[JIRA] (JENKINS-58387) Quality gates not working as expected

Issue Type:	Bug
Assignee:	Unassigned
Components:	dependency-check-jenkins-plugin
Created:	2019-07-08 15:47
Environment:	dependency-check 5.0
Priority:	Major
Reporter:	James Howe

 
                                                                dependencyCheckPublisher unstableTotalCritical: 1, unstableTotalHigh: 1,
                         unstableTotalMedium: 1, unstableTotalLow: 1

When there are no issues, the status is Success
When there is one medium issue, the status is Unstable
When there are two high and seven medium issues, the status is Success

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

james@howeswho.co.uk (JIRA)

unread,

Jul 8, 2019, 11:54:02 AM7/8/19

to jenkinsc...@googlegroups.com

James Howe updated an issue

Jenkins /

Change By:	James Howe

{code:groovy}
dependencyCheckPublisher unstableTotalCritical: 1,
unstableTotalHigh: 1,
unstableTotalMedium: 1,
unstableTotalLow: 1
{code}

When there are no issues, the status is Success (/)
When there is one medium issue, the status is Unstable (/)
When there are two high and seven medium issues, the status is Success (x)

steve.springett@owasp.org (JIRA)

unread,

Jul 10, 2019, 9:39:02 PM7/10/19

to jenkinsc...@googlegroups.com

Steve Springett commented on

"When there are two high and seven medium issues, the status is Success"

That's interesting and certainly a bug. Let me to and replicate

steve.springett@owasp.org (JIRA)

unread,

Jul 10, 2019, 9:39:02 PM7/10/19

to jenkinsc...@googlegroups.com

Steve Springett assigned an issue to Steve Springett

Jenkins /

Change By:	Steve Springett
Assignee:	Steve Springett

james@howeswho.co.uk (JIRA)

unread,

Jul 11, 2019, 6:33:03 AM7/11/19

to jenkinsc...@googlegroups.com

James Howe updated an issue

Jenkins /

Change By:	James Howe
Attachment:	resultaction.xml

james@howeswho.co.uk (JIRA)

unread,

Jul 11, 2019, 6:34:02 AM7/11/19

to jenkinsc...@googlegroups.com

James Howe commented on

It doesn't appear to have saved the source xml under the job result, but attached is the ResultAction.

I'll sort out rebuilding that commit and dig it out.

james@howeswho.co.uk (JIRA)

unread,

Jul 11, 2019, 6:51:03 AM7/11/19

to jenkinsc...@googlegroups.com

James Howe commented on

I cannot trivially reproduce it either using the same commit as before (config is also the same, being via Jenkinsfile).
I have since upgraded to 5.0.1.

The build that didn't become unstable simply logged

[DependencyCheck] Collecting Dependency-Check artifact

james@howeswho.co.uk (JIRA)

unread,

Jul 11, 2019, 6:53:02 AM7/11/19

to jenkinsc...@googlegroups.com

James Howe commented on

Had a look at the code and realised the problem.

It only evaluates the gates if the previous build exists, and had compatible dependency-check results.
Instead it should always evaluate. If there are no results for the previous build it should count that as zero issues.

james@howeswho.co.uk (JIRA)

unread,

Jul 11, 2019, 6:54:01 AM7/11/19

to jenkinsc...@googlegroups.com

James Howe edited a comment on