-
Bug
-
Resolution: Unresolved
-
Blocker
-
None
-
Jenkins 2.401.3
Veracode Scan Version23.7.22.0
Running a Jenkins file using the veracode plugin to perform an Upload and Scan with Veracode Pipeline, using the recommended snippet generated by the Snippet Generator fails due to:
Parsing error(s):
-filepath is required for the selected action.
I even tried adding filePath as a parameter and that does not add -filepath to the arguments and also fails:
withCredentials([usernamePassword(credentialsId: 'veracode-credentials', passwordVariable: 'veracode_password', usernameVariable: 'vercode_api_key')]) { veracode applicationName: VERACODE_NAME, canFailJob: true, waitForScan: true, unstableBuild: true, createSandbox: true, debug: true, deleteIncompleteScanLevel: '0', criticality: 'Medium', fileNamePattern: '', replacementPattern: '', sandboxName: "${POM_ARTIFACTID}-${params.ENV}", scanName: "${VERSION}${REVISION}-${ENV_US_EN}", teams: 'Data-Survey/Compiled', uploadIncludesPattern: "**/**-${ENV_US_EN}.war", scanExcludesPattern: '', scanIncludesPattern: '', filePath: "{$env.WORKSPACE}", useProxy: true, vid: vercode_api_key, vkey: veracode_password }
WARNING: Unknown parameter(s) found for class type 'com.veracode.jenkins.plugin.VeracodePipelineRecorder': filePath
------------------------------------------------------------------------
Upload and Scan with Veracode Pipeline
------------------------------------------------------------------------
[Debug mode is on]
Can Fail Job: true
Show Unstable Status for Failed Policy Evaluation: true
Version information:
VeracodeJavaAPI v23.4.11.2 cUnknown
HPI location: var/lib/jenkins/plugins/veracode-scan/WEB-INF/lib/veracode-scan.jarProcessing files in [local] workspace: /local2/jenkins/workspace/SVWebAppBuilding arguments. Calling wrapper with arguments:
[-action, UploadAndScan, -vid, ********, -vkey, ********, -phost, ********, -pport, ********, -appname, Shoppers Voice (ICOM), -createprofile, false, -teams, Data-Survey/Compiled, -criticality, Medium, -sandboxname, SVWebApp-DEV, -createsandbox, true, -version, 2.0-SNAPSHOT-us_en_dev, -autoscan, true, -deleteincompletescan, 0, -maxretrycount, 5, -debug, -useragent, VeracodeScanJenkins/23.7.22.0 (Jenkins/2.401.3; Java/Unknown)]
VeracodeJavaAPI v23.4.11.2 cUnknown
Parsing error(s):
-filepath is required for the selected action.
The following parameters are optional for the selected action:
-autorecreate -exclude
-format -include
-includenewmodules -inputfilepath
-logfilepath -pattern
-ppassword -puser
-replacement -sandboxid
-scanallnonfataltoplevelmodules -scanpollinginterval
-scantimeout -selected
-selectedpreviously -toplevel
[2023.08.24 13:26:00.499] Invalid input
Error- Returned code from wrapper:1
[JENKINS-71885] The Veracode Scan plugin fails due to -filepath is required with no way to set it
I only added filePath because of the -filepath is required error message in an attempt to fix that error. It has the same error message with the original code generated by the Pipeline script that does not pass filePath.
What "binary" needs to be available? The Jenkins plugin documentation (https://plugins.jenkins.io/veracode-scan/) does not mention a binary and there is no dependance on a binary mentioned (https://plugins.jenkins.io/veracode-scan/dependencies/). I installed the plugin using the Jenkins Manage Plugins Manager. Also, there is no mention of a binary in the Veracode documentation here https://docs.veracode.com/r/c_using_jenkins
However, it would seem that the "-filepath is required for the selected action" error would come from that binary. Also, there is a /var/lib/jenkins/plugins/veracode-scan/WEB-INF/lib/veracode-scan.jar that was "installed" as part of the plugin.
Murray
added a comment - - edited I only added filePath because of the -filepath is required error message in an attempt to fix that error. It has the same error message with the original code generated by the Pipeline script that does not pass filePath.
What "binary" needs to be available? The Jenkins plugin documentation ( https://plugins.jenkins.io/veracode-scan/ ) does not mention a binary and there is no dependance on a binary mentioned ( https://plugins.jenkins.io/veracode-scan/dependencies/ ). I installed the plugin using the Jenkins Manage Plugins Manager. Also, there is no mention of a binary in the Veracode documentation here https://docs.veracode.com/r/c_using_jenkins
However, it would seem that the "-filepath is required for the selected action" error would come from that binary. Also, there is a /var/lib/jenkins/plugins/veracode-scan/WEB-INF/lib/veracode-scan.jar that was "installed" as part of the plugin. The binary (or the build artifact) that you would like the plugin to scan in Jenkins pipeline needs to be there in the workspace.
Murray
added a comment - Oh, the artifact to scan. That was indeed the problem, I needed to move the veracode step to right after the build artifact was built as this Pipeline builds several and the one in question was no longer there.
The error message is misleading and confusing, one would think the error message would mention not being able to find the artifact to scan instead of complaining about missing a command line parameter that is not valid :/
Murray
added a comment - Oh, the artifact to scan. That was indeed the problem, I needed to move the veracode step to right after the build artifact was built as this Pipeline builds several and the one in question was no longer there.
The error message is misleading and confusing, one would think the error message would mention not being able to find the artifact to scan instead of complaining about missing a command line parameter that is not valid :/ 
Hello naris,
Avoid passing the filepath parameter to the script. Only utilize parameters generated by the Pipeline script generator. The plugin inherently interprets the build workspace as the filepath, whether local or remote. In your case, it is /local2/jenkins/workspace/SVWebApp. Please make sure if the binary is available and accessible in the build workspace.
cc: dennisgu