CODEWITHSUNDEEP
jenkinsjenkins-pipelinefortify
BASH
BASH

Reputation: 1

fodPollResults (FORTIFY on demand) plugin is not working properly either in direct plugin or pipeline script mode in jenkins

We are using "fortify on-demand (FOD)" platform to scan our source code to find out any security vulnerabilities are present. We integrated the FOD with jenkins to automate the process of uploading and scanning. And we opted the pipeline script method for integration. All the process up to uploading and scanning is running fine and we are capturing policy scan status (passed or failed) also, but the pipeline script of fodPollResults is failing to fail the build when the FOD policy scan is failed. irrespective of the result of policy scan the build is getting success.

jenkins pipeline script

stage('FOD POLL') {
    steps {
           fodPollResults bsiToken: '', personalAccessToken: 'fortify_personal_access_token', policyFailureBuildResultPreference: 2, pollingInterval: 3, releaseId: '******', tenantId: '', username: ''
    }
}

Fortify on Demand Poll Results

Upvotes: 0

Views: 565

Answers (1)

user2131878
user2131878

Reputation: 161

the source code of this plugin is located here:

https://github.com/jenkinsci/fortify-on-demand-uploader-plugin/blob/master/src/main/java/org/jenkinsci/plugins/fodupload/steps/FortifyPollResults.java

and there is a bug ticket about this problem here: https://github.com/jenkinsci/fortify-on-demand-uploader-plugin/issues/118

Following workaround seems to work:

steps {
   fodPollResults ...
   script {
     if (manager.logContains('.*Scan failed established policy check.*')) {
       error("Build failed because of negative fortify policy check.")  
     }
   }
}

Upvotes: 1

Related Questions