POM file

[Toni Von Zyl]

Hi I'm using:

Jenkins 1.593

JDK 1.7 u79

Gradle 2.1

Maven 3.1.1

Current issue:==========================================================================================================================

Downloading: http://repo.maven.apache.org/maven2/org/jenkins-ci/main/jenkins-war/1.593/jenkins-war-1.593.war
                 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10:39.436s
[INFO] Finished at: Mon Jan 25 11:06:18 CAT 2016
[INFO] Final Memory: 20M/250M
[INFO] ------------------------------------------------------------------------
[INFO] Dependency Recorder: write C:\Users\username\.jenkins\jobs\Duck_test\workspace\build-info.json
[ERROR] Failed to execute goal on project blackduck-installer: Could not resolve dependencies for project org.jenkins-ci.plugins:blackduck-installer:hpi:1.0.2-SNAPSHOT: Could not transfer artifact org.jenkins-ci.main:jenkins-war:war:1.593 from/to repo.jenkins-ci.org (http://repo.jenkins-ci.org/public/): GET request of: org/jenkins-ci/main/jenkins-war/1.593/jenkins-war-1.593.war from repo.jenkins-ci.org failed: Premature end of Content-Length delimited message body (expected: 68221947; received: 43815036 -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
Build step 'Invoke top-level Maven targets' marked build as failure
ERROR: [ERROR] The build was not successful. Build status : FAILURE. The Black Duck Vulnerability plugin will not run.
ERROR: [ERROR] The build was not successful. Build status : FAILURE. The Black Duck Vulnerability plugin will not run.
Finished: FAILURE

Current issue:==========================================================================================================================

Any ideal hoe to solve this issue?

Also, is there a generic POM file usable for this setup?

Thanks in advance.

[Toni Von Zyl]

Black Duck Vulnerability Installer Plugin - v1.0.2

Black Duck Vulnerability Plugin - v1.1.5

[James Richard]

Looking at the error message it seems you are testing the BlackDuck Vulnerability plugin using the blackduck-installer as the target project to build.  The error you are getting is from Maven not from the BlackDuck plugin.  For some reason it does not seem to be able to resolve that particular dependency (did you change the pom file in the blackduck-installer to use Jenkins 1.593 rather than 1.580.3?). 

Have you tried building this project outside of Jenkins (from the command line for example) ? Do you still see this issue? Do you see this issue if you change the pom file back to use Jenkins 1.580.3?

[Toni Von Zyl]

Hi James, thanks for the response.

The same error occurs even when run outside of Jenkins. I tried running it with both 1.593 and 1.580.3, same error. The goal is to scan project code but following the instructions as in the plugin doc (https://blackducksoftware.atlassian.net/wiki/display/BDOS/Black+Duck+Vulnerability+Plugin) my interface still doesn't look the same? I do however have all the config options available but running the project without a POM file added by me wasn't "optional" as stated in the doc. Below is the current pom.xml file I'm running..source-online...your assistance is greatly appreciated.

pom.xml:==========================================================================================================================

<?xml version="1.0" encoding="utf-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

<modelVersion>4.0.0</modelVersion>

<parent>

<groupId>org.jenkins-ci.plugins</groupId>

<artifactId>plugin</artifactId>

<!-- which version of Jenkins is this plugin built against? -->

<version>1.593</version>

</parent>

<artifactId>blackduck-installer</artifactId>

<version>1.0.2</version>

<packaging>hpi</packaging>

<name>Black Duck Vulnerability Installer Plugin</name>

<description>As a Jenkins user, this plug-in enables you to: Add the Black Duck Update Site to list of Jenkins Update Sites, Install the Black Duck Vulnerability Plugin that provides a report highlighting known vulnerabilities reported against the open source software found in the build</description>

<url>https://wiki.jenkins-ci.org/display/JENKINS/Black+Duck+Vulnerability+Installer+Plugin</url>

<licenses>

<license>

<name>The MIT License (MIT)</name>

<url>http://opensource.org/licenses/MIT</url>

</license>

</licenses>

<scm>

<connection>scm:git:ssh://github.com/jenkinsci/blackduck-installer-plugin.git</connection>

<developerConnection>scm:git:ssh://g...@github.com/jenkinsci/blackduck-installer-plugin.git</developerConnection>

<url>https://github.com/jenkinsci/blackduck-installer-plugin</url>

    <tag>blackduck-installer-1.0.2</tag>

  </scm>

<inceptionYear>2015</inceptionYear>

<organization>

<name>Black Duck Software, Inc.</name>

<url>http://www.blackducksoftware.com/</url>

</organization>

<developers>

<developer>

<id>kkandler</id>

<name>Kaj Kandler</name>

<email>kkan...@blackducksoftware.com</email>

<url>https://www.ohloh.net/accounts/KajKandler</url>

<organization>Black Duck Software, Inc.</organization>

<organizationUrl>http://www.blackducksoftware.com/</organizationUrl>

<roles>

<role>architect</role>

<role>developer</role>

</roles>

<timezone>-5</timezone>

</developer>

<developer>

<id>jrichard</id>

<name>James Richard</name>

<email>jric...@blackducksoftware.com</email>

<organization>Black Duck Software, Inc.</organization>

<organizationUrl>http://www.blackducksoftware.com/</organizationUrl>

<roles>

<role>developer</role>

</roles>

<timezone>-5</timezone>

</developer>

</developers>

<contributors>

</contributors>

<repositories>

<repository>

<id>repo.jenkins-ci.org</id>

<name>jenkins</name>

<url>http://repo.jenkins-ci.org/public/</url>

</repository>

</repositories>

<pluginRepositories>

<pluginRepository>

<id>repo.jenkins-ci.org</id>

<url>http://repo.jenkins-ci.org/public/</url>

</pluginRepository>

</pluginRepositories>

<properties>

<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

</properties>

<dependencies>

<dependency>

<groupId>jp.ikedam.jenkins.plugins</groupId>

<artifactId>update-sites-manager</artifactId>

<version>1.0.1</version>

<!-- <optional>true</optional> -->

</dependency>

</dependencies>

<build>

<resources>

<resource>

<directory>src/main/resources</directory>

</resource>

</resources>

<plugins>

<plugin>

<artifactId>maven-compiler-plugin</artifactId>

<version>3.1</version>

<configuration>

<source>1.7</source>

<target>1.7</target>

</configuration>

</plugin>

<plugin>

<groupId>org.codehaus.mojo</groupId>

<artifactId>build-helper-maven-plugin</artifactId>

<executions>

<execution>

<id>add-source</id>

<phase>generate-sources</phase>

<goals>

<goal>add-source</goal>

</goals>

<configuration>

<sources>

<!-- Add so Eclipse m2e can pick those up - if you see a error in 

eclipse about this click and select discover to install the m2e mapping for 

this maven plugin -->

<source>${project.build.directory}/generated-sources/localizer/</source>

<source>${project.build.directory}/generated-sources/annotations/</source>

</sources>

</configuration>

</execution>

</executions>

</plugin>

<plugin>

<groupId>org.jenkins-ci.tools</groupId>

<artifactId>maven-hpi-plugin</artifactId>

<configuration>

<pluginFirstClassLoader>true</pluginFirstClassLoader>

</configuration>

<extensions>true</extensions>

<dependencies>

<dependency> <!-- overwrite the xalan version for the plugin, otherwise SdkFaults result 

in a method not found exception on XPathContext.init() in the Eclipse hpi:run 

only, seems to work fine in regular Jenkins environments -->

<!-- FIXME - put this into a profile that can only be called in Eclipse 

run situations, also re-examine the above classloader config -->

<groupId>xalan</groupId>

<artifactId>xalan</artifactId>

<version>2.7.1</version>

</dependency>

</dependencies>

</plugin>

</plugins>

</build>

</project>

pom.xml:==========================================================================================================================

[James Richard]

Just for clarification, the plugin does not scan any code. If you are building a Maven project then the plugin uses Event Spies to listen to Maven's events to determine what dependencies are being resolved in the Build so we can get a complete list.  For Gradle projects we inject a task of our own that that uses Gradle built in functionality to get a complete list of dependencies.

When you Build a Maven project, you must always have a pom.xml but when configuring the "Invoke Top Level Maven Target" step in Jenkins you do not need to specify the location of the pom.xml if it is in the root directory of the workspace, if it is not in the root directory then you must specify the path to the pom.xml.  That is why we say it is optional.

Getting back to your original issue, you seem to be having trouble with Maven and not our plugin or the installer.  Looking into this issue for you, are you working through a proxy? The proxy may be blocking you from accessing that repository OR it could be limiting how much data is being transferred so you arent getting the entire war file only part of it.  If you are not connecting through a proxy it may be your network setup is limiting the download.  I hope this helps!

-James R.