[JIRA] (JENKINS-40251) Dependency Check trend graphs and related values are not shown

19 views
Skip to first unread message

tilmann.haak@xing.com (JIRA)

unread,
Dec 6, 2016, 5:56:01 AM12/6/16
to jenkinsc...@googlegroups.com
Tilmann Haak created an issue
 
Jenkins / Bug JENKINS-40251
Dependency Check trend graphs and related values are not shown
Issue Type: Bug Bug
Assignee: Unassigned
Attachments: dc-trend-graphs-missing-2016-12-06.png
Components: dependency-check-jenkins-plugin
Created: 2016/Dec/06 10:55 AM
Environment: Jenkins ver. 2.19.4, dependency-check-plugin ver. 1.4.4, Ubuntu 16.04.1 LTS
Priority: Minor Minor
Reporter: Tilmann Haak

The Dependency-Check warnings trend graphs (new vs. fixed, priority distribution, priority distribution) are not shown. Instead an error message is shown:

There are no results available. Did you enable the plug-in in the jobs that are part of this view?

The findings (Total, High, Normal, Low) are not shown in the "Dependency-Check warnings per project" portlet.

Additionally the "Trend graph" config option in post build step "Publish OWASP Dependency-Check analysis results" leads to a broken link "/view/OWASP%20Dependency%20Check/job/dependency-check-test/dependency-check/configureDefaults" (You can define the default values for the trend graph in a separate view.).

This issue should be reproducible with a fresh Jenkins install (2.19.4) and the dependency-check-plugin (1.4.4) installed via the Plugin Manager.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
Atlassian logo

tilmann.haak@xing.com (JIRA)

unread,
Dec 6, 2016, 7:24:01 AM12/6/16
to jenkinsc...@googlegroups.com
Tilmann Haak updated an issue
Change By: Tilmann Haak
Attachment: dc-trend-graphs-missing-2016-12-06.png

tilmann.haak@xing.com (JIRA)

unread,
Dec 6, 2016, 7:24:01 AM12/6/16
to jenkinsc...@googlegroups.com

tilmann.haak@xing.com (JIRA)

unread,
Dec 6, 2016, 7:31:02 AM12/6/16
to jenkinsc...@googlegroups.com
Tilmann Haak updated an issue
The Dependency-Check warnings trend graphs (new vs. fixed, priority distribution, priority distribution) are not shown. Instead an error message is shown:

{quote}

There are no results available. Did you enable the plug-in in the jobs that are part of this view?
{quote}

!dc-trend-graphs-missing-2016-12-06.png|thumbnail!

The findings (Total, High, Normal, Low) are not shown in the "Dependency-Check warnings per project" portlet.

Additionally the "Trend graph" config option in post build step "Publish OWASP Dependency-Check analysis results" leads to a broken link (404) "/view/OWASP%20Dependency%20Check/job/dependency-check-test/dependency-check/configureDefaults" (You can define the default values for the trend graph in a separate view.).


This issue should be reproducible with a fresh Jenkins install (2.19.4) and the dependency-check-plugin (1.4.4) installed via the Plugin Manager.

steve.springett@owasp.org (JIRA)

unread,
Dec 9, 2016, 5:16:01 PM12/9/16
to jenkinsc...@googlegroups.com
Steve Springett assigned an issue to Steve Springett
Change By: Steve Springett
Assignee: Steve Springett

tilmann.haak@xing.com (JIRA)

unread,
Dec 13, 2016, 5:00:01 AM12/13/16
to jenkinsc...@googlegroups.com
Tilmann Haak updated an issue
Change By: Tilmann Haak
Attachment: JENKINS-40251_config.xml

tilmann.haak@xing.com (JIRA)

unread,
Dec 13, 2016, 5:00:02 AM12/13/16
to jenkinsc...@googlegroups.com
Tilmann Haak updated an issue
Change By: Tilmann Haak
Attachment: JENKINS-40251_pluginresults.png

tilmann.haak@xing.com (JIRA)

unread,
Dec 13, 2016, 5:03:01 AM12/13/16
to jenkinsc...@googlegroups.com
Tilmann Haak commented on Bug JENKINS-40251
 
Re: Dependency Check trend graphs and related values are not shown

I've just noticed that the number of findings is correctly displayed on the job's plugin results page:

Unable to render embedded object: File (JENKINS-40251_pluginresults.png) not found.

The job configuration is also attached to this issue:

tilmann.haak@xing.com (JIRA)

unread,
Dec 13, 2016, 5:05:01 AM12/13/16
to jenkinsc...@googlegroups.com
Tilmann Haak edited a comment on Bug JENKINS-40251
I've just noticed that the number of findings is correctly displayed on the job's plugin results page:

!JENKINS- 40251_pluginresults 40251-pluginresults .png|thumbnail!

The job configuration is also attached to this issue:

*  [^JENKINS-40251_config.xml]

tilmann.haak@xing.com (JIRA)

unread,
Dec 13, 2016, 5:05:01 AM12/13/16
to jenkinsc...@googlegroups.com
Tilmann Haak updated an issue
Change By: Tilmann Haak
Attachment: JENKINS-40251-pluginresults.png

tilmann.haak@xing.com (JIRA)

unread,
Dec 13, 2016, 5:07:01 AM12/13/16
to jenkinsc...@googlegroups.com
Tilmann Haak edited a comment on Bug JENKINS-40251
I've just noticed that the number of findings is correctly displayed on the job's plugin results page:

!JENKINS-40251-pluginresults.png|thumbnail!


The job configuration is also attached to this issue:

*  [^JENKINS-40251_config.xml]

tilmann.haak@xing.com (JIRA)

unread,
Dec 13, 2016, 5:07:01 AM12/13/16
to jenkinsc...@googlegroups.com
Tilmann Haak updated an issue
Change By: Tilmann Haak
Attachment: JENKINS-40251_pluginresults.png

tilmann.haak@xing.com (JIRA)

unread,
Dec 13, 2016, 5:08:02 AM12/13/16
to jenkinsc...@googlegroups.com
Tilmann Haak edited a comment on Bug JENKINS-40251
I've just noticed that the number of findings is correctly displayed on the job's plugin results page:
! * https://issues.jenkins-ci.org/secure/attachment/35153/ JENKINS-40251-pluginresults.png |thumbnail!

The job configuration is also attached to this issue:

*  [^JENKINS-40251_config.xml]

frank.zoontjens@cdl.co.uk (JIRA)

unread,
Dec 13, 2016, 5:27:02 AM12/13/16
to jenkinsc...@googlegroups.com

I have using both the Jenkins plugin version 1.4.4 as Tilmann has configured, and a Gradle job using 'org.owasp:dependency-check-gradle:1.4.3' . Both indeed produce the correct findings, just similiar like Tilmann shows. Both the Trend graph has disappeared after the upgrade to 1.4.4.

When I upgraded to 1.4.4, also the Static Analysis Utilities 1.80 was installed. In the meantime I upgraded 1.81, and upgraded Dash Board View to 2.9.10 .
I am watching Static Analysis Utilities issues, because I think the problem is caused there.

steve.springett@owasp.org (JIRA)

unread,
Dec 13, 2016, 11:35:03 AM12/13/16
to jenkinsc...@googlegroups.com

The plugin requires analysis-core 1.79. An update to 1.80 or 1.81 has not been tested. At the time DC 1.4.4 was released, analysis-core 1.79 was the latest.

Was 1.80 updated because it's used by other analysis plugins (FindBugs, PMD, Checkstyle, etc)?
Does the DC plugin work if you downgrade analysis core back to 1.79?

There seems to be a lot of changes in analysis-core between 1.79 and 1.81, including many changes to method signatures and graphs. Changes here:
https://github.com/jenkinsci/analysis-core-plugin/compare/0a94e23...8a5ad2c

frank.zoontjens@cdl.co.uk (JIRA)

unread,
Dec 14, 2016, 4:58:01 AM12/14/16
to jenkinsc...@googlegroups.com

Will downgrade overnight to 1.80. And the night after to 1.79.

Btw, we also have Jenkins 2.19.4 .

tilmann.haak@xing.com (JIRA)

unread,
Dec 15, 2016, 2:34:03 AM12/15/16
to jenkinsc...@googlegroups.com
Tilmann Haak updated an issue
Change By: Tilmann Haak
Attachment: JENKINS-40251_static-analysis-179.png

tilmann.haak@xing.com (JIRA)

unread,
Dec 15, 2016, 2:35:01 AM12/15/16
to jenkinsc...@googlegroups.com
Tilmann Haak commented on Bug JENKINS-40251
 
Re: Dependency Check trend graphs and related values are not shown

I've downgraded analysis-core to version 1.79. The graphs show up again.

Unable to render embedded object: File (JENKINS-40251_static-analysis-179.png) not found.

tilmann.haak@xing.com (JIRA)

unread,
Dec 15, 2016, 2:36:01 AM12/15/16
to jenkinsc...@googlegroups.com
Tilmann Haak edited a comment on Bug JENKINS-40251
I've downgraded analysis-core to version 1.79. The graphs show up again.

* https://issues.jenkins-ci.org/secure/ thumbnail attachment /35183/ _thumb_35183 JENKINS-40251_static-analysis-179 .png

tilmann.haak@xing.com (JIRA)

unread,
Dec 15, 2016, 2:36:01 AM12/15/16
to jenkinsc...@googlegroups.com
Tilmann Haak edited a comment on Bug JENKINS-40251
I've downgraded analysis-core to version 1.79. The graphs show up again.
!JENKINS * https://issues.jenkins - 40251_static-analysis-179 ci . png| org/secure/ thumbnail ! /35183/_thumb_35183.png

tilmann.haak@xing.com (JIRA)

unread,
Dec 15, 2016, 2:38:03 AM12/15/16
to jenkinsc...@googlegroups.com
Tilmann Haak updated an issue
Change By: Tilmann Haak
Attachment: JENKINS-40251_static-analysis-179.png

tilmann.haak@xing.com (JIRA)

unread,
Dec 15, 2016, 2:38:03 AM12/15/16
to jenkinsc...@googlegroups.com

tilmann.haak@xing.com (JIRA)

unread,
Dec 15, 2016, 2:39:01 AM12/15/16
to jenkinsc...@googlegroups.com
Tilmann Haak edited a comment on Bug JENKINS-40251
I've downgraded analysis-core to version 1.79. The graphs show up again.

* https://issues.jenkins-ci.org/secure/attachment/ 35183 35184 /JENKINS-40251_static-analysis-179.png

tilmann.haak@xing.com (JIRA)

unread,
Dec 15, 2016, 5:43:01 AM12/15/16
to jenkinsc...@googlegroups.com
Tilmann Haak edited a comment on Bug JENKINS-40251
I've downgraded analysis-core to version 1.79. The graphs show shows up again.

* https://issues.jenkins-ci.org/secure/attachment/35184/JENKINS-40251_static-analysis-179.png

frank.zoontjens@cdl.co.uk (JIRA)

unread,
Dec 16, 2016, 5:17:02 AM12/16/16
to jenkinsc...@googlegroups.com

Indeed, the Trend Graph shows up with Static Analysis Utilities 1.79, for both the Jenkins plugin and the Gradle job.

frank.zoontjens@cdl.co.uk (JIRA)

unread,
Dec 16, 2016, 5:19:01 AM12/16/16
to jenkinsc...@googlegroups.com
Frank Zoontjens edited a comment on Bug JENKINS-40251
Indeed, the Trend Graph shows up with Static Analysis Utilities 1.79, for both the Jenkins plugin and the Gradle job.


So I guess this issue should be moved to the analysis-core, because it does not seem to be a issue for this plugin  

frank.zoontjens@cdl.co.uk (JIRA)

unread,
Dec 16, 2016, 5:24:03 AM12/16/16
to jenkinsc...@googlegroups.com
Frank Zoontjens edited a comment on Bug JENKINS-40251
Indeed, the Trend Graph shows up with Static Analysis Utilities 1.79, for both the Jenkins plugin and the Gradle job.

So I guess this issue should be moved to the analysis-core, because it does not seem to be a issue for this dependency-check-jenkins- plugin    .

r.oosterholt@gmail.com (JIRA)

unread,
Jan 6, 2017, 3:52:01 AM1/6/17
to jenkinsc...@googlegroups.com

Has anyone filed a bug on the analysis-core-plugin?
This issue is still reproducible with dependency-check 1.4.4, Jenkins 2.39 and analysis-core-plugin 1.81.

frank.zoontjens@cdl.co.uk (JIRA)

unread,
Jan 6, 2017, 4:50:01 AM1/6/17
to jenkinsc...@googlegroups.com

I am not sure it is analysis-core-plugin. It could be also Jacoco.

There is just a fix out for Jacoco https://issues.jenkins-ci.org/browse/JENKINS-36536

scm_issue_link@java.net (JIRA)

unread,
Jan 9, 2017, 12:35:02 AM1/9/17
to jenkinsc...@googlegroups.com

Code changed in jenkins
User: stevespringett
Path:
pom.xml
src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckDetailBuilder.java
src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckProjectAction.java
src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckPublisher.java
src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckResult.java
src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckResultAction.java
src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckTabDetail.java
http://jenkins-ci.org/commit/dependency-check-plugin/dad7446fc58d6c3ea22a5f4d2e2a52886178a7b5
Log:
Updated version to 1.4.5-SNAPSHOT. Merged in changes since PMD fork syncing the DC plugin up with master. Analysis core 1.80 changed trending graph behavior. Deprecated methods did not work. Changes from https://github.com/jenkinsci/pmd-plugin/commit/3fda8ed3752bc5404f936c1e65ee9c37e3ea13b0 migrated to DC plujgin resolved issue. Updated analysis core to 1.80. This resolves JENKINS-40251

steve.springett@owasp.org (JIRA)

unread,
Jan 9, 2017, 12:36:02 AM1/9/17
to jenkinsc...@googlegroups.com
Steve Springett started work on Bug JENKINS-40251
 
Change By: Steve Springett
Status: Open In Progress

steve.springett@owasp.org (JIRA)

unread,
Jan 9, 2017, 12:36:02 AM1/9/17
to jenkinsc...@googlegroups.com
Steve Springett resolved as Fixed
 

Issue has been resolved and will be included in 1.4.5.
Change By: Steve Springett
Status: In Progress Resolved
Resolution: Fixed

r.oosterholt@gmail.com (JIRA)

unread,
Jan 18, 2017, 7:40:02 AM1/18/17
to jenkinsc...@googlegroups.com

steve.springett@owasp.org (JIRA)

unread,
Jan 18, 2017, 9:35:02 AM1/18/17
to jenkinsc...@googlegroups.com

That's an excellent question best asked in the Dependency-Check discussion group https://groups.google.com/forum/#!forum/dependency-check

The release of the Jenkins plugin occurs at the same time as the rest of the Dependency-Check modules.

steve.springett@owasp.org (JIRA)

unread,
Jan 24, 2017, 8:03:02 PM1/24/17
to jenkinsc...@googlegroups.com
Steve Springett closed an issue as Fixed
 

v1.4.5 released that resolves issue. Closing ticket.
Change By: Steve Springett
Status: Resolved Closed

r.oosterholt@gmail.com (JIRA)

unread,
Sep 5, 2019, 3:14:05 AM9/5/19
to jenkinsc...@googlegroups.com
Rick Oosterholt reopened an issue
Change By: Rick Oosterholt
Resolution: Fixed
Status: Closed Reopened
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

r.oosterholt@gmail.com (JIRA)

unread,
Sep 5, 2019, 3:14:06 AM9/5/19
to jenkinsc...@googlegroups.com
Rick Oosterholt commented on Bug JENKINS-40251
 
Re: Dependency Check trend graphs and related values are not shown

Reopened because the latest 5.x release broke the dependency check portlet again.

steve.springett@owasp.org (JIRA)

unread,
Sep 5, 2019, 9:56:06 AM9/5/19
to jenkinsc...@googlegroups.com

Rick Oosterholt this was reported against a codebase which is no longer supported. A ticket already exists for the new codebase. 

steve.springett@owasp.org (JIRA)

unread,
Sep 5, 2019, 9:56:07 AM9/5/19
to jenkinsc...@googlegroups.com
Steve Springett closed an issue as Done
 
Change By: Steve Springett
Status: Reopened Closed
Resolution: Done

r.oosterholt@gmail.com (JIRA)

unread,
Sep 5, 2019, 10:01:04 AM9/5/19
to jenkinsc...@googlegroups.com
Rick Oosterholt commented on Bug JENKINS-40251
 
Re: Dependency Check trend graphs and related values are not shown

Would you be so kind to add a comment with a link to the new-codebase-issue?

steve.springett@owasp.org (JIRA)

unread,
Sep 5, 2019, 11:00:03 AM9/5/19
to jenkinsc...@googlegroups.com

r.oosterholt@gmail.com (JIRA)

unread,
Sep 6, 2019, 3:03:03 AM9/6/19
to jenkinsc...@googlegroups.com

None of the tickets above concern the portlet. Should this ticket be reopen or should I create a new ticket for the dependency check portlet bug?

steve.springett@owasp.org (JIRA)

unread,
Sep 6, 2019, 10:06:03 AM9/6/19
to jenkinsc...@googlegroups.com

If you’re referring to the trend graph, there are tickets for that. If you’re referring to the dashboard plugin compatibility, it was intentionally omitted from the v5 rewrite as it wasn’t considered required for MVP.
Reply all
Reply to author
Forward
0 new messages