Fortify Static Assessment Azure DevOps Fails

Hi, I have an azure agent self hosted in a docker container that I use for my pipelines. I want to run a static scan to an application but I can't do it because I recieve the following error.

My ssc has ssl and I installed in the agent, java keystore and sca keystore the certificate and I'm still getting this error. Why is this happening?

  1. ##[debug]task result: Failed
    ##[debug]Processed: ##vso[task.issue type=error;source=TaskInternal;]request to https://hostname:8443/ssc/api/v1/projectVersions?fields=id&q=project.name:%22Project%22%2BAND%2Bname:%22SCA-AzureDevOps-main%22 failed, reason: getaddrinfo ENOTFOUND hostname
    ##[debug]Processed: ##vso[task.complete result=Failed;]request to https://hostname:8443/ssc/api/v1/projectVersions?fields=id&q=project.name:%22Project%22%2BAND%2Bname:%22SCA-AzureDevOps-main%22 failed, reason: getaddrinfo ENOTFOUND hostname
    Finishing: Fortify Static Scan SCA
  • 0  

    This appears to be a DNS problem, that the Runner cannot resolve the SSC Server's host name, e.g.  https://hostname:8443

    Ref:  https://querysurge.zendesk.com/hc/en-us/articles/360056713972-Using-QuerySurge-Integration-with-Azure-DevOps-Versions-8-2

    Troubleshooting

    Following are some common error messages and typical resolutions:

    • getaddrinfo ENOTFOUND hostname hostname:80
      The specified QuerySurge app server hostname could not be resolved in DNS. Possible causes: Incorrect hostname, using only a machine name instead of the fully-qualified host name, using a Microsoft-hosted build agent when QuerySurge is only accessible from an internal network, DNS issues on the build agent.
  • 0   in reply to   

    Strange because I sent a curl command and it returned the following (censored the ip and hostname) like is recognizing the hostname from SSC server. 

    root@aa9faa7bef7a:/opt/Certificates# curl -v
    https://hostname:8443/ssc
    *   Trying ipaddresss:8443...
    * Connected to hostname (hostname) port 8443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    *  CAfile: /etc/ssl/certs/ca-certificates.crt
    *  CApath: /etc/ssl/certs
    * TLSv1.0 (OUT), TLS header, Certificate Status (22):
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS header, Certificate Status (22):
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS header, Finished (20):
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    * TLSv1.3 (IN), TLS handshake, Certificate (11):
    * TLSv1.3 (IN), TLS handshake, CERT verify (15):
    * TLSv1.3 (IN), TLS handshake, Finished (20):
    * TLSv1.2 (OUT), TLS header, Finished (20):
    * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
    * TLSv1.2 (OUT), TLS header, Supplemental data (23):
    * TLSv1.3 (OUT), TLS handshake, Finished (20):
    * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
    * ALPN, server did not agree to a protocol
    * Server certificate:
    *  subject: C=xx; ST=xx; L=xx; O=xx; OU=xx; CN=hostname; emailAddress=xxx
    *  start date: Apr 16 22:49:53 2024 GMT
    *  expire date: Apr 15 22:49:53 2028 GMT
    *  subjectAltName: host "hostname" matched cert's "hostname"
    *  issuer: C=xx; ST=xx; L=xx; O=xx; OU=xx; CN=hostname; emailAddress=xxx
    *  SSL certificate verify ok.
    * TLSv1.2 (OUT), TLS header, Supplemental data (23):
    > GET /ssc HTTP/1.1
    > Host: hostname:8443
    > User-Agent: curl/7.81.0
    > Accept: */*
    >
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    * Mark bundle as not supporting multiuse
    < HTTP/1.1 302
    < Location: /ssc/
    < Transfer-Encoding: chunked
    < Date: Tue, 28 May 2024 21:38:28 GMT
    <
    * Connection #0 to host hostname left intact

  • 0   in reply to   

    also this one returns the ip address from the server getent hosts hostname | awk '{ print $1 }'

  • 0  

    Now I have a different error (I managed to troubleshoot the other one) 

    ##[debug]Processed: ##vso[task.issue type=error;source=TaskInternal;]request to https://hostname:8443/ssc/api/v1/projectVersions?fields=id&q=project.name:%22Project%22%2BAND%2Bname:%22SCA-AzureDevOps-main%22 failed, reason: self signed certificate
    ##[debug]Processed: ##vso[task.complete result=Failed;]request to https://hostname:8443/ssc/api/v1/projectVersions?fields=id&q=project.name:%22Project%22%2BAND%2Bname:%22SCA-AzureDevOps-main%22 failed, reason: self signed certificate
    Why is this one?