scans unavailable (see attached screen shot).
This static mechanism must be updated to allow running the Aqua plugin in multiple Jobs.{}