Discussion on "NPM Audit + Jenkins Warnings Next Generation (Custom Groovy Parser)"

Yurko Tymchuk · 2020-09-18T17:03:39.753Z

At work, I'm developing some projects that use NPM as a package manager. Starting from version 6, NPM will display short audit information at the end of an npm install execution in the following format: found 290 vulnerabilities (283 low, 5 moderate,...

Love the guide! Trying it out. Have added the parser with JCasC.

warningsParsers:
    parsers:
      - name: "NPM Audit Parser"
        id: npm-audit
        regexp: '\w+\t(\S+)\t(\w+)\t(\S| )+\t((\S| )+)\t(\S+)\t(\S+)'
        script: |
          import edu.hm.hafner.analysis.Severity
          builder.setFileName(matcher.group(7))
          .setCategory(matcher.group(4))
          .setMessage(matcher.group(6))
          .buildOptional()
          return builder.buildOptional();
        example: "update\tlodash\tlow\tnpm update lodash --depth 9\tPrototype Pollution\t\         
        https://npmjs.com/advisories/1523\telasticsearch>lodash\tN"

Executing NPM audit in the pipleine like the following.

sh 'mkdir -p results/npm-audit'
sh 'npm audit --parseable > results/npm-audit/result.log || true'

Added the following to a publish stage.

recordIssues(
    tool: groovyScript(parserId: 'npm-audit', pattern: 'results/npm-audit/result.log'),
        qualityGates: [[threshold: 100, type: 'TOTAL', unstable: true]]
)

But I keep getting the following error. Any ideas?

java.lang.AssertionError: Value is not TRUE
    at edu.hm.hafner.util.Ensure.throwException(Ensure.java:169)
    at edu.hm.hafner.util.Ensure.access$000(Ensure.java:36)
    at edu.hm.hafner.util.Ensure$BooleanCondition.isTrue(Ensure.java:724)
    at edu.hm.hafner.util.Ensure$BooleanCondition.isTrue(Ensure.java:735)
    at io.jenkins.plugins.analysis.warnings.groovy.GroovyParser.createParser(GroovyParser.java:182)
    at io.jenkins.plugins.analysis.warnings.groovy.GroovyParserToolAdapter.createParser(GroovyParserToolAdapter.java:38)
    at io.jenkins.plugins.analysis.warnings.groovy.GroovyScript.createParser(GroovyScript.java:50)
    at io.jenkins.plugins.analysis.core.model.FilesScanner.<init>(FilesScanner.java:55)
    at io.jenkins.plugins.analysis.core.model.ReportScanningTool.scanInWorkspace(ReportScanningTool.java:149)
    at io.jenkins.plugins.analysis.core.model.ReportScanningTool.scan(ReportScanningTool.java:131)
    at io.jenkins.plugins.analysis.core.steps.IssuesScanner.scan(IssuesScanner.java:101)
    at io.jenkins.plugins.analysis.core.steps.IssuesRecorder.scanWithTool(IssuesRecorder.java:681)
    at io.jenkins.plugins.analysis.core.steps.IssuesRecorder.record(IssuesRecorder.java:646)
    at io.jenkins.plugins.analysis.core.steps.IssuesRecorder.perform(IssuesRecorder.java:617)
    at io.jenkins.plugins.analysis.core.steps.RecordIssuesStep$Execution.run(RecordIssuesStep.java:1024)
    at io.jenkins.plugins.analysis.core.steps.RecordIssuesStep$Execution.run(RecordIssuesStep.java:985)
    at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Finished: FAILURE

Discussion

NPM Audit + Jenkins Warnings Next Generation (Custom Groovy Parser)

Responses(3)

Recent in Forum

Search Hashnode

NPM Audit + Jenkins Warnings Next Generation (Custom Groovy Parser)

Responses(3)

Recent in Forum