stackoom
  简体   繁体   中英

Issue while integration of IBM Application Security on Cloud (ASoC) with Jenkins

 原文  2018-01-03 09:36:16       jenkins/ jenkins-plugins/ bluemix-app-scan

Question

I am trying to integrate the IBM Application Security on Cloud (ASoC) with Jenkins by using the "IBM Application Security on Cloud Plugin". I have successfully installed Plugin in Jenkins and restarted Jenkins.

While adding "Run Security Test" build step details in a job, after selecting Credentials (as defined on Jenkins Credentials page), I'm getting an empty list in Application drop-down and don't know reason for that.

Note: 1. As a pre-requisite, I have created an application in the IBM Application Security on Cloud. 2. I have added ASOC API credentials in Jenkins Credential page by generating key id and secret key from ASOC app. 3. I'm using trial version of ASoC found on IBM Marketplace.

Below are the Jenkins Err logs: 

Jan 02, 2018 9:32:06 PM org.eclipse.jetty.util.log.JavaUtilLog warn 
WARNING: Error while serving http://<server>:<port>/view/IBM-
ASOC/job/Jenkins_IBM-ASOC_Integration/descriptorByName/ 
com.ibm.appscan.jenkins.plugin.scanners.DynamicAnalyzer/fillPresenceIdItems 
java.lang.reflect.InvocationTargetException 
at org.kohsuke.stapler.Function$MethodFunction.invoke( Function.java:347) 
at org.kohsuke.stapler.Function.bindAndInvoke( Function.java:184) 
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse( Function.java:117) 
at org.kohsuke.stapler.MetaClass$1.doDispatch( MetaClass.java:129) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.MetaClass$5.doDispatch( MetaClass.java:248) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.MetaClass$5.doDispatch( MetaClass.java:248) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.MetaClass$5.doDispatch( MetaClass.java:248) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:649) 
at org.kohsuke.stapler.Stapler.service( Stapler.java:238) 
at javax.servlet.http.HttpServlet.service( HttpServlet.java:790) 
at org.eclipse.jetty.servlet.ServletHolder.handle( ServletHolder.java:812) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1669) 
at hudson.util.PluginServletFilter$1.doFilter( PluginServletFilter.java:135) 
at hudson.util.PluginServletFilter.doFilter( PluginServletFilter.java:138) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at  hudson.security.csrf.CrumbFilter.doFilter( CrumbFilter.java:80) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:84) 
at  hudson.security.UnwrapSecurityExceptionFilter.doFilter( UnwrapSecurityExceptionFilter.java:51) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at  jenkins.security.ExceptionTranslationFilter.doFilter( ExceptionTranslationFilter.java:117) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter( AnonymousProcessingFilter.java:125) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter( RememberMeProcessingFilter.java:142) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter( AbstractProcessingFilter.java:271) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at  jenkins.security.BasicHeaderProcessor.doFilter( BasicHeaderProcessor.java:92) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter( HttpSessionContextIntegrationFilter.java:249) 
at  hudson.security.HttpSessionContextIntegrationFilter2.doFilter( HttpSessionContextIntegrationFilter2.java:67) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at  hudson.security.ChainedServletFilter.doFilter( ChainedServletFilter.java:90) 
at  hudson.security.HudsonFilter.doFilter( HudsonFilter.java:171) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at org.kohsuke.stapler.compression.CompressionFilter.doFilter( CompressionFilter.java:49) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at hudson.util.CharacterEncodingFilter.doFilter( CharacterEncodingFilter.java:82) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter( DiagnosticThreadNameFilter.java:30) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at org.eclipse.jetty.servlet.ServletHandler.doHandle( ServletHandler.java:585) 
at org.eclipse.jetty.server.handler.ScopedHandler.handle( ScopedHandler.java:143) 
at  org.eclipse.jetty.security.SecurityHandler.handle( SecurityHandler.java:553) 
at org.eclipse.jetty.server.session.SessionHandler.doHandle( SessionHandler.java:223) 
at org.eclipse.jetty.server.handler.ContextHandler.doHandle( ContextHandler.java:1127) 
at org.eclipse.jetty.servlet.ServletHandler.doScope( ServletHandler.java:515) 
at org.eclipse.jetty.server.session.SessionHandler.doScope( SessionHandler.java:185) 
at org.eclipse.jetty.server.handler.ContextHandler.doScope( ContextHandler.java:1061) 
at org.eclipse.jetty.server.handler.ScopedHandler.handle( ScopedHandler.java:141) 
at org.eclipse.jetty.server.handler.HandlerWrapper.handle( HandlerWrapper.java:97) 
at org.eclipse.jetty.server.Server.handle( Server.java:499) 
at org.eclipse.jetty.server.HttpChannel.handle( HttpChannel.java:311) 
at org.eclipse.jetty.server.HttpConnection.onFillable( HttpConnection.java:257) 
at  org.eclipse.jetty.io.AbstractConnection$ 2.run( AbstractConnection.java:544) 
at winstone.BoundedExecutorService$ 1.run( BoundedExecutorService.java:77) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
at java.util.concurrent.ThreadPoolExecutor$ Worker.run(Unknown Source) 
at  java.lang.Thread.run(Unknown Source) 
Caused by: java.lang.NullPointerException 
at com.hcl.appscan.sdk.http.HttpResponse.getHttpResponseBody( HttpResponse.java:124) 
at com.hcl.appscan.sdk.http.HttpResponse.hasResponseBody( HttpResponse.java:109) 
at com.hcl.appscan.sdk.http.HttpResponse.getResponseBodyAsJSON( HttpResponse.java:79) 
at com.hcl.appscan.sdk.presence.CloudPresenceProvider.handleError( CloudPresenceProvider.java:168) 
at com.hcl.appscan.sdk.presence.CloudPresenceProvider.loadPresences( CloudPresenceProvider.java:159) 
at com.hcl.appscan.sdk.presence.CloudPresenceProvider.getPresences( CloudPresenceProvider.java:45) 
at  com.ibm.appscan.jenkins.plugin.scanners.DynamicAnalyzer$DescriptorImpl.doFillPresenceIdItems( DynamicAnalyzer.java:120) 
at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) 
at org.kohsuke.stapler.Function$MethodFunction.invoke( Function.java:343)

2 answers

solution1
 0  2018-08-22 14:11:57

I had exactly the same issue.

I resolved it by stopping and restarting Jenkins.

After that my application was appearing in the drop-down.

solution2
 0  2018-09-25 18:01:34

Looking at your error log, notice the error about "presence". This is important because ASoC needs access to your application especially if its behind firewalls or you are testing an internal app. Moreover, you will need to configure your app-presence on a server. Appscan-presence is required to talk to your application and then ASoC for job scans. With your appscan presence configured, you then will have the option to select apps from your "Applications" dropdown.

在此处输入图片说明

Additionally, you may need to edit your Jenkins LMR file to make sure it is configured with ASoC's jenkins plugin. Here, I have had issues with configuring a proxy, if your app is internal.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Integration Jira Cloud with Jenkins Jenkins-Git Integration issue while connecting to repository issue in jenkins integration with git jenkins integration with maven issue Jira Jenkins Integration | Issue Id Issue with jenkins security Jenkins Integration with Jira issue Jenkins Git integration issue Jenkins - Gitlab Integration Issue Jenkins - IBM UrbanCode - AWS & Azure cloud
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM