Skip to content

SCA Pipeline Failure

The CI job 'sca_scan' failed tonight.

Here is what I found in the job logs:

Hoplite Config Deprecation

Multiple steps printed this message. I guess we have to do something about it, but I don't think this caused the job failure.

Hoplite is configured to infer which sealed type to choose by inspecting the config values at runtime. This behaviour is now deprecated in favour of explicitly specifying the type through a discriminator field. In 3.0 this new behavior will become the default. To enable this behavior now (and disable this warning), invoke withExplicitSealedTypes() on the ConfigLoaderBuilder.

chmod Permission Errors

One of the multi-line commands tried to recursively chmod the directory /builds/SiLA2/sila_python/, which caused hundreds of permission errors. I guess we have to do something about it, but I don't think this caused the job failure.

PythonInspector Warnings

The PythonInspector raised three warnings. I don't understand what caused them, but I think they are false positives and did not cause the job failure.

21:12:29.033 [DefaultDispatcher-worker-1] WARN  org.ossreviewtoolkit.plugins.packagemanagers.python.utils.PythonInspector - The number of unique dependencies (17) does not match the number of packages (16), which might indicate a bug in python-inspector.
21:12:29.036 [DefaultDispatcher-worker-1] WARN  org.ossreviewtoolkit.plugins.packagemanagers.python.utils.PythonInspector - Packages that are not contained as dependencies: [pkg:pypi/sila2-example-server]
21:12:29.036 [DefaultDispatcher-worker-1] WARN  org.ossreviewtoolkit.plugins.packagemanagers.python.utils.PythonInspector - Dependencies that are not contained as packages: []

OSSIndex Errors

This step produces this log output:

0 of 16 package(s) (not counting excluded ones) are vulnerable, with 0 vulnerabilities in total.
Resolved issues: 0 errors, 0 warnings, 0 hints.
Unresolved issues: 16 errors, 0 warnings, 0 hints.
There are 16 unresolved issues with a severity equal to or greater than the ERROR threshold.

According to the HTML report, the step "OSS Index" failed on all PyPI dependencies with "HttpException: HTTP 401".

I assume this caused the job failure. A repeated job execution produces the same results and PyPI.org is working without issues, so I assume this is a configuration issue on our side.

Edited by Niklas Mertsch