[JIRA] (JENKINS-57697) [Error Handling] Error message not saying what fails

[mail@ron.gebauers.org (JIRA)]

Ron Gebauer created an issue

Jenkins / JENKINS-57697 [Error Handling] Error message not saying what fails Issue Type: Bug Assignee: Steve Springett Components: dependency-track-plugin Created: 2019-05-27 08:30 Environment: Jenkins 2.150.3 Plugin Version 2.1.0 Priority: Major Reporter: Ron Gebauer If the project key is invalid I got inside Jenkins and error about invalid payload. Via REST-Client I get the correct Error which tells me that the project key was invalid. Maybe the error from Dependency Track should be shown or the mapping needs to be optimized. Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[mark.symons@weareact.com (JIRA)]

Mark Symons commented on JENKINS-57697

Re: [Error Handling] Error message not saying what fails From Dependency-Track Issue #388 Current Behavior: After upgrade of Dependency-Track from v3.4.1 to v3.5.0, the treatment of Auto-Created Projects With Empty Name has changed, per fixes for #279 In v3.5.0, a pipeline jobs now fails when the name element in maven POM is empty and the configuration is for autocreate. From Jenkins console: [Pipeline] dependencyTrackPublisher 14:26:54 [DependencyTrack] Publishing artifact to Dependency-Track - https://dependency-track.card.co.uk 14:26:54 [DependencyTrack] Invalid payload submitted to server Then... 14:29:09 [INFO] ------------------------------------------------------------------------ 14:29:09 [INFO] BUILD SUCCESS 14:29:09 [INFO] ------------------------------------------------------------------------ Then Finished: FAILURE The problem with this is that there is no ERROR or WARNING anywhere in the console that indicates where the problem occurred. One has to read the entire output in order to see that the problem lies with publishing the BOM. Secondly, the "Invalid payload" text is not very helpful. The developer whose project this was was totally in the dark.. it was only because I remembered logging #279 that I deduced the cause (which was then fixed in no time at all). Thus, a couple of man-hours were expended. Steps to Reproduce: Using cyclonedx-maven-plugin 1.4.1, generate a BOM for a maven project where name element is missing. Publish to Dependency-Track v3.5.0 using autocreate in a pipeline. Expected Behavior: 1. The HTTP 400 response from the server should explain what went wrong (something that might be useful in other use cases?). Per RFC 7231: The 4xx (Client Error) class of status code indicates that the client seems to have erred. Except when responding to a HEAD request, the server SHOULD send a representation containing an explanation of the error situation, and whether it is a temporary or permanent condition. 2. The Dependency-Track plugin should be able to parse this explanation and display it in the console. ie "name element missing". Alternatively, maybe the plugin should error before even trying to connect to the server? 3. The error should cause the pipeline to fail in a way that is easier to audit (although I am not a pipeline expert... is this a problem that should be part of the pipeline logic itself?). Environment: Dependency-Track Version: 3.5.0 Distribution: [ Executable WAR] BOM Format & Version: 1.1 (cyclonedx-maven-plugin v1.4.1) Dependency-Track Plugin v2.1.0 Database Server: [ PostgreSQL ]

Add Comment

[mark.symons@weareact.com (JIRA)]

Mark Symons commented on JENKINS-57697

Re: [Error Handling] Error message not saying what fails

Per Dependency-Track issue HTTP 500 response from Lookup API, when using: Dependency-Track v3.6.0 Jenkins pipeline with synchronous mode enabled dependency-track plugin 2.2.0 (but thinking the plugin was 2.2.0 with support for Lookup API). 14:28:56 [DependencyTrack] Publishing artifact to Dependency-Track - https://dependency-track.xxxxxxxx.com 14:28:56 [DependencyTrack] The artifact was successfully published 14:29:06 [DependencyTrack] Polling Dependency-Track for BOM processing status 14:29:06 [DependencyTrack] Processing findings 14:29:06 [DependencyTrack] An error occurred while retrieving findings - HTTP response code: 500 Server Error Enhancement in plugin would be to: Include the plugin version in Jenkins console logging. This alone would have made it clear that the version was too low in this case, Include more info on what is being queried for retrieving findings ie, project uuid. This would make it easier to match things up with DT server logs.

Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

[mark.symons@weareact.com (JIRA)]

Mark Symons edited a comment on JENKINS-57697

Re: [Error Handling] Error message not saying what fails

Per Dependency-Track issue [HTTP 500 response from Lookup API|https://github.com/DependencyTrack/dependency-track/issues/498], when using: * Dependency-Track v3.6.0 * Jenkins pipeline with synchronous mode enabled * dependency-track plugin 2. 2 1 .0 (but *thinking* the plugin was 2.2.0 with support for Lookup API). {noformat}

14:28:56  [DependencyTrack] Publishing artifact to Dependency-Track - https://dependency-track.xxxxxxxx.com 14:28:56  [DependencyTrack] The artifact was successfully published 14:29:06  [DependencyTrack] Polling Dependency-Track for BOM processing status 14:29:06  [DependencyTrack] Processing findings 14:29:06  [DependencyTrack] An error occurred while retrieving findings - HTTP response code: 500 Server Error

{noformat}

Enhancement in plugin would be to:

* Include the plugin version in Jenkins console logging.  This alone would have made it clear that the version was too low in this case, * Include more info on what is being queried for retrieving findings  ie, project uuid.  This would make it easier to match things up with DT server logs.

Add Comment