This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Support for Java 17 fortifydocker/fortify-ci-tools

Is it safe to assume that  as of yet fortifydocker/fortify-ci-tools does not support projects built with Java 17 ?

(hence the errors I am getting during compilation that the maven plugin is failing because of unsupported Java 17?)

I want to make sure before I go through the trouble of downgrading the runtime of the apps I am trying to perform SCA against in my build pipeline

#gitlab.yml file
stages:
    - sca
    - build
    - deploy


sca:
    image: fortifydocker/fortify-ci-tools:3-jdk-11
    stage: sca
    script:
        - echo "140.147.218.110 c2vwdffsctrl01.loctest.gov" | tee -a /etc/hosts
        - mkdir -p /opt/Fortify/ScanCentral/Core/config
        - touch /opt/Fortify/ScanCentral/Core/config/client.properties
        - echo client_auth_token=loctest > /opt/Fortify/ScanCentral/Core/config/client.properties
        - scancentral -url "http://c2vwdffsctrl01.loctest.gov/scancentral-ctrl/" start -bt mvn -upload -application "build-demo2" -version "1.0.0" -uptoken $CIToken -log-file build-demo2.log 

#Build Failure logs from GitLab Runner

Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.13.0/plexus-compiler-javac-2.13.0.jar (23 kB at 242 kB/s)
[INFO] Changes detected - recompiling the module! :dependency
[INFO] Compiling 2 source files with javac [debug release 17] to target/classes
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  9.581 s
[INFO] Finished at: 2023-07-04T19:19:14Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.11.0:compile (default-compile) on project build-demo2: Fatal error compiling: error: release version 17 not supported -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Error generating scan specification
Command execution failure
Shutting down with errors. Please see log for details.
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

  • The easiest way to run this is to build on the runner, then use fortify-ci-tools to package and send to scancentral.  

    • Build on runner
    • Use scancentral client to package and send to the controller.  You will need to add -skipbuild 

    -bt mvn -skipBuild

    Then you won't need Java 17 to build.

  • in reply to 

    THANK YOU JOHN!!!!

    Worked like a charm!!!

  •   in reply to 

    Alternatively, I've released fortifydocker/fortify-ci-tools:4-jdk-17 yesterday; can you please give this a try as well? (note that this is a major release due to significant internal refactoring, so you'll need to update the image version specified in the tag from 3 to 4)