У меня есть задача выяснить, как работает blackduck и как его можно использовать для сканирования Java проектов на основе Maven. Из того, что я обнаружил до сих пор, лучший способ - использовать Synopsys для этого. Поэтому я создал файл application.properties и попытался отсканировать проект на основе Maven. Проблема в том, что он ничего не делает. Чего мне не хватает?
Вот мое application.properties:
blackduck.url=xxx
detect.project.name=MyProject
blackduck.api.token=xxx
detect.test.connection=true
blackduck.trust.cert=true
detect.bash.path=/usr/bin/bash
detect.bdio.output.path=output
detect.output.path=output
detect.java.path=/usr/bin/java
detect.maven.path=/usr/bin/mvn
#detect.cleanup=false
detect.required.detector.types=MAVEN
detect.notices.report=true
logging.level.com.synopsys.integration=DEBUG
detect.source.path=/ap
detect.tools=SIGNATURE_SCAN,BINARY_SCAN
detect.detector.search.depth=5
Вывод выглядит следующим образом:
Detect Shell Script 2.3.0
Will look for : https://sig-repo.synopsys.com/bds-integrations-release/com/synopsys/integration/synopsys-detect/6.2.1/synopsys-detect-6.2.1.jar
You have already downloaded the latest file, so the local file will be used.
Java Source: PATH
running Detect: "java" -jar "/tmp/synopsys-detect-6.2.1.jar"
______ _ _
| _ \ | | | |
| | | |___| |_ ___ ___| |_
| | | / _ \ __/ _ \/ __| __|
| |/ / __/ || __/ (__| |_
|___/ \___|\__\___|\___|\__|
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (jar:file:/tmp/synopsys-detect-6.2.1.jar!/BOOT-INF/lib/groovy-all-2.4.12.jar!/) to method java.lang.Object.
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2020-04-17 07:44:02 DEBUG [main] --- Initializing detect.
2020-04-17 07:44:02 DEBUG [main] --- You seem to be running in a LINUX operating system.
2020-04-17 07:44:02 DEBUG [main] --- Detect boot begin.
Detect Version: 6.2.1
2020-04-17 07:44:03 DEBUG [main] --- Configuration processed completely.
2020-04-17 07:44:03 INFO [main] ---
2020-04-17 07:44:03 INFO [main] --- Current property values:
2020-04-17 07:44:03 INFO [main] --- --property = value [notes]
2020-04-17 07:44:03 INFO [main] --- ------------------------------------------------------------
2020-04-17 07:44:03 INFO [main] --- blackduck.api.token = **************************************************************************************************** [applicationConfig: [file:./
]
2020-04-17 07:44:03 INFO [main] --- blackduck.trust.cert = true [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- blackduck.url = xxx [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.bash.path = /usr/bin/bash [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.bdio.output.path = output [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.detector.search.depth = 5 [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.java.path = /usr/bin/java [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.maven.build.command = clean install [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.maven.path = /usr/bin/mvn [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.notices.report = true [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.output.path = output [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.project.name = MyProject [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.required.detector.types = MAVEN [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.source.path = /app [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.test.connection = true [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.tools = SIGNATURE_SCAN,BINARY_SCAN [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- logging.level.com.synopsys.integration = DEBUG [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- ------------------------------------------------------------
2020-04-17 07:44:03 INFO [main] ---
2020-04-17 07:44:03 DEBUG [main] --- Initializing Detect.
2020-04-17 07:44:03 INFO [main] --- Tilde's will be automatically resolved to USER HOME.
2020-04-17 07:44:03 INFO [main] --- Source directory: /app
2020-04-17 07:44:03 INFO [main] --- Output directory: /app/output
2020-04-17 07:44:03 INFO [main] --- Run directory: /app/output/runs/2020-04-17-07-44-02-908
2020-04-17 07:44:03 DEBUG [main] --- Main boot completed. Deciding what Detect should do.
2020-04-17 07:44:03 INFO [main] ---
2020-04-17 07:44:03 DEBUG [main] --- Black Duck will run: A Black Duck url was found.
2020-04-17 07:44:03 DEBUG [main] --- Polaris will NOT run because it is excluded.
2020-04-17 07:44:03 DEBUG [main] --- Decided what products will be run. Starting product boot.
2020-04-17 07:44:03 DEBUG [main] --- Detect product boot start.
2020-04-17 07:44:03 DEBUG [main] --- Will boot Black Duck product.
2020-04-17 07:44:04 DEBUG [main] --- Detect will check communication with the Black Duck server.
2020-04-17 07:44:04 INFO [main] --- Connection to the Black Duck server was successful.
2020-04-17 07:44:04 WARN [main] --- Automatically trusting server certificates - not recommended for production use.
2020-04-17 07:44:05 INFO [main] --- Successfully connected to Black Duck (version 2019.6.0)!
2020-04-17 07:44:06 DEBUG [main] --- Connected as: xxx
2020-04-17 07:44:06 DEBUG [main] --- Roles: BOM Manager, Project Manager, Policy Violation Reviewer, Project Code Scanner, Security Manager, Project Viewer
2020-04-17 07:44:06 DEBUG [main] --- Group:
2020-04-17 07:44:06 DEBUG [main] --- Test Connection to Black Duck is set to 'true' so Detect will not run.
2020-04-17 07:44:06 INFO [main] --- No products to run, Detect is complete.
2020-04-17 07:44:06 DEBUG [main] --- Detect boot completed.
2020-04-17 07:44:06 DEBUG [main] --- Detect will NOT attempt to run.
2020-04-17 07:44:06 INFO [main] --- Creating status file: output/runs/2020-04-17-07-44-02-908/status/status.json
2020-04-17 07:44:06 DEBUG [main] --- Detect shutdown begin.
2020-04-17 07:44:06 DEBUG [main] --- Detect will cleanup.
2020-04-17 07:44:06 DEBUG [main] --- Cleaning up directory: /app/output/runs/2020-04-17-07-44-02-908
2020-04-17 07:44:06 DEBUG [main] --- Cleaning up: /app/output/runs/2020-04-17-07-44-02-908/status
2020-04-17 07:44:06 INFO [main] --- Cleaning up directory: /app/output/runs/2020-04-17-07-44-02-908
2020-04-17 07:44:06 DEBUG [main] --- Detect shutdown completed.
2020-04-17 07:44:06 DEBUG [main] --- All Detect actions completed.
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- ======== Detect Status ========
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- Overall Status: SUCCESS
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- ===============================
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- Detect duration: 00h 00m 04s 065ms
Result code of 0, exiting