Child pages
  • Fortify On Demand Uploader Plugin
Skip to end of metadata
Go to start of metadata

Plugin Information

View Fortify on Demand Uploader on the plugin site for more information.

Older versions of this plugin may not be safe to use. Please review the following warnings before using an older version:

Fortify on Demand is a Software as a Service (SaaS) solution that enables your organization to easily and quickly build and expand a Software Security Assurance program. The Fortify on Demand Plugin enables users to upload code directly from Jenkins for Static Application Security Testing (SAST). This plugin features the following tasks:

    Run a static assessment for each build triggered by Jenkins.
    Monitor scan completion and poll for results. If the results do not meet the application security policy as set by the organization, the build can be marked as failed or unstable.
    
This plugin requires a Fortify on Demand account. For more information on Fortify on Demand and to request a free trial, go to https://software.microfocus.com/en-us/software/fortify-on-demand

This plugin is maintained by the Fortify on Demand team. If you have any issues, or enhancement requests or would like to contribute to the code please let us know through the GitHub Issues page.

Installation

Note: If your Jenkins server requires a proxy for web access, in the Jenkins Dashboard, select Jenkins > Manage Jenkins > Manage Plugins. Select the Advanced tab and configure your proxy settings.

  1. Select the Available tab.
  2. In the Filter search box, type “Fortify on Demand Uploader.” The plugin list refreshes with Fortify on Demand Uploader.
  3. Select the plugin and click Download now and install after restart.

Setup

Create an API Key Pair or a Personal Access Token in Fortify on Demand

The Fortify on Demand Plugin connects to Fortify on Demand through the Fortify on Demand API. Authentication requires an API key and secret pair or a personal access token.

  • To create an API key and secret pair: Within Fortify on Demand, navigate to the Settings page under the Administration view, and then to the API tab. Create an API key with the Start Scans permission. Make sure to copy the secret as it is only shown once.
    Note that only Security Leads can create API keys.
  • To create a personal access token: Within Fortify on Demand, select your account name > Personal Access Tokens. Create a personal access token with the api-tenant scope. Make sure to copy the token as it is only shown once.

Generate a Build Server Integration (BSI) Token in Fortify on Demand

Within Fortify on Demand, navigate to the application release that you wish to assess, and then to the Static Scan Setup page. Configure the static assessment settings and the BSI token will be automatically generated. Make sure to save the settings.

Note that this procedure requires a user role with the Start Static Scans-Configure permission.

Configure Global Authentication Settings

  1. In the Jenkins Dashboard, select Jenkins > Manage Jenkins > Configure System.
  2. In the Fortify on Demand section, provide your data center's domain URL and API root URL.
  3. Select the method of authentication:
    • Use API Key for authentication: Provide the API key and secret.
    • Use Personal Access Token for authentication: Provide your account username, your personal access token, and the tenant ID.
  4. Click Test Connection. If the authentication is successful, a success message will appear.

Configure Fortify on Demand Static Assessment Tasks

The Fortify on Demand Plugin supports freestyle projects and pipelines.

Configure a Freestyle Project

The plugin adds the Fortify on Demand Static Assessment and Poll Fortify on Demand for Results post-build tasks.

  1. In a freestyle project, click Configure.
  2. In the Post-build Actions section, click Add post-build action and select Add Fortify on Demand Static Assessment.
  3. Complete the following fields:

    FieldDescription
    BSI TokenProvide the BSI token.
    Configure Personal Access Token (optional)Select this option to override the global authentication settings. Provide your account username, your personal access token, and the tenant ID.
    Entitlement PreferenceSelect the entitlement preference: Single Scan or Subscription.
    Purchase Entitlements (optional)Select the check box to purchase an entitlement if the feature is enabled.
    Bundled Assessment (optional)Select the check box to specify the assessment is a part of a bundled assessment.

    Prefer Remediation if Available (optional)

    Select the check box to run a remediation scan if one is available.
    Include all project filesSelect the check box to include all project files in the zip file.
  4. Click Add post-build action and select Poll Fortify on Demand for Results. Complete the following fields:

    FieldDescription
    BSI TokenProvide the BSI token.
    Configure Personal Access Token (optional)Select this option to override the global authentication settings. Provide your account username, your personal access token, and the tenant ID.
    Polling IntervalType the length of time in minutes between polling Fortify on Demand to check if the scan has completed.
    Action if Failing Security PolicySelect whether to take no action or mark the build as Failed or Unstable based on the application security policy as set by your organization.
  5. Save the settings.

Configure a Pipeline

The Fortify on Demand Plugin adds the fodStaticAssessment and fodPollResults tasks. Use the Snippet Generator to create code for these tasks.

Note: The Pipeline Plugin needs to installed.

  1. In a pipeline, click Configure.
  2. In the Pipeline section, click Pipeline Syntax.
    The Snippet Generator appears.
  3. Select fodStaticAssessment in the Sample Step list.
  4. Complete the following fields:

    FieldDescription
    BSI TokenProvide the BSI token.
    Configure Personal Access Token (optional)Select this option to override the global authentication settings. Provide your account username, your personal access token, and the tenant ID.
    Entitlement PreferenceSelect the entitlement preference: Single Scan or Subscription.
    Purchase Entitlements (optional)Select the check box to purchase an entitlement if the feature is enabled.
    Bundled Assessment (optional)Select the check box to specify the assessment is a part of a bundled assessment.

    Prefer Remediation if Available (optional)

    Select the check box to run a remediation scan if one is available.
    Include all project filesSelect the check box to include all project files in the zip file.
  5. Click Generate Pipeline Script. Copy the code and add it to your pipeline script.
  6. Select fodPollResults in the Sample Step list.
  7. Complete the following fields:

    FieldDescription
    BSI TokenProvide the BSI token.
    Configure Personal Access Token (optional)Select this option to override the global authentication settings. Provide your account username, your personal access token, and the tenant ID.
    Polling IntervalType the length of time in minutes between polling Fortify on Demand to check if the scan has completed.
    Action if Failing Security PolicySelect whether to take no action or mark the build as Failed or Unstable based on the application security policy as set by your organization.
  8. Click Generate Pipeline Script. Copy the code and add it to your pipeline script.
  9. Save the settings.

Run the Build

Run the build. Diagnostic information is available in the console output. The console output will display a success message if the assessment was successfully submitted. The Fortify on Demand Scans page will display an in-progress scan for the release.

Additional Considerations For Maven Users

For the most complete assessment of your application it is important to ensure all dependencies for deployment are satisfied. Maven provides a simple means of outputting these libraries by the maven-dependency-plugin. The section, <excludeGroupIds> may be used to ensure test framework code, for example, is not included.

Example POM Section:

POM Plugins Entry
<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-dependency-plugin</artifactId>
  <version>2.6</version>
  <executions>
    <execution>
      <id>copy-dependencies</id>
      <phase>prepare-package</phase>
      <goals>
        <goal>copy-dependencies</goal>
      </goals>
      <configuration>
        <outputDirectory>target/classes/lib</outputDirectory>
        <overWriteIfNewer>true</overWriteIfNewer>
        <excludeGroupIds>
          junit,org.easymock,${project.groupId}
        </excludeGroupIds>
      </configuration>
    </execution>
    <execution>
      <phase>generate-sources</phase>
      <goals>
        <goal>sources</goal>
      </goals>
    </execution>
  </executions>
  <configuration>
    <verbose>true</verbose>
    <detail>true</detail>
    <outputDirectory>${project.build.directory}</outputDirectory>
  </configuration>
</plugin>

...


<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-source-plugin</artifactId>
  <executions>
    <execution>
      <id>attach-sources</id>
      <goals>
        <goal>jar</goal>
      </goals>
    </execution>
  </executions>
</plugin>

Known Limitations

  • The 2.0.9 (Obsolete) plugin version is slow to populate the pull down menu's in Redhat 7 machines.  Please wait a minute or two and the first field should populate.

Change Log

Version 3.0.12 (4-05-2019)

The Jenkins Plugin now supports pipelines. The fodStaticAssessment and fodPollResults tasks have been added; they mirror the Fortify on Demand post-build actions in freestyle projects.

Version 3.0.11 (3-22-2019)
  • Fixed SSRF vulnerability
Version 3.0.1 (10-9-2017)

Upgrade Note: - please be aware that builds will need to be reconfigured with the BSI Url/Token.

  • Scans are now configured with the BSI Url/Token from the Static Scan Setup page of the release to be scanned in the Fortify on Demand Portal.
Version 2.0.6 (1-6-2017)
  • Fixed bug that causes plugin to crash configuration pages when incomplete information was saved.
Version 2.0 (4-28-2016)
  • Fixed bug when that causes plugin to crash when particular proxy configurations cause authentication to fail.
  • Finalized update to FoD API V3
Version 1.10 (4-28-2016)

*Bug Fix:* This release addresses a rare issue in which release information may not be retrieved for certain applications.

  • Corrected encoding issue for application names which can prevent release information calls from working properly
  • Additional validation for global polling interval
  • Removed unsupported language level settings for .NET and Java
Version 1.09 (4-25-2016)
  • Code changes to resolve distributed Jenkins defect (credit to Ruud Senden)
  • Minor language support changes in preparation for potential new mobile assessment types
Version 1.08 (4-15-2016)
  • Added support for Jenkins proxy configuration
  • Added connection configuration test button that validates reachability of the portal and tests credentials
Version 1.07 (4-6-2016)
  • Added option to include/exclude identified third-party libraries from analysis results
  • Changed order, and description, of advanced options for consistency with the Fortify on Demand portal
  • Polling for results is no longer default. Applications set to poll will reflect your organization's security policy in Jenkins via build stability.
  • Minor branding changes
Version 1.06

*Bug Fix:* This release addresses a bug where the Assessment Type may not correctly set under certain conditions

  • Assessment Type no longer has a suggested default selection; the user must choose the proper type for enabled entitlement
  • Added .NET as a supported language to Sonatype help text
Version 1.05

Upgrade Note: - please ensure you reconfigure any existing builds so that the filer filter may be set by the plugin; this functionality has changed with this version.

  • Added support for all language/assessment types except MBS and C/C++, which require pre-processing with Fortify SCA prior to submission to Fortify on Demand
  • Files selected for upload are automatically set based on language type and Fortify on Demand requirements; users may opt to package all files, including extraneous types like media, under advanced options. Using the automated default is highly encouraged
  • The result report link added with the Detailed Reports option now refers to the Overview page in the Customer Portal
Version 1.04

Upgrade Note: - please ensure you reconfigure any existing builds so that Assessment Type may be set by the plugin as this field is new with this version.

  • Static-related assessment types may be selected at upload, defaults to "Static Assessment"
  • API calls for information lookup are now more resilient with retries, and have additional logging of any issues, e.g. lack of assessment entitlement
Version 1.03
  • Star rating and total issue count display in the standard log results
  • Detailed build log table output includes a deep link to the FoD customer portal for the application release, issue counts by criticality, and Fortify on Demand star rating
  • Minor code cleanup for readability
Version 1.02
  • Minor branding changes
  • Updated UI API token secret validation due to changed 5.0 portal format
Version 1.01
  • Initial release

9 Comments

  1. Unknown User (wilson_ds_net)

    The 2.0.4 version of this plugin will dump the stack trace when you try to save the Jenkins main Configuration screen, or the individual Jenkins Job Configuration screen.  While the changes to the Jenkins main Configuration screen do appear to be saved prior to the stack dump, the individual job changes are not saved.  The Asset Type, Release Name, and Entitlement Id text field pull down menu's are blank even after setting up the plugin and testing the connection to HP.

    The notes say this requires Java 1.7, however this is an older version of Java and the plugin needs to be updated to Java 1.8.

    The last working version of this plugin we've been able to use is the 1.10 release.  I've tested a 2.0.5 snapshot fix and that is a little better (it doesn't stack dump on the Jenkins main Configuration screen), it doesn't fix the stack dump on the individual Jenkins Job Configuration screen.  All in all, 2.0.4 is not something I would use and need significant improvement.  Ticket JENKINS-27498, and 25102 have been opened with CloudBees and HP FoD Support.  CloudBees has been very responsive and helpful.  HP has been virtually silent for three weeks.

    CloudBees did provide this snapshot https://jenkins.ci.cloudbees.com/job/plugins/job/fortify-on-demand-uploader-plugin/105/org.jenkins-ci.plugins$fortify-on-demand-uploader/ for testing which works better, but still has problems with saving the individual job configurations.

    Stack tracejavax.servlet.ServletException:java.lang.Error:Failedtoinstantiateclassorg.jenkinsci.plugins.fodupload.FodUploaderPluginfromblktokxyzkdtnhgnsbdfblktok12blktokxyzkdtnhgnsbd">Stack tracejavax.servlet.ServletException: java.lang.Error: Failed to instantiate class org.jenkinsci.plugins.fodupload.FodUploaderPlugin from
    Unknown macro: {"assessmentTypeId"}

    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:796)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:236)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135)
    at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:499)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
    Caused by: java.lang.Error: Failed to instantiate class org.jenkinsci.plugins.fodupload.FodUploaderPlugin from

    Unknown macro: {"assessmentTypeId"}

    at hudson.model.Descriptor.newInstance(Descriptor.java:599)
    at hudson.model.Descriptor.newInstancesFromHeteroList(Descriptor.java:1050)
    at hudson.model.Descriptor.newInstancesFromHeteroList(Descriptor.java:1012)
    at hudson.util.DescribableList.rebuildHetero(DescribableList.java:208)
    at hudson.model.Project.submit(Project.java:236)
    at hudson.model.Job.doConfigSubmit(Job.java:1245)
    at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:796)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:335)
    at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:52)
    at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:175)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:108)
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:124)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    ... 64 more
    Caused by: java.lang.IllegalArgumentException: Failed to instantiate class org.jenkinsci.plugins.fodupload.FodUploaderPlugin from

    Unknown macro: {"assessmentTypeId"}

    at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:676)
    at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:478)
    at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:474)
    at hudson.model.Descriptor.newInstance(Descriptor.java:591)
    ... 82 more
    Caused by: java.lang.NumberFormatException: For input string: ""
    at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
    at java.lang.Integer.parseInt(Integer.java:592)
    at java.lang.Integer.parseInt(Integer.java:615)
    at org.jenkinsci.plugins.fodupload.models.JobConfigModel.<init>(JobConfigModel.java:113)
    at org.jenkinsci.plugins.fodupload.FodUploaderPlugin.<init>(FodUploaderPlugin.java:69)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:525)
    at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:777)
    at org.kohsuke.stapler.RequestImpl.access$200(RequestImpl.java:83)
    at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:674)
    ... 85 more

  2. Unknown User (wilson_ds_net)

    The 2.0.5 version of this plugin is slightly better in that it no longer does a Java stack trace dump when saving the http://<Jenkins_url>/configure screen, but it still does a Java stack trace dump when trying to save any Jenkins Job that tries to use the Post-Build FoD plugin.  The issue appears to be that three of the data field pull down menu's (Asset Type, Release Name, and Entitlement Id ) are left blank (after the plugin is installed and the "test" button has been clicked on).  There is no documentation on how to configure these fields so they remain empty and the plugin does not check for this (obvious) condition.  There is nothing that says these fields are required either.

    Since the pull down menu's are configured by the initial test connection to HP, I don't understand why these fields are empty.  If there is something that needs to be configured by the Jenkins Admin, that needs to be documented in this Wiki page, but there is nothing specified here, or in the Jenkins system configuration screen.

  3. Unknown User (wilson_ds_net)

    The HP ticket 25102 says there is a 2.0.6 version under development and provided the URL https://github.com/jenkinsci/fortify-on-demand-uploader-plugin/issues/15 to get the hpi file.  When I tried to download https://repo.jenkins-ci.org/webapp/#/artifacts/browse/tree/General/releases/org/jenkins-ci/plugins/fortify-on-demand-uploader/2.0.6/fortify-on-demand-uploader-2.0.6.hpi all I got was a 404 error message. 

  4. Unknown User (wilson_ds_net)

    I've been playing with the 2.0.6 release and happened to get interrupted for about 10 minutes. Durring this time, the Release Name field populated itself with the "baseline" value when the Application Name was set to "1Dispatch". In looking at the org.jenkinsci.plugins.fodupload.FodUploaderPlugin.xml configuration file this value seems correct (i.e. they have the same <applicationId> value "78460"). However ten minutes for a field to populate is really far to long for practical usage.

    The Assessment Type, and Entitlement Id fields populated with values of "0" for both fields, however when looking at the org.jenkinsci.plugins.fodupload.FodUploaderPlugin.xml configuration file it appears there should be several choice which are not being displayed in the pull down lists. Clearly this plugin is not ready for prime time at all.

    It appears the org.jenkinsci.plugins.fodupload.FodUploaderPlugin.xml file is being read, but is not being processed correctly for the display fields. This renders the plugin useless.

  5. Unknown User (wilson_ds_net)

    Okay, this is weird. I've done nothing on the test machine (no builds, not activities of any kind) and went to lunch. When I came back and opened the Jenkins task configuration screen, the Assessment Type and Entitlement Id fields now have values populated into the fields and the pull down menus have choices shown where before they were empty. The test machine is hidden from other developers and I'm the only one with access so I'm sure no one has been messing with the system.

    I've no idea why this should suddenly populate the data fields or why the pull down menu's seem to be working all of the sudden. (Witchcraft I say, get the torches and pitchforks ready). :) Does the Development team have any idea why this should suddenly populate these values after several hours of nothing happening?

  6. Unknown User (ragesh_ns)

    plugins are not supporting javascript projects upload.

    Unable to select language level.This is blocking our automation works

  7. Unknown User (penchal_naidu)

    Hi,

    I have successfully done plugin installation but couldn't see the Plugin info in Manage Jenkins→ Configure System(Configure Global settings and paths).

    Please what would be the problem for not displaying/appearing in the tab: Configure System of Jenkins web UI. Due to this I couldn't load/select/choose the plugin during Jenkins Maven build Job creation.

    Here is the method used for installing Fortify On Demand plugin.

    Advanced installation

    The Update Center only allows the installation of the most recently released version of a plugin. In cases where an older release of the plugin is desired, a Jenkins administrator can download an older .hpi archive and manually install that on the Jenkins master.

    From the web UI

    Assuming a .hpi file has been downloaded, a logged-in Jenkins administrator may upload the file from within the web UI:

    1. Navigate to the Manage Jenkins > Manage Plugins page in the web UI.

    2. Click on the Advanced tab.

    3. Choose the .hpi file under the Upload Plugin section.

    4. Upload the plugin file.

     

    1. Unknown User (mtgibbs)

      Does the plugin show up under your installed plugins section?

      1. Unknown User (penchal_naidu)

        Yes Matt, plugin "Fortify on Demand Uploader Plugin" is under Installed Plugins section.

        Here are the details about plugin:

        Fortify on Demand Uploader Plugin (fortify-on-demand-uploader): 3.0.6

        Note: We are using Jenkins version: 1.650

        Issue here is that I couldn't see Fortify on Demand Uploader Plugin information under Configure System. Ideally the plugin should be dispayed but here it is not like that.

        Manage Jenkins

        Configure global settings and paths.