Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33603

SourceControl Type is not supported

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Not A Defect
    • Component/s: checkmarx-plugin
    • Labels:
      None
    • Environment:
      Jenkins LTS v1.642.2 (Ubuntu master)
      Checkmarx plugin v8.0.0
    • Similar Issues:

      Description

      If you use Jenkins to trigger a scan that is configured to pull code from Source Control, it will always fail. The plugin will still attempt to zip up the workspace, and will fail with errors becuase there are no files to zip and submit.

      I think the plugin should check to see if the prohect's .SrcCodeSettings.SourceOrigin == SourceLocationType.SourceControl, and skip the zip process if true.

        Attachments

          Activity

          Hide
          sergeyk Sergey Kadaner added a comment - - edited

          Can you elaborate about your Job configuration?

          In general Jenkins pulls sources from Source Control to workspace and the plugin takes them from there.

          Show
          sergeyk Sergey Kadaner added a comment - - edited Can you elaborate about your Job configuration? In general Jenkins pulls sources from Source Control to workspace and the plugin takes them from there.
          Hide
          elordahl Eric Lordahl added a comment -

          In my checkmarx project configuration, I am using "Source Control" for location. In this configuration, checkmarx appears to connect to source-control and pull the code directly.

          My thinking was this prevents the need for zipping and submitting the source to Checkmarx, and might save a few minutes during the Jenkins job. Jenkins just becomes the trigger, and the place to grab results/reports.

          Show
          elordahl Eric Lordahl added a comment - In my checkmarx project configuration, I am using "Source Control" for location. In this configuration, checkmarx appears to connect to source-control and pull the code directly. My thinking was this prevents the need for zipping and submitting the source to Checkmarx, and might save a few minutes during the Jenkins job. Jenkins just becomes the trigger, and the place to grab results/reports.
          Hide
          checkmarxsupport Checkmarx Support added a comment -

          Hi Eric,

          In order to scan code from GIT using Jenkins plugin you would need to fetch the code using GIT plugin in jenkins.
          That would clone the source to jenkins workspace and will upload it to checkmarx server when initiating the scan.

          Show
          checkmarxsupport Checkmarx Support added a comment - Hi Eric, In order to scan code from GIT using Jenkins plugin you would need to fetch the code using GIT plugin in jenkins. That would clone the source to jenkins workspace and will upload it to checkmarx server when initiating the scan.
          Hide
          checkmarxsupport Checkmarx Support added a comment -

          Hi Eric,
          In order to scan code from GIT using Jenkins plugin you would need to fetch the code using GIT plugin in jenkins.
          That would clone the source to jenkins workspace and will upload it to checkmarx server when initiating the scan.

          Show
          checkmarxsupport Checkmarx Support added a comment - Hi Eric, In order to scan code from GIT using Jenkins plugin you would need to fetch the code using GIT plugin in jenkins. That would clone the source to jenkins workspace and will upload it to checkmarx server when initiating the scan.
          Hide
          elordahl Eric Lordahl added a comment -

          Understood---We're using the Jenkins plugin w/ Git and TFS projects. However, there is an open-issue here if the Checkmarx project is set to "Source Control." What happens if I configure Jenkins to point to a specific repository, but the Checkmarx project is set to Source Control? Will the Jenkins files be overwritten? I would suggest a solution among the following:

          When .SrcCodeSettings.SourceOrigin == SourceLocationType.SourceControl:
          1. Provide an error message and stop to avoid any contention.

          OR

          2. Provide a warning message and ignore files in Jenkins workspace (because Checkmarx will already pull them). Instead of uploading the Checkmarx, just start the scan.

          Does that make sense?

          Show
          elordahl Eric Lordahl added a comment - Understood---We're using the Jenkins plugin w/ Git and TFS projects. However, there is an open-issue here if the Checkmarx project is set to "Source Control." What happens if I configure Jenkins to point to a specific repository, but the Checkmarx project is set to Source Control? Will the Jenkins files be overwritten? I would suggest a solution among the following: When .SrcCodeSettings.SourceOrigin == SourceLocationType.SourceControl: 1. Provide an error message and stop to avoid any contention. OR 2. Provide a warning message and ignore files in Jenkins workspace (because Checkmarx will already pull them). Instead of uploading the Checkmarx, just start the scan. Does that make sense?
          Hide
          checkmarxsupport Checkmarx Support added a comment -

          Eric,

          When initiating the scan from/by Jenkins - the configuration in the web interface of Cx for Source Control will not make any difference as the code will be uploaded from the Jenkins - ignoring the settings in the web interface. Only if you initiate the scan from Cx Web Interface the code will be taken from where it is configured in the web interface..

          Make sense?

          Show
          checkmarxsupport Checkmarx Support added a comment - Eric, When initiating the scan from/by Jenkins - the configuration in the web interface of Cx for Source Control will not make any difference as the code will be uploaded from the Jenkins - ignoring the settings in the web interface. Only if you initiate the scan from Cx Web Interface the code will be taken from where it is configured in the web interface.. Make sense?
          Hide
          elordahl Eric Lordahl added a comment -

          Good to know.

          While i still think it would be beneficial to bypass zipping & uploading for Source-Control projects, I understand the functionality now. Thank you.

          Show
          elordahl Eric Lordahl added a comment - Good to know. While i still think it would be beneficial to bypass zipping & uploading for Source-Control projects, I understand the functionality now. Thank you.
          Hide
          checkmarxsupport Checkmarx Support added a comment -

          Explanation given

          Show
          checkmarxsupport Checkmarx Support added a comment - Explanation given

            People

            • Assignee:
              checkmarxsupport Checkmarx Support
              Reporter:
              elordahl Eric Lordahl
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: