CODEWITHSUNDEEP
jenkinsjenkins-pluginsbluemix-app-scan
rock
rock

Reputation: 55

Issue while integration of IBM Application Security on Cloud (ASoC) with Jenkins

I am trying to integrate the IBM Application Security on Cloud (ASoC) with Jenkins by using the "IBM Application Security on Cloud Plugin". I have successfully installed Plugin in Jenkins and restarted Jenkins.

While adding "Run Security Test" build step details in a job, after selecting Credentials (as defined on Jenkins Credentials page), I'm getting an empty list in Application drop-down and don't know reason for that.

Note: 1. As a pre-requisite, I have created an application in the IBM Application Security on Cloud. 2. I have added ASOC API credentials in Jenkins Credential page by generating key id and secret key from ASOC app. 3. I'm using trial version of ASoC found on IBM Marketplace.

Below are the Jenkins Err logs:

Jan 02, 2018 9:32:06 PM org.eclipse.jetty.util.log.JavaUtilLog warn 
WARNING: Error while serving http://<server>:<port>/view/IBM-
ASOC/job/Jenkins_IBM-ASOC_Integration/descriptorByName/ 
com.ibm.appscan.jenkins.plugin.scanners.DynamicAnalyzer/fillPresenceIdItems 
java.lang.reflect.InvocationTargetException 
at org.kohsuke.stapler.Function$MethodFunction.invoke( Function.java:347) 
at org.kohsuke.stapler.Function.bindAndInvoke( Function.java:184) 
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse( Function.java:117) 
at org.kohsuke.stapler.MetaClass$1.doDispatch( MetaClass.java:129) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.MetaClass$5.doDispatch( MetaClass.java:248) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.MetaClass$5.doDispatch( MetaClass.java:248) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.MetaClass$5.doDispatch( MetaClass.java:248) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:649) 
at org.kohsuke.stapler.Stapler.service( Stapler.java:238) 
at javax.servlet.http.HttpServlet.service( HttpServlet.java:790) 
at org.eclipse.jetty.servlet.ServletHolder.handle( ServletHolder.java:812) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1669) 
at hudson.util.PluginServletFilter$1.doFilter( PluginServletFilter.java:135) 
at hudson.util.PluginServletFilter.doFilter( PluginServletFilter.java:138) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at  hudson.security.csrf.CrumbFilter.doFilter( CrumbFilter.java:80) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:84) 
at  hudson.security.UnwrapSecurityExceptionFilter.doFilter( UnwrapSecurityExceptionFilter.java:51) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at  jenkins.security.ExceptionTranslationFilter.doFilter( ExceptionTranslationFilter.java:117) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter( AnonymousProcessingFilter.java:125) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter( RememberMeProcessingFilter.java:142) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter( AbstractProcessingFilter.java:271) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at  jenkins.security.BasicHeaderProcessor.doFilter( BasicHeaderProcessor.java:92) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter( HttpSessionContextIntegrationFilter.java:249) 
at  hudson.security.HttpSessionContextIntegrationFilter2.doFilter( HttpSessionContextIntegrationFilter2.java:67) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at  hudson.security.ChainedServletFilter.doFilter( ChainedServletFilter.java:90) 
at  hudson.security.HudsonFilter.doFilter( HudsonFilter.java:171) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at org.kohsuke.stapler.compression.CompressionFilter.doFilter( CompressionFilter.java:49) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at hudson.util.CharacterEncodingFilter.doFilter( CharacterEncodingFilter.java:82) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter( DiagnosticThreadNameFilter.java:30) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at org.eclipse.jetty.servlet.ServletHandler.doHandle( ServletHandler.java:585) 
at org.eclipse.jetty.server.handler.ScopedHandler.handle( ScopedHandler.java:143) 
at  org.eclipse.jetty.security.SecurityHandler.handle( SecurityHandler.java:553) 
at org.eclipse.jetty.server.session.SessionHandler.doHandle( SessionHandler.java:223) 
at org.eclipse.jetty.server.handler.ContextHandler.doHandle( ContextHandler.java:1127) 
at org.eclipse.jetty.servlet.ServletHandler.doScope( ServletHandler.java:515) 
at org.eclipse.jetty.server.session.SessionHandler.doScope( SessionHandler.java:185) 
at org.eclipse.jetty.server.handler.ContextHandler.doScope( ContextHandler.java:1061) 
at org.eclipse.jetty.server.handler.ScopedHandler.handle( ScopedHandler.java:141) 
at org.eclipse.jetty.server.handler.HandlerWrapper.handle( HandlerWrapper.java:97) 
at org.eclipse.jetty.server.Server.handle( Server.java:499) 
at org.eclipse.jetty.server.HttpChannel.handle( HttpChannel.java:311) 
at org.eclipse.jetty.server.HttpConnection.onFillable( HttpConnection.java:257) 
at  org.eclipse.jetty.io.AbstractConnection$ 2.run( AbstractConnection.java:544) 
at winstone.BoundedExecutorService$ 1.run( BoundedExecutorService.java:77) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
at java.util.concurrent.ThreadPoolExecutor$ Worker.run(Unknown Source) 
at  java.lang.Thread.run(Unknown Source) 
Caused by: java.lang.NullPointerException 
at com.hcl.appscan.sdk.http.HttpResponse.getHttpResponseBody( HttpResponse.java:124) 
at com.hcl.appscan.sdk.http.HttpResponse.hasResponseBody( HttpResponse.java:109) 
at com.hcl.appscan.sdk.http.HttpResponse.getResponseBodyAsJSON( HttpResponse.java:79) 
at com.hcl.appscan.sdk.presence.CloudPresenceProvider.handleError( CloudPresenceProvider.java:168) 
at com.hcl.appscan.sdk.presence.CloudPresenceProvider.loadPresences( CloudPresenceProvider.java:159) 
at com.hcl.appscan.sdk.presence.CloudPresenceProvider.getPresences( CloudPresenceProvider.java:45) 
at  com.ibm.appscan.jenkins.plugin.scanners.DynamicAnalyzer$DescriptorImpl.doFillPresenceIdItems( DynamicAnalyzer.java:120) 
at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) 
at org.kohsuke.stapler.Function$MethodFunction.invoke( Function.java:343)

Upvotes: 0

Views: 471

Answers (2)

geforceGTX480
geforceGTX480

Reputation: 46

Looking at your error log, notice the error about "presence". This is important because ASoC needs access to your application especially if its behind firewalls or you are testing an internal app. Moreover, you will need to configure your app-presence on a server. Appscan-presence is required to talk to your application and then ASoC for job scans. With your appscan presence configured, you then will have the option to select apps from your "Applications" dropdown.

enter image description here

Additionally, you may need to edit your Jenkins LMR file to make sure it is configured with ASoC's jenkins plugin. Here, I have had issues with configuring a proxy, if your app is internal.

Upvotes: 0

Greg
Greg

Reputation: 5

I had exactly the same issue.

I resolved it by stopping and restarting Jenkins.

After that my application was appearing in the drop-down.

Upvotes: 0

Related Questions