[JIRA] (JENKINS-58660) Errors running OWASP Dependency-Check plugin cause non-obvious failures of the build

[oliver.lockwood@cantab.net (JIRA)]

Oliver Lockwood created an issue

Jenkins / JENKINS-58660 Errors running OWASP Dependency-Check plugin cause non-obvious failures of the build Issue Type: Bug Assignee: Unassigned Components: dependency-check-jenkins-plugin Created: 2019-07-25 14:33 Environment: Jenkins 2.181 Dependency-check plugin 5.2.0 Priority: Minor Reporter: Oliver Lockwood If any errors occur in the Dependency-Check plugin (i.e. the CLI tool exits with a non-zero return code) then the Jenkins build result is set to failure, as per this code https://github.com/jenkinsci/dependency-check-plugin/blob/master/src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckToolBuilder.java#L157 final boolean success = (exitCode == 0); build.setResult(success ? Result.SUCCESS : Result.FAILURE); I have two concerns with this. When this happens, it is far from obvious that the reason for the build failure is the Dependency-Check plugin.  The build may well continue and do many more stages, so parsing build output to determine the root cause is much more onerous than it needs to be. I believe it ought to be possible to configure (through plugin invocation parameters) the effect on the build of any errors running the plugin.  For example, it may be more appropriate to make the build UNSTABLE, or even not to affect the result at all (depending on the exact use case and convention).  Given that Jenkins doesn't allow you to "improve" the build status after it's already been set to a given level (in this case FAILURE) then no workaround is possible (except to reinvent the wheel by downloading and running the CLI in a customised manner). Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)