OWASP Dependency Tracker - Jenkins 构建错误
OWASP Dependency Tracker - Jenkins build error
我在测试 OWASP Dependency Tracker 与 Jenkins 构建的集成时遇到 403 Forbidden 错误。
[DependencyTrack] Publishing artifact to Dependency-Track - http://localhost:8080
[DependencyTrack] The artifact was successfully published - 9812e933-6bc1-4453-951f-9a75a7d693d4
[DependencyTrack] Polling Dependency-Track for BOM processing status
[DependencyTrack] Processing findings
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
org.jenkinsci.plugins.DependencyTrack.ApiClientException: An error occurred while retrieving findings - HTTP response code: 403 Forbidden
at org.jenkinsci.plugins.DependencyTrack.ApiClient.getFindings(ApiClient.java:95)
Caused: org.jenkinsci.plugins.DependencyTrack.ApiClientException: An error occurred while retrieving findings
at org.jenkinsci.plugins.DependencyTrack.ApiClient.getFindings(ApiClient.java:98)
at org.jenkinsci.plugins.DependencyTrack.DependencyTrackPublisher.perform(DependencyTrackPublisher.java:230)
at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:80)
at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:67)
at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start[=10=](SynchronousNonBlockingStepExecution.java:47)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Finished: FAILURE
詹金斯文件
pipeline {
agent any
stages {
stage ('Build') {
steps {
sh 'mvn clean package'
}
}
stage ('Generate BOM') {
steps {
sh 'mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom'
}
}
stage ('Dependency Tracker') {
steps {
dependencyTrackPublisher artifact: 'target/bom.xml', projectId: '9812e933-6bc1-4453-951f-9a75a7d693d4', synchronous: true
}
}
}
}
依赖跟踪器 Jenkins 插件已使用 ApiKey 正确配置
我是否遗漏了任何其他配置?请提出建议。
我能够通过为 Jenkins 使用的令牌分配 VULNERABILITY_ANALYSIS 权限来解决问题
可以使用 Administration -> Access Management -> Teams 菜单选项
访问令牌及其权限
我在测试 OWASP Dependency Tracker 与 Jenkins 构建的集成时遇到 403 Forbidden 错误。
[DependencyTrack] Publishing artifact to Dependency-Track - http://localhost:8080
[DependencyTrack] The artifact was successfully published - 9812e933-6bc1-4453-951f-9a75a7d693d4
[DependencyTrack] Polling Dependency-Track for BOM processing status
[DependencyTrack] Processing findings
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
org.jenkinsci.plugins.DependencyTrack.ApiClientException: An error occurred while retrieving findings - HTTP response code: 403 Forbidden
at org.jenkinsci.plugins.DependencyTrack.ApiClient.getFindings(ApiClient.java:95)
Caused: org.jenkinsci.plugins.DependencyTrack.ApiClientException: An error occurred while retrieving findings
at org.jenkinsci.plugins.DependencyTrack.ApiClient.getFindings(ApiClient.java:98)
at org.jenkinsci.plugins.DependencyTrack.DependencyTrackPublisher.perform(DependencyTrackPublisher.java:230)
at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:80)
at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:67)
at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start[=10=](SynchronousNonBlockingStepExecution.java:47)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Finished: FAILURE
詹金斯文件
pipeline {
agent any
stages {
stage ('Build') {
steps {
sh 'mvn clean package'
}
}
stage ('Generate BOM') {
steps {
sh 'mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom'
}
}
stage ('Dependency Tracker') {
steps {
dependencyTrackPublisher artifact: 'target/bom.xml', projectId: '9812e933-6bc1-4453-951f-9a75a7d693d4', synchronous: true
}
}
}
}
依赖跟踪器 Jenkins 插件已使用 ApiKey 正确配置
我是否遗漏了任何其他配置?请提出建议。
我能够通过为 Jenkins 使用的令牌分配 VULNERABILITY_ANALYSIS 权限来解决问题
可以使用 Administration -> Access Management -> Teams 菜单选项