Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52681

Anchore plugin fails with JSON error

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Not A Defect
    • Environment:
    • Similar Issues:

      Description

      When I run a jenkins job using the anchore plugin, it submits it correctly but fails to load and parse the result.

      Attached are logs from the core, and jenkins plugin as well as the json resulting from this curl.

      curl -v -u admin:foobar "http://anchore.platform.vivint.com/v1/images/sha256:1e459072023393e9632e98961d84eccdf9ab926ce8e9aa55403fc4ec7610a914/check?tag=tp-registry.vivint.com:5005/test/vivint-base-prod:16.feature-pl-5600-anchore-3268de8&detail=true&policyId=2c53a13c-1765-11e8-82ef-23527761d060"

       

        Attachments

        1. anchore.json
          15 kB
        2. anchoreplugin.log
          6 kB
        3. core.log
          322 kB

          Activity

          Hide
          swathigangisetty Swathi Gangisetty added a comment -

          Ben Mathews, looks like your setup has the most updated Jenkins plugin release but a really old version of anchore engine (0.1.10). Current anchore engine release version is 0.2.3. This matters since the Jenkins plugin uses API to interact with anchore engine. "Security" tab of the Anchore build report is a new plugin feature that queries the anchore engine for vulnerabilities and renders the results. In this case the API response to vulnerability listing from the anchore engine is not what the plugin expects and hence the error in anchoreplugin.log. You might want to consider upgrading anchore engine for the Security tab results in the Anchore report.

          However, this error should not impact the rendering of the Anchore report for the Jenkins build. The Anchore report should display a "Policy" tab that contains a summary and detailed policy evaluation results. Let us know if this is not the case. 

          Show
          swathigangisetty Swathi Gangisetty added a comment - Ben Mathews , looks like your setup has the most updated Jenkins plugin release but a really old version of anchore engine (0.1.10). Current anchore engine release version is 0.2.3. This matters since the Jenkins plugin uses API to interact with anchore engine. "Security" tab of the Anchore build report is a new plugin feature that queries the anchore engine for vulnerabilities and renders the results. In this case the API response to vulnerability listing from the anchore engine is not what the plugin expects and hence the error in anchoreplugin.log. You might want to consider upgrading anchore engine for the Security tab results in the Anchore report. However, this error should not impact the rendering of the Anchore report for the Jenkins build. The Anchore report should display a "Policy" tab that contains a summary and detailed policy evaluation results. Let us know if this is not the case. 
          Hide
          benm Ben Mathews added a comment -

          I installed w/ the achore helm chart which at the time specified an older version. The helm chart has since been upgraded and all is working properly. Thanks.

          https://github.com/helm/charts/tree/master/stable/anchore-engine

          Show
          benm Ben Mathews added a comment - I installed w/ the achore helm chart which at the time specified an older version. The helm chart has since been upgraded and all is working properly. Thanks. https://github.com/helm/charts/tree/master/stable/anchore-engine

            People

            • Assignee:
              nurmi Daniel Nurmi
              Reporter:
              benm Ben Mathews
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: