Develop Reference

Veracode missing supporting files

I'm using Upload & scan method for my Java Maven project, but everytime after waiting between 10 to 20min, I receive an empty Veracode report
stage('Upload & Scan') {
steps {
veracode applicationName: '****',
criticality: 'VeryHigh',
createSandbox: true,
sandboxName: '*****',
scanName: "22/11/2021-9h23",
waitForScan: true,
timeout: 120,
uploadIncludesPattern: "****.zip",
vid: '********',
vkey: '******',
debug: true
}
}
FYI: before this stage i have 3 other stages: Build, Deploy in artifactory and zip (for zipping JARs

Have you follow the compilation instructions for Java?
Using the standard Java compiler, run the javac command with the -g option to obtain debug symbols, for example:
javac -g test1.java
Eclipse IDE Settings -
If you develop the project with Eclipse:
Go to Project > Properties.
Select the Java compiler properties.
Under Classfile Generation, select these options:
Add variable attributes to generated class files
Add line number attributes to generated class files
Add source file name to generated class files
Maven Settings -
If you build the project using Maven, include a directive to use the Maven compiler plugin in pom.xml, for example:
<build>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<debug>true</debug>
<debuglevel>lines,vars,source</debuglevel>
</configuration>
</plugin>
</plugins>
</build>
After making this change, use mvn compile or mvn package to build and package the project. The project now includes debug symbols with the application.
Gradle Settings -
If you use Gradle to build the project, after applying the Java plugin, configure the build task to add line numbers and local variables in the build.gradle file. For example:
apply plugin: 'java'
compileJava.options.debug = true
compileJava.options.debugOptions.debugLevel = "source,lines,vars"
Ant Settings -
If you build the project using Ant, you must enable the debug property in the javac tasks, for example:
<javac debug="on"> ... set of classes
</javac>

Unable to execlude packages from code analysis

I am using Spring Boot JPA example and in the pom.xml we've configured to completely exclude the packages to to be removed during static code analysis.
<properties>
<java.version>1.8</java.version>
<sonar.exclusions>
**/enums/**/*,**/entity/**/*,**/constant/**/*,**/dto/**/*,**/repository/**/*
</sonar.exclusions>
<sonar.test.exclusions>**/test/**</sonar.test.exclusions>
</properties>
But we've seen that these packages are not getting excluded. Any pointers why ?

Follow this procedure to exclude these packages:
Click on your project name in SonarQube -> Administration -> General Settings -> Analysis Scope -> Source File Exclusions (You can put the file pattern in the text box)
This will skip the files which matches the given pattern.

Create and Publish nuget packages from TFS build process?

I want to create nuget packages (and deploy them to my private nuget repository) after my assemblies are compiled.
I tried setting everything up by using NuGetter, but that project is kind of inactive and only allows you to build one package/project while I need one package/assembly.
Now I'm kind of stuck. I'm currently looking at their source, hoping to make it more useable for me.
What I'm asking here, in parallel, is: Does anyone have a finished solution for publishing/creating nuget packages from TFS 2012 and/or TFS2010 for multi-package solutions?

I tried setting everything up by using NuGetter, but that project is kind of inactive and only allows you to build one package/project while I need one package/assembly.
NuGetter does support multiple packages, i only use the multiple package method now as you can use it for single or multiple packages.
by using a packages xml file you can specify the multiple packages
<?xml version="1.0"?>
<NuGetterPackages>
<NuGetterPackage name="Package1">
<NuSpecFilePath>Package1.nuspec</NuSpecFilePath>
<BasePath>NuGetPrePackage_Package1</BasePath>
<InvokePowerShell>True</InvokePowerShell>
<PowerShellScriptPath>PrePackage_Package1.ps1</PowerShellScriptPath>
<InvokePush>True</InvokePush>
<OutputDirectory>NuGetPackage</OutputDirectory>
<PushDestination>\\MYFeedLoc\NugetFeed</PushDestination>
<Version>1.0.J.B</Version>
</NuGetterPackage>
<NuGetterPackage name="Package2">
<NuSpecFilePath>Package2.nuspec</NuSpecFilePath>
<BasePath>NuGetPrePackage_Package2</BasePath>
<InvokePowerShell>True</InvokePowerShell>
<PowerShellScriptPath>PrePackage_Package2.ps1</PowerShellScriptPath>
<InvokePush>True</InvokePush>
<OutputDirectory>NuGetPackage</OutputDirectory>
<PushDestination>\\MYFeedLoc\NugetFeed</PushDestination>
<Version>1.0.J.B</Version>
</NuGetterPackage>
</NuGetterPackages>
under source control i have the packages.xml file, and then per Nuget Package a powershell file and a nuspec file.
Nuspec File looks like this
<?xml version="1.0"?>
<package >
<metadata>
<id>Package1</id>
<version>$version$</version>
<title>Package1</title>
<authors>Package1 Author</authors>
<owners>Package1 Owner</owners>
<iconUrl>http://Iconserver/nextlogo.png</iconUrl>
<requireLicenseAcceptance>false</requireLicenseAcceptance>
<description>Description of Contents</description>
<releaseNotes>First release of the package.</releaseNotes>
<copyright>Copyright 2014</copyright>
<tags>Space Seperated Tags</tags>
<dependencies>
<dependency id="AnyLatestDependencyIMayHAve" version=""/>
<dependency id="AFixedDependencyIMayHAve" version="[1.0.0]"/>
</dependencies>
</metadata>
</package>
And then a Powershell file that just creates the folder structure within the BasePathDeclaration in the Packages.xml, this is the same file as shown on the NuGetter site
I have added a full explanation at my blog

Non-resolvable parent POM using Maven 3.0.3 and relativePath notation

After migrating to Mavent 3.0.3 Parent poms in several Projects cannot be resolved anymore.
The Projects are structured in a default manner, so I set
parent.relativePath to "../pom.xml"
superpom (located in repository)
|-rootpom (located locally: no error)
|-|-parentpom (located locally: error resolving parent)
|-|-|-module1 (located locally: error resolving parent)
|-|-|-module2 (located locally: error resolving parent)
|-|-|-module3 (located locally: error resolving parent)
|-|-|-module4 (located locally: error resolving parent)
The Error...
Non-resolvable parent POM for myGroup:myArtifactId:1.0: Failure to
find myGroup:myParentArtifactId:1.0 in
http://myRepo.net/archiva/repository/maven2 was cached in the local
repository, resollution will not be reattempted until the update
interval of maven2 has elapsed or updates are forced and
'parent.relativePath' points at wrong local POM #
myGroup:myParentArtifactId:1.0, C:\myProjectDir\parent\pom.xml, line
x, column y -> [Help 2]
... seems to indicate that the pom was searched for in the repository, so I wonder why the pom was not found locally before looked elsewhere.
I have read that maven3 might get confused when several repositories are defined in the settings.xml, but that was always when searching for a pom inside repositories and not locally.
update
Up until now we did execute the maven build on the parent-project level (parentpom) - a fact which I did not know was important, since maven2 completed successfully until now.
When using maven3 this seems to be of importance.
When executing maven3 on the root-project level (rootpom) the build finishes successfully.
So my immediate problem is solved.
Since I don't necessarily want to answer my own question maybe
someone can explain why maven3 behaves this way now or why the old
approach was wrong.

Make sure you Double-Check that the version you refer to in the child-pom is the same as that in the parent-pom. For me, I'd bumped version in the parent and had it as 3.1.0.0-RELEASE, but in the child-pom, I was still referring to the previous version via relativePath, and had it defined as 2.0.0.0-SNAPSHOT. It did not make any difference if I included just the parent directory, or had the "pom.xml" appended to the directory:
<parent>
<artifactId>eric-project-parent</artifactId>
<groupId>com.eric.common</groupId>
<!-- Should be 3.1.0.0-RELEASE -->
<version>2.0.0.0-SNAPSHOT</version>
<relativePath>
../../EricParentAsset/projects/eric-project-parent</relativePath>
</parent>

Here is answer to your question.
By default maven looks in ../pom.xml for relativePath. Use empty <relativePath/> tag instead.

'parent.relativePath' points at wrong local POM #
myGroup:myParentArtifactId:1.0, C:\myProjectDir\parent\pom.xml
This indicates that maven did search locally for the parent pom, but found that it was not the correct pom.
Does pom.xml of parentpom correctly define the parent pom as the pom.xml of rootpom?
Does rootpom folder contain pom.xml as well as the paretpom folder?

I had the same problem. My project layout looked like
\---super
\---thirdparty
+---mod1-root
| +---mod1-linux32
| \---mod1-win32
\---mod2-root
+---mod2-linux32
\---mod2-win32
In my case, I had a mistake in my pom.xmls at the modX-root-level. I had copied the mod1-root tree and named it mod2-root. I incorrectly thought I had updated all the pom.xmls appropriately; but in fact, mod2-root/pom.xml had the same group and artifact ids as mod1-root/pom.xml. After correcting mod2-root's pom.xml to have mod2-root specific maven coordinates my issue was resolved.

You need to check your relative path, based on depth of your modules from parent if module is just below parent then in module put relative path as:
../pom.xml
if its 2 level down then
../../pom.xml

Please check in logs if you have http.HttpWagon$__sisu1:Cannot find 'basicAuthScope' this error or warning also, if so you need to use maven 3.2.5 version, which will resolve error.

<parent>
<groupId>com.test.vaquar.khan</groupId>
<artifactId>vk-parent</artifactId>
<version>1.0.0-SNAPSHOT</version>
<relativePath>../projectname/pom.xml</relativePath>
</parent>
Add following line in parent
<relativePath>../projectname/pom.xml</relativePath>
You need relative path if you are building from local parent pom not available in nexsus, add pom in nexus then no need this path

For me, it works when I double checked the parent´s "group ID" and "artifact ID" that in my case were the wrong ones and that was the problem.

Could not create task or type: getProjectData from Ant

I am trying to run an Ant task from within IBM RSA IDE using Ant build ...
I get the following error message:
BUILD FAILED
build.xml:21: Could
not create task or type of type: getProjectData.
Ant could not find the task or a class this task relies upon.
This is common and has a number of causes; the usual
solutions are to read the manual pages then download and
install needed JAR files, or fix the build file:
- You have misspelt 'getProjectData'.
Fix: check your spelling.
- The task needs an external JAR file to execute
and this is not found at the right place in the classpath.
Fix: check the documentation for dependencies.
Fix: declare the task.
- The task is an Ant optional task and the JAR file and/or libraries
implementing the functionality were not found at the time you
yourself built your installation of Ant from the Ant sources.
Fix: Look in the ANT_HOME/lib for the 'ant-' JAR corresponding to the
task and make sure it contains more than merely a META-INF/MANIFEST.MF.
If all it contains is the manifest, then rebuild Ant with the needed
libraries present in ${ant.home}/lib/optional/ , or alternatively,
download a pre-built release version from apache.org
- The build file was written for a later version of Ant
Fix: upgrade to at least the latest release version of Ant
- The task is not an Ant core or optional task
and needs to be declared using <taskdef>.
- You are attempting to use a task defined using
<presetdef> or <macrodef> but have spelt wrong or not
defined it at the point of use
Remember that for JAR files to be visible to Ant tasks implemented
in ANT_HOME/lib, the files must be in the same directory or on the
classpath
Please neither file bug reports on this problem, nor email the
Ant mailing lists, until all of these causes have been explored,
as this is not an Ant bug.
Here's the Ant buildfile:
<!-- Get property locationName. -->
<target name="config">
<echo message="${ear.project.name}" />
<getProjectData projectName="${ear.project.name}" />
</target>
I am not quite sure what the problem is here because the error message seems not helpful. Any suggestions?

I believe getProjectData is an IBM extension to ant. Like you, I had a similar error, but I was able to get it working after ensuring the Run in the same JRE as the workspace option was enabled (which you can find by right-clicking the build file, run-as, Ant Build..., and selecting the option on the JRE tab).
I discovered the solution on the IBM info center:
The Run in the same JRE as the workspace option enables the classpath
of the workbench to access the additional Ant tasks that perform
operations that are specific to the workbench, such as projectImport,
projectBuild, workspaceBuild, ejbDeploy, or earExport. If your Ant
build script uses any Ant tasks that perform workbench operations,
verify that you selected the Run in the same JRE as the workspace
option; otherwise you might get the following error message in the
Console view:
Problem: failed to create task or type <Ant task> Cause:
The name is undefined.
The build file I used looked like this:
<?xml version="1.0"?>
<project name="Test" default="config" basedir=".">
<target name="config">
<getProjectData Basedir="${basedir}" />
<echo message="getProjectData: projectName=${projectName}
nature=${natureName}
workspace=${workspaceName}
basedir=${basedir}" />
</target>
</project>
And output:
Buildfile: C:\DATA\java\workspace\test-java\build.xml
config:
[getProjectData] Setting projectName=test-java
[getProjectData] Retrieved following Project Data :
[getProjectData] workspaceName=C:\DATA\java\workspace
[getProjectData] natureName=Java
[echo] getProjectData: projectName=test-java
nature=Java
workspace=C:\DATA\java\workspace
basedir=C:\DATA\java\workspace\test-java
BUILD SUCCESSFUL
Total time: 78 milliseconds