[JIRA] (JENKINS-60643) Auto-create project for maven-based jobs

Issue Type:	Improvement
Assignee:	Steve Springett
Components:	dependency-track-plugin
Created:	2020-01-06 09:05
Labels:	ux usability pipeline auto
Priority:	Minor
Reporter:	davidkarlsen

Currently the plugin/pipeline configuration requires an existing project by defining projectId.
I think it would be smoother to auto-create project, and read name/version from pom-files like:
name: ${groupId}-${artifactId}
version: ${version}

then the entry-barrier would be lowered and it would be easier to adopt DT at larger scale.

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

steve.springett@owasp.org (JIRA)

unread,

Jan 6, 2020, 11:32:02 AM1/6/20

to jenkinsc...@googlegroups.com

Steve Springett commented on

Auto-creating projects is already supported, but is limited to pipeline jobs. Non-pipeline jobs do not have the option.

davidkarlsen@java.net (JIRA)

unread,

Jan 12, 2020, 5:45:03 PM1/12/20

to jenkinsc...@googlegroups.com

davidkarlsen commented on

Hm - I get:
Missing required parameter: "projectId" @ line 114, column 9.
dependencyTrackPublisher artifact: 'target/bom.xml', artifactType: 'bom'

when running with:
dependencyTrackPublisher artifact: 'target/bom.xml', artifactType: 'bom'

steve.springett@owasp.org (JIRA)

unread,

Jan 12, 2020, 6:22:03 PM1/12/20

to jenkinsc...@googlegroups.com

Steve Springett commented on

https://jenkins.io/doc/pipeline/steps/dependency-track/

Pipeline parameters are documented here:

If you don't specify a projectId, then you have to specify the projectName and projectVersion. If the project name and version does not exist, it will be created.

davidkarlsen@java.net (JIRA)

unread,

Jan 14, 2020, 8:38:07 AM1/14/20

to jenkinsc...@googlegroups.com

davidkarlsen commented on

I get:

WorkflowScript: 102: Invalid parameter "projectVersion", did you mean "projectId"? @ line 102, column 121.
.edb.fs.tac.jfr.srv:jfr-srv", projectVer
^

when running:
dependencyTrackPublisher artifact: 'bom.xml', artifactType: 'bom', projectId: "com.edb.fs.tac.jfr.srv:jfr-srv", projectVersion: "10.1.0-SNAPSHOT"

davidkarlsen@java.net (JIRA)

unread,

Jan 14, 2020, 8:40:06 AM1/14/20

to jenkinsc...@googlegroups.com

davidkarlsen commented on

When I visit the ..../pipeline-syntax page, only these parameters are documented:

dependencyTrackPublisher: Publish results to Dependency-Track
projectId
Type:String
artifact
Type:String
artifactType
Type:String

davidkarlsen@java.net (JIRA)

unread,

Jan 14, 2020, 8:41:06 AM1/14/20

to jenkinsc...@googlegroups.com

davidkarlsen edited a comment on

When I visit the ..../pipeline-syntax page, only these parameters are documented:

dependencyTrackPublisher: Publish results to Dependency-Track
projectId
Type:String
artifact
Type:String
artifactType
Type:String

installed plugin version: 2.2.0

davidkarlsen@java.net (JIRA)

unread,

Jan 14, 2020, 8:42:08 AM1/14/20

to jenkinsc...@googlegroups.com

davidkarlsen updated an issue

Jenkins /

Change By:	davidkarlsen
Environment:	plugin version: 2.2.0 jenkins: CloudBees Jenkins Enterprise 2.176.4.3-rolling

steve.springett@owasp.org (JIRA)

unread,

Jan 14, 2020, 9:35:03 PM1/14/20

to jenkinsc...@googlegroups.com

Steve Springett commented on

I'm still unable to replicate. The automated generated docs posted here https://jenkins.io/doc/pipeline/steps/dependency-track/ contain all the configurable params including the projectName and projectVersion params I mentioned earlier. The pipeline syntax feature in Jenkins itself has a lot of limitations and will not properly generate all docs for some plugins. Use jenkins.io for plugin docs.

 
                                                                dependencyTrackPublisher artifact: 'bom.xml', artifactType: 'bom', projectName: 'Acme Example', projectVersion: '1.0.0', synchronous: true

davidkarlsen@java.net (JIRA)

unread,

Jan 22, 2020, 8:46:03 AM1/22/20

to jenkinsc...@googlegroups.com

davidkarlsen updated an issue

Jenkins /

Change By:	davidkarlsen
Attachment:	Screenshot 2020-01-22 at 14.17.14.png

davidkarlsen@java.net (JIRA)

unread,

Jan 22, 2020, 8:46:04 AM1/22/20

to jenkinsc...@googlegroups.com

davidkarlsen commented on

Our config section looks a "little strange" - double up with settings. What could cause this?

steve.springett@owasp.org (JIRA)

unread,

Jan 23, 2020, 11:50:02 AM1/23/20

to jenkinsc...@googlegroups.com

Steve Springett commented on

That is likely due to the use of an old version of the Dependency-Check Jenkins plugin being installed. That version of the plugin doesn't work anymore. It was compatible with DC 4.x, which utilized the XML feeds from the NVD. Those feeds are no longer available, so DC 4.x no longer works. Because of that, the old DC Jenkins plugin is likely safe to remove.

davidkarlsen@java.net (JIRA)

unread,

Jan 29, 2020, 4:59:02 PM1/29/20

to jenkinsc...@googlegroups.com

davidkarlsen commented on

Indeed the old dependency check plugin shadowed the dependency track one and everything works as designed. (However the name and version parameters don't show in the pipeline-syntax ui - but that's unrelated).
Thanks!

davidkarlsen@java.net (JIRA)

unread,

Jan 29, 2020, 5:00:02 PM1/29/20

to jenkinsc...@googlegroups.com

davidkarlsen closed an issue as Not A Defect

Jenkins /

Change By:	davidkarlsen
Status:	Open Closed
Resolution:	Not A Defect