cdxgen icon indicating copy to clipboard operation
cdxgen copied to clipboard
verified publisher icon CycloneDX

No error returned when failed to push to Dependency Track

Open dmuse89 opened this issue 4 years ago • 3 comments

I am currently implementing this tool into our pipelines (kudos, btw, on creating a great all-in-one CycloneDX SBOM Generator) and the pipeline is still still passing, although an error is shown in the cdxgen tool and fails to upload to Dependency Track v4.3.6 (see attached image).

In the event of an error, the application should return an error value to the OS.

image

Command called: cdxgen --project-name $CI_PROJECT_NAME --project-version $CI_COMMIT_REF_NAME --server-url $DT_SERVER_URL --api-key $DT_API_KEY -p -r

dmuse89 avatar Jan 04 '22 12:01 dmuse89

@dmuse89 Could you check the value set for DT_SERVER_URL. The code is appending the argument with /api/v1/bom here

https://github.com/AppThreat/cdxgen/blob/master/index.js#L2068

prabhu avatar Jan 11 '22 16:01 prabhu

Hey @prabhu, indeed that appeared to be the issue in this case. Nevertheless, in the event that cdxgen fails, then it should return an error code to the calling application.

dmuse89 avatar Jan 17 '22 14:01 dmuse89

@dmuse89 I agree. Will keep this ticket open and add some error checks.

prabhu avatar Jan 17 '22 16:01 prabhu