Dependency List page should not show error when job succeeds
After running the dependency_scanning job from AutoDevops, over a Vue project, without errors, the Dependency List page shows an error.
Job failed to generate the dependency list
The dependency_scanning job has failed and cannot generate the list.
Please ensure the job is running properly and run the pipeline again.
Relevant logs and/or screenshots
Job Log
Expand for output related to the GitLab application check
Running with gitlab-runner 12.2.0 (a987417a) on runner-gitlab-runner-7fd8cdb4cf-vrjqj 5sx1e2wp Using Kubernetes namespace: gitlab-managed-apps Using Kubernetes executor with image docker:stable ... Waiting for pod gitlab-managed-apps/runner-5sx1e2wp-project-3-concurrent-1j84fq to be running, status is Pending Waiting for pod gitlab-managed-apps/runner-5sx1e2wp-project-3-concurrent-1j84fq to be running, status is Pending Waiting for pod gitlab-managed-apps/runner-5sx1e2wp-project-3-concurrent-1j84fq to be running, status is Pending Running on runner-5sx1e2wp-project-3-concurrent-1j84fq via runner-gitlab-runner-7fd8cdb4cf-vrjqj... Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/indimin/web-temporal/.git/ Created fresh repository. From https://XXXX.com/indimin/web-temporal * [new branch] master -> origin/master Checking out b3569fd2 as master... Skipping Git submodules setup $ export DS_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')} $ if ! docker info &>/dev/null; then # collapsed multi-line command $ function propagate_env_vars() { # collapsed multi-line command $ docker run \ # collapsed multi-line command Unable to find image 'registry.gitlab.com/gitlab-org/security-products/dependency-scanning:12-3-stable' locally 12-3-stable: Pulling from gitlab-org/security-products/dependency-scanning 6c23a00b1a9b: Pulling fs layer 6c23a00b1a9b: Download complete 6c23a00b1a9b: Pull complete Digest: sha256:396ac8102ac418b2108cbe30b4e8c131d23e69f799c5f1e94199d459d521f4ef Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/dependency-scanning:12-3-stable 2019/10/15 01:05:14 Copy project directory to containers 2019/10/15 01:05:14 [bundler-audit] Detect project using plugin 2019/10/15 01:05:14 [bundler-audit] Project not compatible 2019/10/15 01:05:14 [gemnasium] Detect project using plugin 2019/10/15 01:05:14 [gemnasium] Project not compatible 2019/10/15 01:05:14 [gemnasium-maven] Detect project using plugin 2019/10/15 01:05:14 [gemnasium-maven] Project not compatible 2019/10/15 01:05:14 [gemnasium-python] Detect project using plugin 2019/10/15 01:05:14 [gemnasium-python] Project not compatible 2019/10/15 01:05:14 [retire.js] Detect project using plugin 2019/10/15 01:05:14 [retire.js] Project is compatible 2019/10/15 01:05:14 [retire.js] Starting analyzer... 2: Pulling from gitlab-org/security-products/analyzers/retire.js e7c96db7181b: Pulling fs layer 0119aca44649: Pulling fs layer 40df19605a18: Pulling fs layer 82194b8b4a64: Pulling fs layer 3f8eebd75473: Pulling fs layer ce34450465a3: Pulling fs layer 0fcd52cbb8bb: Pulling fs layer cdf1a3cf27a9: Pulling fs layer 3bec502c4637: Pulling fs layer 82194b8b4a64: Waiting 3f8eebd75473: Waiting ce34450465a3: Waiting 0fcd52cbb8bb: Waiting 3bec502c4637: Waiting cdf1a3cf27a9: Waiting e7c96db7181b: Verifying Checksum e7c96db7181b: Download complete 40df19605a18: Verifying Checksum 40df19605a18: Download complete 82194b8b4a64: Verifying Checksum 82194b8b4a64: Download complete 0119aca44649: Verifying Checksum 0119aca44649: Download complete e7c96db7181b: Pull complete 0fcd52cbb8bb: Verifying Checksum 0fcd52cbb8bb: Download complete ce34450465a3: Verifying Checksum ce34450465a3: Download complete cdf1a3cf27a9: Download complete 3bec502c4637: Verifying Checksum 3bec502c4637: Download complete 3f8eebd75473: Verifying Checksum 3f8eebd75473: Download complete 0119aca44649: Pull complete 40df19605a18: Pull complete 82194b8b4a64: Pull complete 3f8eebd75473: Pull complete ce34450465a3: Pull complete 0fcd52cbb8bb: Pull complete cdf1a3cf27a9: Pull complete 3bec502c4637: Pull complete Digest: sha256:43629ccef9a6762392c0ec871f6956df453bab3ac3aa05454d7ccbeb43827d7c Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/retire.js:2 Found project in /tmp/app Using python 3 Installing dependencies... npm WARN deprecated runjs@4.4.2: This project has been renamed to 'tasksfile'. Install using 'npm install tasksfile' instead. npm WARN deprecated microcli@1.3.3: This project has been renamed to @pawelgalazka/cli . Install using @pawelgalazka/cli instead npm WARN deprecated microargs@1.1.2: This project has been renamed to @pawelgalazka/cli-args. Install using @pawelgalazka/cli-args instead npm WARN deprecated kleur@2.0.2: Please upgrade to kleur@3 or migrate to 'ansi-colors' if you prefer the old syntax. Visit <https://github.com/lukeed/kleur/releases/tag/v3.0.0\> for migration path(s). npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor. npm WARN deprecated left-pad@1.3.0: use String.prototype.padStart() yorkie@2.0.0 install /tmp/app/node_modules/yorkie node bin/install.js setting up Git hooks done node-sass@4.12.0 install /tmp/app/node_modules/node-sass node scripts/install.js Downloading binary from https://github.com/sass/node-sass/releases/download/v4.12.0/linux_musl-x64-67_binding.node Download complete Binary saved to /tmp/app/node_modules/node-sass/vendor/linux_musl-x64-67/binding.node Caching binary to /.npm/node-sass/4.12.0/linux_musl-x64-67_binding.node core-js@2.6.10 postinstall /tmp/app/node_modules/core-js node postinstall || echo "ignore" Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library! The project needs your help! Please consider supporting of core-js on Open Collective or Patreon: https://opencollective.com/core-js https://www.patreon.com/zloirock Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -) node-sass@4.12.0 postinstall /tmp/app/node_modules/node-sass node scripts/build.js Binary found at /tmp/app/node_modules/node-sass/vendor/linux_musl-x64-67/binding.node Testing binary Binary is fine npm notice created a lockfile as package-lock.json. You should commit this file. npm WARN vue-admin-template@4.2.1 No repository field. npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules/fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"}) added 1694 packages from 787 contributors and audited 48517 packages in 71.38s found 65 vulnerabilities (64 low, 1 high) run `npm audit fix` to fix them, or `npm audit` for details +----------------------------------------------------------------------------------------+ | Severity | Tool | Identifier | +----------------------------------------------------------------------------------------+ Uploading artifacts... gl-dependency-scanning-report.json: found 1 matching files Uploading artifacts to coordinator... ok id=146 responseStatus=201 Created token=XiKQUXSQ Uploading artifacts... gl-dependency-scanning-report.json: found 1 matching files Uploading artifacts to coordinator... ok id=146 responseStatus=201 Created token=XiKQUXSQ Job succeeded
Job artifacts (dependency scanning result):
{
"version": "2.1",
"vulnerabilities": [],
"remediations": []
}Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: Ubuntu 18.04 Proxy: no Current User: git Using RVM: no Ruby Version: 2.6.3p62 Gem Version: 2.7.9 Bundler Version:1.17.3 Rake Version: 12.3.2 Redis Version: 3.2.12 Git Version: 2.22.0 Sidekiq Version:5.2.7 Go Version: unknown GitLab information Version: 12.3.5-ee Revision: 9dbaa740018 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 10.9 URL: https://XXXX.com HTTP Clone URL: https://XXXX.com/some-group/some-project.git SSH Clone URL: git@XXXX.com:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 10.0.0 Repository storage paths: - default: /datadrive/gitlab/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 10.0.0 ? ... OK (10.0.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet) Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 3/1 ... yes 3/2 ... yes 1/3 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.3) Git version >= 2.22.0 ? ... yes (2.22.0) Git user has default SSH configuration? ... yes Active users: ... 1 Is authorized keys file accessible? ... yes Elasticsearch version 5.6 - 6.x? ... skipped (elasticsearch is disabled) Checking GitLab App ... Finished Checking GitLab subtasks ... Finished
Design proposal
Use case (1): Dependency not configured
- Button needs to be changed from green (current state) to blue
Use case (2.3): Dependency configured, job succeeded, no dependencies
- Button links to supported languages and package managers section of docs page (
https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#supported-languages-and-package-managers).
Edited by Nicole Schwartz