Use Jenkins plugin with external Database (postgres)

[amaridev]

Hi,

I am using the DependencyCheck Jenkins plugin and like to connect it to an external Postgres database. While this works perfectly fine with the CLI tool via Docker, I have trouble setting it up with the correct driver using the Jenkins plugin.

Since this is not documented well in the docs, I hope to find some information here on how to connect the plugin with my external database.

• Is the --dbDriverName org.postgresql.Driver part of the plugin by default or do I need to provide the driver externally?
• Is there a log option to further debug the pipeline step? My only clue right now is this:

14:54:10  [ERROR] One or more fatal errors occurred
14:54:10  [ERROR] Unable to connect to the dependency-check database
14:54:10  ERROR: Mark build as failed because of exit code 13

The step is called with the following arguments:

dependencyCheck nvdCredentialsId: 'NVD_API_KEY',
        additionalArguments: "--scan '**/package-lock.json' --scan 'build/libs/*.jar' --format JSON --format HTML --format XML " +
                "--dbDriverName org.postgresql.Driver " +
                "--dbUser $DBUSER" +
                "--dbPassword = $DBPASS " +
                "--connectionString jdbc:postgresql://db_hostname:5432/dbs_owasp_nvd",
        odcInstallation: 'default'

Thanks in advance.

[tibco-postman]

We're using a properties file containing the database information which seem to work. The properties file is served by jenkins as a credential, and we call DependencyCheck via the plugin like:

dependencyCheck odcInstallation: 'DependencyCheck-latest', additionalArguments: '--propertyfile depcheck.properties -o ./build -s <SOME PATH> --exclude **/foo*/* --project theProject -f ALL --prettyPrint --suppression ./src/DependencyCheckSuppressions.xml'

However, we observe that dependencycheck seem to download NVD data from the internet anyway. @jeremylong Do we need to add --noupdate as well to the additionalArguments for the call to use the cache database?

You can generate a debug log by adding --log owdc-1.log to additionalArguments. Also, you might want to point out the path to the driver jar file (data.driver_path if using a properties file) For a linux machine, we use: data.driver_path=/usr/share/java/postgresql-jdbc.jar:/usr/share/java/ongres-scram/client.jar:/usr/share/java/ongres-scram/common.jar

[jeremylong]

If you are keeping the external database up-to-date some other way then yes - using --noupdate will stop ODC from reaching out to the internet for the NVD data.

[aikebah]

Hi,

I am using the DependencyCheck Jenkins plugin and like to connect it to an external Postgres database. While this works perfectly fine with the CLI tool via Docker, I have trouble setting it up with the correct driver using the Jenkins plugin.

Since this is not documented well in the docs, I hope to find some information here on how to connect the plugin with my external database.

• Is the --dbDriverName org.postgresql.Driver part of the plugin by default or do I need to provide the driver externally?

See bullet 3 on http://jeremylong.github.io/DependencyCheck/data/database.html

The database driver will need to be specified using the dbDriver and if the driver is not already in the classpath the dbDriverPath options will need to be set (see the specific configuration options for Maven, Gradle, Ant, CLI, and Jenkins).

For the Jenkins plugin setup I'm quite confident that the postgresql driver is not in the classpath when it invokes the CLI.

It's not part of the CLI itself so you need to publish that somewhere on your Jenkins system and ensure it gets specified by the additional arguments.

Under the hood the Jenkins plugin uses the CLI, so the CLI configuration page details the required --dbDriverPath argument. Only the H2 databasedriver is part of the default classpath of DependencyCheck CLI (as the default DB is an embedded H2 database).

[kheyang]

Hi, would like to seek some advice on using the Jenkins plugin with my own Postgresql database as well.

Currently I have completed the database setup and everything is working fine but would like to know if there is any way to add the database driver to somewhere that can be sourced natively by Jenkins without the need of specifying the --dbDriverPath argument.

When I am using the CLI, I can simply place the driver inside the lib subdirectory and it will be sourced automatically without having to specify --dbDriverPath. Is it possible to achieve the same thing with the Jenkins plugin?

Not sure if this is out-of-bound for this project as it is probably related to Java class loading but just trying my luck here. Will appreciate any help.

[aikebah]

@kheyang As you might've guessed... that is something to take up with the Jenkins plugin community. See https://plugins.jenkins.io/dependency-check-jenkins-plugin/ for the references to interact with that plugin community.

[kheyang]

Thanks @aikebah ! Will check with the Jenkins plugin community for this then.