Failed SENSOR authorization for SAST 24.2

Software and Versions

  • SSC 24.2
  • SAST Controller 24.2
  • SAST Sensor 24.2

Operating System

  • The 3 containers are running on a RHEL 8 VM using podman compose
  • The scancentral client is running on a separate RHEL 8 VM using the scancentral CLI

Description

This is a new installation. All 3 containers are up and can connect to each other. The SSC Dashboard shows the controller and scanner as present and online in the UI.

When I run a scan with the client, I get the following error:

SAST Client

Command

./scancentral -url https://<controller_url_and_port>/scancentral-ctrl start --upload-to-ssc --ssc-upload-token <token> --application DSO --application-version 0.0.0.0 --build-tool none

Error

launcher.log will be stored in "<path_to>/.fortify/scancentral-24.2.0/log" directory.
Checking for updates...
No update available or auto update is disabled on the controller.
scancentral.log will be stored in "<path_to>/.fortify/scancentral-24.2.0/log" directory.
Verifying controller URL...
The Controller at https://<controller_url_and_port>/scancentral-ctrl is UP
No email address detected. No status emails will be sent for this job.
Gathering project information...
Run packaging without build tool integration.
Packaging project...
Compressing job files...
Restructuring SCA arguments...
Uploading job...
Uploading of job to Controller failed with error
ErrorResponse: Failed to access application version: DSO-0.0.0.0. Could not extract response: no suitable HttpMessageConverter found for response type [class com.fasterxml.jackson.databind.JsonNode] and content type [text/html;charset=ISO-8859-1]
Shutting down with errors. Please see log for details.

Log File

<path_to>/.fortify/scancentral-24.2.0/log/scancentral.log

Content

2024-11-06 09:30:14,158 [INFO] com.fortify.cloud.cli.Main - Shutting down with errors.
2024-11-06 09:30:18,484 [WARN] org.springframework.http.client.HttpComponentsClientHttpRequestFactory - HttpComponentsClientHttpRequestFactory.setReadTimeout has no effect
2024-11-06 09:30:18,820 [INFO] com.fortify.cloud.cli.Main - Initializing ScanCentral version: 24.2.0.0050
2024-11-06 09:30:18,827 [INFO] com.fortify.cloud.cli.command.UnrecognizedArgumentCommand - Executing
2024-11-06 09:30:18,829 [INFO] com.fortify.cloud.cli.command.ValidateScanModeArgumentsCommand - Executing
2024-11-06 09:30:18,829 [INFO] com.fortify.cloud.cli.command.FindUrlCommand - Executing
2024-11-06 09:30:18,830 [INFO] com.fortify.cloud.cli.command.PingCommand - Executing
2024-11-06 09:30:18,990 [INFO] com.fortify.cloud.cli.command.SscLockdownCommand - Executing
2024-11-06 09:30:18,996 [INFO] com.fortify.cloud.cli.command.SscLockdownCommand - SSC lockdown mode is disabled
2024-11-06 09:30:18,996 [INFO] com.fortify.cloud.cli.command.ValidatePoolUuidCommand - Executing
2024-11-06 09:30:18,996 [INFO] com.fortify.cloud.cli.command.GetDescriptiveDataCommand - Executing
2024-11-06 09:30:18,996 [INFO] com.fortify.cloud.cli.command.GetStartModeCommand - Executing
2024-11-06 09:30:18,996 [INFO] com.fortify.cloud.cli.command.ValidateScaArgsCommand - Executing
2024-11-06 09:30:18,996 [INFO] com.fortify.cloud.cli.command.GenerateProjectPackageCommand - Executing
2024-11-06 09:30:19,282 [INFO] com.fortify.cloud.cli.command.CheckFilesCommand - Executing
2024-11-06 09:30:19,283 [INFO] com.fortify.cloud.cli.command.CompressJobFilesCommand - Executing
2024-11-06 09:30:19,288 [INFO] com.fortify.cloud.cli.command.RestructureScaArgsCommand - Executing
2024-11-06 09:30:19,288 [INFO] com.fortify.cloud.cli.command.UploadCommand - Executing
2024-11-06 09:30:19,291 [INFO] com.fortify.cloud.cli.command.UploadCommand - Uploading 5762 byte file
2024-11-06 09:30:19,327 [ERROR] com.fortify.cloud.cli.Main - Uploading of job to Controller failed with error
com.fortify.cloud.cli.exceptions.CommandException: Uploading of job to Controller failed with error
at com.fortify.cloud.cli.command.AbstractCommand.throwCommandException(AbstractCommand.java:306) ~[shared-cli-24.2.0.0050.jar:?]
at com.fortify.cloud.cli.command.UploadCommand.execute(UploadCommand.java:125) ~[scancentral-cli-24.2.0.0050.jar:?]
at com.fortify.cloud.cli.AbstractMain.executeChain(AbstractMain.java:191) [scancentral-cli-24.2.0.0050.jar:?]
at com.fortify.cloud.cli.Main.main(Main.java:36) [scancentral-cli-24.2.0.0050.jar:?]
Caused by: com.fortify.cloud.cli.exceptions.ControllerResponseException: ErrorResponse: Failed to access application version: DSO-0.0.0.0. Could not extract response: no suitable HttpMessageConverter found for response type [class com.fasterxml.jackson.databind.JsonNode] and content type [text/html;charset=ISO-8859-1]
at com.fortify.cloud.cli.command.AbstractCommand.handleResponseBody(AbstractCommand.java:84) ~[shared-cli-24.2.0.0050.jar:?]
at com.fortify.cloud.cli.command.AbstractCommand.callController(AbstractCommand.java:124) ~[shared-cli-24.2.0.0050.jar:?]
at com.fortify.cloud.cli.command.UploadCommand.execute(UploadCommand.java:109) ~[scancentral-cli-24.2.0.0050.jar:?]
... 2 more

SAST Controller

Log File

scancentralCtrl.log

Content

2024-11-05 16:53:13,569 [WARN] org.springframework.boot.context.properties.PropertySourcesDeducer - Multiple PropertySourcesPlaceholderConfigurer beans registered [org.springframework.context.support.PropertySourcesPlaceholderConfigurer#0, org.springframework.context.support.PropertySo$
rcesPlaceholderConfigurer#1], falling back to Environment
2024-11-05 16:53:13,698 [WARN] org.springframework.core.LocalVariableTableParameterNameDiscoverer - Using deprecated '-debug' fallback for parameter name resolution. Compile the affected code with '-parameters' instead or avoid its introspection: com.fortify.cloud.ctrl.spring.Throwable$
dvisor
2024-11-05 16:53:14,808 [WARN] org.hibernate.orm.deprecation - HHH90000025: H2Dialect does not need to be specified explicitly using 'hibernate.dialect' (remove the property setting and it will be selected by default)
2024-11-05 16:53:17,078 [INFO] com.fortify.cloud.ctrl.util.CtrlVersionUtil - Following ScanCentral client versions are available for remote installation: [,24.2.0.0050]
2024-11-05 16:53:17,947 [INFO] com.fortify.cloud.ctrl.spring.ApplicationContextProvider - ScanCentral version: 24.2.0.0050
2024-11-05 16:53:17,988 [INFO] com.fortify.cloud.ctrl.spring.security.authentication.ssc.SscAuthenticationManager - Using SSC remote IP ranges: 0.0.0.0/0
2024-11-05 16:53:20,738 [INFO] com.fortify.cloud.ctrl.util.SystemMetricUtils - Started at Tue Nov 05 16:53:20 UTC 2024
2024-11-05 16:53:21,219 [INFO] com.fortify.cloud.ctrl.service.PoolManagerServiceImpl - Creating StaticPool.GLOBAL(00000000-0000-0000-0000-000000000001)
2024-11-05 16:53:21,289 [INFO] com.fortify.cloud.ctrl.service.PoolManagerServiceImpl - Setting pool to 00000000-0000-0000-0000-000000000001 for unassigned workers
2024-11-05 16:53:21,300 [INFO] com.fortify.cloud.ctrl.service.PoolManagerServiceImpl - Creating StaticPool.DEFAULT(00000000-0000-0000-0000-000000000002)
2024-11-05 16:53:21,303 [INFO] com.fortify.cloud.ctrl.service.PoolManagerServiceImpl - Setting pool to 00000000-0000-0000-0000-000000000002 for unassigned jobs
2024-11-05 16:53:21,318 [INFO] com.fortify.cloud.ctrl.service.PoolManagerServiceImpl - Configured pool mapping mode: DISABLED
2024-11-05 16:53:21,575 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/shutdown] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:21,580 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/request] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:25,798 [INFO] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/hello] com.fortify.cloud.ctrl.web.controller.rest.SensorController - Controller entered WORKER HELLO handler
2024-11-05 16:53:25,799 [INFO] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/hello] com.fortify.cloud.ctrl.web.controller.rest.SensorController - WORKER_ACTIVITY:10.89.0.4:hello
2024-11-05 16:53:25,804 [INFO] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/hello] com.fortify.cloud.ctrl.service.WorkerManagerServiceImpl - Registering new worker: UUID 2dd39e02-2cb4-41c6-b1c0-ae5ba4ce95d4, process UUID 743fae6b-5f4f-498c-bbfe-d3f648b85858
2024-11-05 16:53:25,827 [INFO] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/hello] com.fortify.cloud.ctrl.entity.AbstractEntity - The state of worker 2dd39e02-2cb4-41c6-b1c0-ae5ba4ce95d4 changed: NEW -> ACTIVE
2024-11-05 16:53:26,587 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/shutdown] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:26,590 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/request] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:31,594 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/shutdown] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:31,598 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/request] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:36,602 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/shutdown] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:36,605 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/request] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:41,609 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/shutdown] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:41,612 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/request] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:46,620 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/shutdown] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:46,627 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/worker/request] com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization [10.89.0.4/2ca329bc-1765-42bb-b282-ee94b4466549] with fortify-worker header
2024-11-05 16:53:48,710 [INFO] [10.89.0.4 POST /scancentral-ctrl/rest/v2/job] com.fortify.cloud.ctrl.service.rest.SscRestClientImpl - Calling GET on endpoint: /cloudmappings/mapByVersionName?projectName={0}&projectVersionName={1}, with arguments: [DSO, 0.0.0.0]
2024-11-05 16:53:50,106 [ERROR] [10.89.0.4 POST /scancentral-ctrl/rest/v2/job] com.fortify.cloud.ctrl.service.SscUploadServiceImpl - Failed to access application version: DSO-0.0.0.0. Could not extract response: no suitable HttpMessageConverter found for response type [class $
om.fasterxml.jackson.databind.JsonNode] and content type [text/html;charset=ISO-8859-1]

The primary errors seem to be:

  • Caused by: com.fortify.cloud.cli.exceptions.ControllerResponseException: ErrorResponse: Failed to access application version: DSO-0.0.0.0. Could not extract response: no suitable HttpMessageConverter found for response type [class com.fasterxml.jackson.databind.JsonNode] and content type [text/html;charset=ISO-8859-1]
  • com.fortify.cloud.ctrl.spring.security.authentication.sensor.SensorAuthenticationManager - Failed SENSOR authorization

Is there a known fix for this issue?