-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New build-scan command does not seem backwards compatible and yields 403 responses #51
Comments
It looks like JFrog CLI is working as intended. We suspect there might be a problem in Xray side (since the error is coming from Xray). To further investigate this issue we need logs from Xray server. Please contact your JFrog Xray support and they will know how to handle it. Thank you! |
Hey @orz25 ! |
For reference looking at the log they seem to be issuing very different API calls under the hood:
The calls to the v2 API are the failing ones from |
I figured out what the issue was - the API token used by JFrog CLI needs to be an admin token. A user token is not sufficient. Switching to an admin token solved the issue. |
@PM-JoakimGustavsson Thank you for the update! |
Describe the bug
There seems to be a bug with the
jf build-scan
command where it does not behave the same way as the now deprecatedjf rt build-scan
command. When we attempt to call thejf build-scan
command a 403 Forbidden error is yielded, however when called through the deprecatedjf rt build-scan
command the scan proceeds and normal and yields expected output. It would therefor seem that the new command is not completely backwards compatible with the older command. We have been unable to use the newerjf build-scan
command as we cannot get around the 403 Forbidden error.Current behavior
In the example below the build info has already been published to Artifactory, and we are trying to trigger a scan of the already published build info.
403 response code appears in the second call, despite having identical configuration and calling the same REST endpoints.
Reproduction steps
In this case we are using a very simple Hello World Java program, built with Maven, as our project.
This fails with 403 Forbidden.
Expected behavior
The
jf bs
command behaves exactly like thejf rt bs
command and produces the same result given the same input/configuration.JFrog CLI-Security version
1.0.3
JFrog CLI version (if applicable)
2.53.2
Operating system type and version
Reproduced both on Red Hat 8 and Arch Linux.
JFrog Xray version
3.66.6
The text was updated successfully, but these errors were encountered: