다음을 통해 공유


Resolution for WhiteSource “Unhandled: error is not defined” and “where’s my project” issues in our CI/CD pipelines

One of the pipeline we’re fine-tuning as outlined in the manage your open source usage and security as reported by your CI/CD pipeline post was recently blocked with two issues.

Issue 1 - “Unhandled: error is not defined”

Last week the build started to fail with the “Unhandled: error is not defined” issue, as shown. 

SNAGHTML4678543

We reported the issue to WhiteSource support for the WhiteSource extension. A fix was released over the weekend, with another update 0.1.9 showing up on the marketplace.

A great example of responsiveness, which unblocked our pipeline. Thank you Thumbs up

Issue 2 - “where’s my project”?

The build succeeded. The task sent data to WhiteSource (1), analysing a whopping 8002 dependencies (2). However, the project and associated scan results did not appear on our WhiteSource dashboard?!?

SNAGHTML5703d25

We’re planning to reduce the 8002 dependencies, as outlined in manage your open source usage and security as reported by your CI/CD pipeline . We kept the pipeline “as is” to preserve evidence, while investigating these issues.

Looking at the build summary we notice that the WhiteSource scan reported a policy rejection.

SNAGHTML4690154

Going back to the WhiteSource task configuration we note that we have configured Check policies (1) to send an email when there’s a policy rejection. This explains why the Fail on error (2) setting had no effect. But where’s the scan data?

Simple … when there is a policy rejection, the scan results are not updated, unless we explicitly check the Force update (3) setting.

SNAGHTML57e625c

Simply “click” the checkbox to flip the “force update” feature, and the scan results are updated on the WhiteSource dashboard.

Now to reduce the 8002 dependencies …