One of the pipeline we’re fine-tuning as outlined in the manage your open source usage and security as reported by your CI/CD pipeline post was recently blocked with two issues.
Issue 1 - “Unhandled: error is not defined”
Last week the build started to fail with the “Unhandled: error is not defined” issue, as shown.
A great example of responsiveness, which unblocked our pipeline. Thank you
Issue 2 - “where’s my project”?
The build succeeded. The task sent data to WhiteSource (1), analysing a whopping 8002 dependencies (2). However, the project and associated scan results did not appear on our WhiteSource dashboard?!?
We’re planning to reduce the 8002 dependencies, as outlined in manage your open source usage and security as reported by your CI/CD pipeline. We kept the pipeline “as is” to preserve evidence, while investigating these issues.
Looking at the build summary we notice that the WhiteSource scan reported a policy rejection.
Going back to the WhiteSource task configuration we note that we have configured Check policies (1) to send an email when there’s a policy rejection. This explains why the Fail on error (2) setting had no effect. But where’s the scan data?
Simple … when there is a policy rejection, the scan results are not updated, unless we explicitly check the Force update (3) setting.
Simply “click” the checkbox to flip the “force update” feature, and the scan results are updated on the WhiteSource dashboard.
Now to reduce the 8002 dependencies …