0

我正在尝试使用“IBM Application Security on Cloud Plugin”将 IBM Application Security on Cloud (ASoC) 与 Jenkins 集成。我已经在 J​​enkins 中成功安装了插件并重新启动了 Jenkins。

在作业中添加“运行安全测试”构建步骤详细信息时,在选择凭据(如 Jenkins 凭据页面上定义)后,我在应用程序下拉列表中得到一个空列表,并且不知道原因。

注意: 1. 作为先决条件,我已经在 IBM Application Security on Cloud 中创建了一个应用程序。2. 通过从 ASOC 应用程序生成密钥 ID 和密钥,我在 Jenkins 凭证页面中添加了 ASOC API 凭证。3. 我正在使用 IBM Marketplace 上的 ASoC 试用版。

以下是 Jenkins Err 日志:

Jan 02, 2018 9:32:06 PM org.eclipse.jetty.util.log.JavaUtilLog warn 
WARNING: Error while serving http://<server>:<port>/view/IBM-
ASOC/job/Jenkins_IBM-ASOC_Integration/descriptorByName/ 
com.ibm.appscan.jenkins.plugin.scanners.DynamicAnalyzer/fillPresenceIdItems 
java.lang.reflect.InvocationTargetException 
at org.kohsuke.stapler.Function$MethodFunction.invoke( Function.java:347) 
at org.kohsuke.stapler.Function.bindAndInvoke( Function.java:184) 
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse( Function.java:117) 
at org.kohsuke.stapler.MetaClass$1.doDispatch( MetaClass.java:129) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.MetaClass$5.doDispatch( MetaClass.java:248) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.MetaClass$5.doDispatch( MetaClass.java:248) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.MetaClass$5.doDispatch( MetaClass.java:248) 
at org.kohsuke.stapler.NameBasedDispatcher.dispatch( NameBasedDispatcher.java:58) 
at org.kohsuke.stapler.Stapler.tryInvoke( Stapler.java:715) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:845) 
at org.kohsuke.stapler.Stapler.invoke( Stapler.java:649) 
at org.kohsuke.stapler.Stapler.service( Stapler.java:238) 
at javax.servlet.http.HttpServlet.service( HttpServlet.java:790) 
at org.eclipse.jetty.servlet.ServletHolder.handle( ServletHolder.java:812) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1669) 
at hudson.util.PluginServletFilter$1.doFilter( PluginServletFilter.java:135) 
at hudson.util.PluginServletFilter.doFilter( PluginServletFilter.java:138) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at  hudson.security.csrf.CrumbFilter.doFilter( CrumbFilter.java:80) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:84) 
at  hudson.security.UnwrapSecurityExceptionFilter.doFilter( UnwrapSecurityExceptionFilter.java:51) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at  jenkins.security.ExceptionTranslationFilter.doFilter( ExceptionTranslationFilter.java:117) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter( AnonymousProcessingFilter.java:125) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter( RememberMeProcessingFilter.java:142) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter( AbstractProcessingFilter.java:271) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at  jenkins.security.BasicHeaderProcessor.doFilter( BasicHeaderProcessor.java:92) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter( HttpSessionContextIntegrationFilter.java:249) 
at  hudson.security.HttpSessionContextIntegrationFilter2.doFilter( HttpSessionContextIntegrationFilter2.java:67) 
at  hudson.security.ChainedServletFilter$1.doFilter( ChainedServletFilter.java:87) 
at  hudson.security.ChainedServletFilter.doFilter( ChainedServletFilter.java:90) 
at  hudson.security.HudsonFilter.doFilter( HudsonFilter.java:171) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at org.kohsuke.stapler.compression.CompressionFilter.doFilter( CompressionFilter.java:49) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at hudson.util.CharacterEncodingFilter.doFilter( CharacterEncodingFilter.java:82) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter( DiagnosticThreadNameFilter.java:30) 
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter( ServletHandler.java:1652) 
at org.eclipse.jetty.servlet.ServletHandler.doHandle( ServletHandler.java:585) 
at org.eclipse.jetty.server.handler.ScopedHandler.handle( ScopedHandler.java:143) 
at  org.eclipse.jetty.security.SecurityHandler.handle( SecurityHandler.java:553) 
at org.eclipse.jetty.server.session.SessionHandler.doHandle( SessionHandler.java:223) 
at org.eclipse.jetty.server.handler.ContextHandler.doHandle( ContextHandler.java:1127) 
at org.eclipse.jetty.servlet.ServletHandler.doScope( ServletHandler.java:515) 
at org.eclipse.jetty.server.session.SessionHandler.doScope( SessionHandler.java:185) 
at org.eclipse.jetty.server.handler.ContextHandler.doScope( ContextHandler.java:1061) 
at org.eclipse.jetty.server.handler.ScopedHandler.handle( ScopedHandler.java:141) 
at org.eclipse.jetty.server.handler.HandlerWrapper.handle( HandlerWrapper.java:97) 
at org.eclipse.jetty.server.Server.handle( Server.java:499) 
at org.eclipse.jetty.server.HttpChannel.handle( HttpChannel.java:311) 
at org.eclipse.jetty.server.HttpConnection.onFillable( HttpConnection.java:257) 
at  org.eclipse.jetty.io.AbstractConnection$ 2.run( AbstractConnection.java:544) 
at winstone.BoundedExecutorService$ 1.run( BoundedExecutorService.java:77) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
at java.util.concurrent.ThreadPoolExecutor$ Worker.run(Unknown Source) 
at  java.lang.Thread.run(Unknown Source) 
Caused by: java.lang.NullPointerException 
at com.hcl.appscan.sdk.http.HttpResponse.getHttpResponseBody( HttpResponse.java:124) 
at com.hcl.appscan.sdk.http.HttpResponse.hasResponseBody( HttpResponse.java:109) 
at com.hcl.appscan.sdk.http.HttpResponse.getResponseBodyAsJSON( HttpResponse.java:79) 
at com.hcl.appscan.sdk.presence.CloudPresenceProvider.handleError( CloudPresenceProvider.java:168) 
at com.hcl.appscan.sdk.presence.CloudPresenceProvider.loadPresences( CloudPresenceProvider.java:159) 
at com.hcl.appscan.sdk.presence.CloudPresenceProvider.getPresences( CloudPresenceProvider.java:45) 
at  com.ibm.appscan.jenkins.plugin.scanners.DynamicAnalyzer$DescriptorImpl.doFillPresenceIdItems( DynamicAnalyzer.java:120) 
at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) 
at org.kohsuke.stapler.Function$MethodFunction.invoke( Function.java:343)
4

2 回答 2

0

我有完全相同的问题。

我通过停止并重新启动 Jenkins 解决了这个问题。

之后,我的应用程序出现在下拉列表中。

于 2018-08-22T14:11:57.507 回答
0

查看您的错误日志,请注意有关“存在”的错误。这很重要,因为 ASoC 需要访问您的应用程序,尤其是当它位于防火墙后面或您正在测试内部应用程序时。此外,您需要在服务器上配置您的应用程序状态。Appscan-presence 需要与您的应用程序通信,然后是 ASoC 以进行作业扫描。配置您的 appscan 状态后,您将可以选择从“应用程序”下拉列表中选择应用程序。

在此处输入图像描述

此外,您可能需要编辑 Jenkins LMR 文件以确保它配置了 ASoC 的 jenkins 插件。在这里,如果您的应用程序是内部的,我在配置代理时遇到了问题。

于 2018-09-25T18:01:34.713 回答