Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

whitesourceExecuteScan creates an unnecessary MEND project on the fly for buildTool: 'docker' #4963

Open
phlvphlv opened this issue Jun 18, 2024 · 2 comments
Open

whitesourceExecuteScan creates an unnecessary MEND project on the fly for buildTool: 'docker' #4963

phlvphlv opened this issue Jun 18, 2024 · 2 comments

Comments

@phlvphlv
Copy link

We're using on our pipeline whitesourceExecuteScan step to scan the docker image with the following settings in the .pipeline/config.yaml:

  whitesourceExecuteScan:
    userTokenCredentialsId: <my-credentials-id>
    dockerConfigJsonCredentialsId: <my-dockerfile-cfg-id>
    productName: <my-product-name>
    dockerImage: <custom-sapjvm-docker-image>
    verbose: true

and with the following call in the Jenkinsfile:

whitesourceExecuteScan(script: this, buildTool: 'docker',
  projectName: "${commonPipelineEnvironment.configuration.general.applicationId}-docker",
  scanImageRegistryUrl: 'https://tenant-domain-service.common.repositories.cloud.sap',
  scanImage: "${env.PRODUCTION_IMAGE}")

It was working correctly always uploading the scan result to the fixed MEND project named and project version, however recently it uploads result to the mentioned project but also creates a new project each time time the pipeline is executed. It's clearly visible in the logs:

[2024-06-18T08:31:40.164Z] info  whitesourceExecuteScan - Product Version: '1'
[2024-06-18T08:31:40.164Z] info  whitesourceExecuteScan - Scanned projects:
[2024-06-18T08:31:40.164Z] info  whitesourceExecuteScan -   Name: 'yoda-docker - 1', token: fc70523fbf2147949162f980dc62b656dfb5e8659c604129814d0d8bd42d35ea
[2024-06-18T08:31:40.164Z] info  whitesourceExecuteScan -   Name: 'com_sap_cx_bouncers_yoda_1_21_0-20240618082449-888cfebf3116a6a86e734ae681bbe20c49e894c3 - 1', token: a6145f8a2a774c249b3c03a60833659d866455f7f18b4d22b9a3c57b5d51de47

I am not sure it is a bug or misconfiguration, I was not able to configure it properly though in a way that it only uploads the results to the fixed project overriding previous results.
@github-actions GitHub Actions
Copy link
Contributor

Thank you for your contribution! This issue is stale because it has been open 60 days with no activity. In order to keep it open, please remove stale label or add a comment within the next 10 days. If you need a Piper team member to remove the stale label make sure to add @SAP/jenkins-library-team to your comment.

@github-actions github-actions bot added the stale marks stale issues and pull requests label Aug 18, 2024
@phlawski
Copy link

bump

@github-actions github-actions bot removed the stale marks stale issues and pull requests label Aug 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phlawski @phlvphlv