Menu
I have the task to find out how blackduck works and how it can be used to scan Maven-based Java projects. From what I found out so far, the best way is to use Synopsys detect for that. Therefore, I created an application.properties file and tried to scan a Maven-based project. The problem is, that it does not do anything. What am I missing?
Here´s my application.properties:
blackduck.url=xxx
detect.project.name=MyProject
blackduck.api.token=xxx
detect.test.connection=true
blackduck.trust.cert=true
detect.bash.path=/usr/bin/bash
detect.bdio.output.path=output
detect.output.path=output
detect.java.path=/usr/bin/java
detect.maven.path=/usr/bin/mvn
#detect.cleanup=false
detect.required.detector.types=MAVEN
detect.notices.report=true
logging.level.com.synopsys.integration=DEBUG
detect.source.path=/ap
detect.tools=SIGNATURE_SCAN,BINARY_SCAN
detect.detector.search.depth=5
The output is as follows:
Detect Shell Script 2.3.0
Will look for : https://sig-repo.synopsys.com/bds-integrations-release/com/synopsys/integration/synopsys-detect/6.2.1/synopsys-detect-6.2.1.jar
You have already downloaded the latest file, so the local file will be used.
Java Source: PATH
running Detect: "java" -jar "/tmp/synopsys-detect-6.2.1.jar"
______ _ _
| _ \ | | | |
| | | |___| |_ ___ ___| |_
| | | / _ \ __/ _ \/ __| __|
| |/ / __/ || __/ (__| |_
|___/ \___|\__\___|\___|\__|
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (jar:file:/tmp/synopsys-detect-6.2.1.jar!/BOOT-INF/lib/groovy-all-2.4.12.jar!/) to method java.lang.Object.
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2020-04-17 07:44:02 DEBUG [main] --- Initializing detect.
2020-04-17 07:44:02 DEBUG [main] --- You seem to be running in a LINUX operating system.
2020-04-17 07:44:02 DEBUG [main] --- Detect boot begin.
Detect Version: 6.2.1
2020-04-17 07:44:03 DEBUG [main] --- Configuration processed completely.
2020-04-17 07:44:03 INFO [main] ---
2020-04-17 07:44:03 INFO [main] --- Current property values:
2020-04-17 07:44:03 INFO [main] --- --property = value [notes]
2020-04-17 07:44:03 INFO [main] --- ------------------------------------------------------------
2020-04-17 07:44:03 INFO [main] --- blackduck.api.token = **************************************************************************************************** [applicationConfig: [file:./
]
2020-04-17 07:44:03 INFO [main] --- blackduck.trust.cert = true [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- blackduck.url = xxx [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.bash.path = /usr/bin/bash [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.bdio.output.path = output [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.detector.search.depth = 5 [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.java.path = /usr/bin/java [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.maven.build.command = clean install [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.maven.path = /usr/bin/mvn [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.notices.report = true [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.output.path = output [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.project.name = MyProject [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.required.detector.types = MAVEN [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.source.path = /app [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.test.connection = true [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.tools = SIGNATURE_SCAN,BINARY_SCAN [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- logging.level.com.synopsys.integration = DEBUG [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- ------------------------------------------------------------
2020-04-17 07:44:03 INFO [main] ---
2020-04-17 07:44:03 DEBUG [main] --- Initializing Detect.
2020-04-17 07:44:03 INFO [main] --- Tilde's will be automatically resolved to USER HOME.
2020-04-17 07:44:03 INFO [main] --- Source directory: /app
2020-04-17 07:44:03 INFO [main] --- Output directory: /app/output
2020-04-17 07:44:03 INFO [main] --- Run directory: /app/output/runs/2020-04-17-07-44-02-908
2020-04-17 07:44:03 DEBUG [main] --- Main boot completed. Deciding what Detect should do.
2020-04-17 07:44:03 INFO [main] ---
2020-04-17 07:44:03 DEBUG [main] --- Black Duck will run: A Black Duck url was found.
2020-04-17 07:44:03 DEBUG [main] --- Polaris will NOT run because it is excluded.
2020-04-17 07:44:03 DEBUG [main] --- Decided what products will be run. Starting product boot.
2020-04-17 07:44:03 DEBUG [main] --- Detect product boot start.
2020-04-17 07:44:03 DEBUG [main] --- Will boot Black Duck product.
2020-04-17 07:44:04 DEBUG [main] --- Detect will check communication with the Black Duck server.
2020-04-17 07:44:04 INFO [main] --- Connection to the Black Duck server was successful.
2020-04-17 07:44:04 WARN [main] --- Automatically trusting server certificates - not recommended for production use.
2020-04-17 07:44:05 INFO [main] --- Successfully connected to Black Duck (version 2019.6.0)!
2020-04-17 07:44:06 DEBUG [main] --- Connected as: xxx
2020-04-17 07:44:06 DEBUG [main] --- Roles: BOM Manager, Project Manager, Policy Violation Reviewer, Project Code Scanner, Security Manager, Project Viewer
2020-04-17 07:44:06 DEBUG [main] --- Group:
2020-04-17 07:44:06 DEBUG [main] --- Test Connection to Black Duck is set to 'true' so Detect will not run.
2020-04-17 07:44:06 INFO [main] --- No products to run, Detect is complete.
2020-04-17 07:44:06 DEBUG [main] --- Detect boot completed.
2020-04-17 07:44:06 DEBUG [main] --- Detect will NOT attempt to run.
2020-04-17 07:44:06 INFO [main] --- Creating status file: output/runs/2020-04-17-07-44-02-908/status/status.json
2020-04-17 07:44:06 DEBUG [main] --- Detect shutdown begin.
2020-04-17 07:44:06 DEBUG [main] --- Detect will cleanup.
2020-04-17 07:44:06 DEBUG [main] --- Cleaning up directory: /app/output/runs/2020-04-17-07-44-02-908
2020-04-17 07:44:06 DEBUG [main] --- Cleaning up: /app/output/runs/2020-04-17-07-44-02-908/status
2020-04-17 07:44:06 INFO [main] --- Cleaning up directory: /app/output/runs/2020-04-17-07-44-02-908
2020-04-17 07:44:06 DEBUG [main] --- Detect shutdown completed.
2020-04-17 07:44:06 DEBUG [main] --- All Detect actions completed.
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- ======== Detect Status ========
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- Overall Status: SUCCESS
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- ===============================
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- Detect duration: 00h 00m 04s 065ms
Result code of 0, exiting
573
Well, after many trials and errors I found out that I misunderstood the detect.test.connection=true parameter. Instead of just testing the connection to blackduck prior to the scan (which was my understanding), it sets detect to a sort of dryrun so that it does not execute and detectors etc. So omitting the parameter solved my issue.
135
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
