[JIRA] (JENKINS-62118) Exception in nga log when do fortify SCA scan from jenkins and no vulnerbilities showing in ALM Octane pipeline

303965815@qq.com (JIRA)

unread,

Apr 30, 2020, 4:57:03 AM4/30/20

to jenkinsc...@googlegroups.com

tracy he updated an issue

Jenkins /

JENKINS-62118

Exception in nga log when do fortify SCA scan from jenkins and no vulnerbilities showing in ALM Octane pipeline

Change By:	tracy he
Summary:	Exception in nga log when do fortify SCA scan from jenkins and now no vulnerbilities showing in ALM Octane pipeline

Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

paul-adrian.tofan@microfocus.com (JIRA)

unread,

Apr 30, 2020, 12:28:03 PM4/30/20

to jenkinsc...@googlegroups.com

Paul-Adrian Tofan assigned an issue to Radi Berkovich

Jenkins /

JENKINS-62118

Exception in nga log when do fortify SCA scan from jenkins and no vulnerbilities showing in ALM Octane pipeline

Change By:	Paul-Adrian Tofan
Assignee:	Maria Narcisa Galan Radi Berkovich

Add Comment

radislav.berkovich@microfocus.com (JIRA)

unread,

May 3, 2020, 5:25:03 AM5/3/20

to jenkinsc...@googlegroups.com

Radi Berkovich assigned an issue to Daniel Shmaya

Jenkins /

JENKINS-62118

Exception in nga log when do fortify SCA scan from jenkins and no vulnerbilities showing in ALM Octane pipeline

Change By:	Radi Berkovich
Assignee:	Radi Berkovich Daniel Shmaya

Add Comment

nir.yom-tov@microfocus.com (JIRA)

unread,

May 3, 2020, 5:56:02 AM5/3/20

to jenkinsc...@googlegroups.com

nir yom tov commented on

JENKINS-62118

Re: Exception in nga log when do fortify SCA scan from jenkins and no vulnerbilities showing in ALM Octane pipeline

Hi, first , see here matrix of plugin support , octane plugin and fortify SSC plugin - and check if u'r version is there:

	fortify ssc 18.10	fortify ssc 19.1.29	fortify ssc 19.2.30
octane plugin 6.0.5 beta	works all	works all	works for Pipeline only
octane plugin 5.9.4 beta	work without Pipeline	work with Pipeline	doesn't work
octane plugin 5.9.3 beta	work without Pipeline	work without Pipeline	doesn't work

Add Comment

daniel.shmaya77@gmail.com (JIRA)

unread,

May 3, 2020, 6:03:02 AM5/3/20

to jenkinsc...@googlegroups.com

Daniel Shmaya commented on

JENKINS-62118

Re: Exception in nga log when do fortify SCA scan from jenkins and no vulnerbilities showing in ALM Octane pipeline

Looks like the vulnerabilities calculated (filtered out) from the actual result of the remote ssc return empty list.

This could happen when there is some baseline (the time that the pipeline was created or became security pipeline), and since then there were no new issues detected.

Meaning it look like issues exist but they are not calculated (as relevant) for the pipeline and so it return empty list.

Add Comment

303965815@qq.com (JIRA)

unread,

May 5, 2020, 11:54:03 PM5/5/20

to jenkinsc...@googlegroups.com

tracy he commented on

JENKINS-62118

Re: Exception in nga log when do fortify SCA scan from jenkins and no vulnerbilities showing in ALM Octane pipeline

Hello,

My octane plugin version is 6.2 and fortify ssc plugin version is 19.2.30.

Hi Daniel,

I found that if i upload from jenkins pipeline with new SSC app & version, it will show the vunerabilities in Octane. This makes me confusing. About the baseline, pipeline creation or became security pipeline, i got it, but which time it's comparing to? is it the time of issue created in Fortify SSC?

Best Regards,

Tracy

Add Comment

Reply all

Reply to author

Forward