Hello all.
I am having the following problem when running Spotbugs using pre-compilation:
$ /analyzer run
[INFO] [Spotbugs] [2022-08-04T13:03:48Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/command@v1.8.0/command.go:76] ▶ GitLab Spotbugs analyzer v3.2.1
[INFO] [Spotbugs] [2022-08-04T13:03:48Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/command@v1.8.0/run.go:125] ▶ Detecting project
[INFO] [Spotbugs] [2022-08-04T13:03:48Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/command@v1.8.0/run.go:147] ▶ Found relevant files in project, analyzing entire repository
[INFO] [Spotbugs] [2022-08-04T13:03:48Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/command@v1.8.0/run.go:159] ▶ Running analyzer
[DEBU] [Spotbugs] [2022-08-04T13:03:48Z] [/go/src/app/utils/utils.go:45] ▶ /bin/bash -c source /root/.bashrc && switch_to java 17
/opt/asdf/lib/utils.bash: line 234: ASDF_ASDF: UNKNOWN SHIM JAVA_VERSION: invalid variable name
/opt/asdf/lib/utils.bash: line 234: ASDF_ASDF:_VERSION: invalid variable name
/opt/asdf/lib/utils.bash: line 234: ASDF_ASDF: UNKNOWN SHIM JAVA_VERSION: invalid variable name
No version set for command java
Consider adding one of the following versions in your config file at
asdf: unknown shim java
[INFO] [Spotbugs] [2022-08-04T13:03:49Z] [/go/src/app/project/project.go:73] ▶ Found Gradlew project in /builds/*/backend directory
[INFO] [Spotbugs] [2022-08-04T13:03:49Z] [/go/src/app/project/project.go:73] ▶ Found Gradle project in /builds/*/*/api directory
[INFO] [Spotbugs] [2022-08-04T13:03:49Z] [/go/src/app/analyze.go:128] ▶ Found 2 analyzable projects.
[DEBU] [Spotbugs] [2022-08-04T13:03:49Z] [/go/src/app/analyze.go:185] ▶ /opt/asdf/shims/java -cp /spotbugs/dist/lib/* -Xmx1900M -Dlog4j2.formatMsgNoLookups=true -jar /spotbugs/dist/lib/spotbugs.jar -pluginList /fsb/lib/findsecbugs-plugin.jar -exclude /spotbugs/exclude.xml -include /spotbugs/include.xml -onlyAnalyze ****
/opt/asdf/lib/utils.bash: line 234: ASDF_ASDF: UNKNOWN SHIM JAVA_VERSION: invalid variable name
/opt/asdf/lib/utils.bash: line 234: ASDF_ASDF:_VERSION: invalid variable name
/opt/asdf/lib/utils.bash: line 234: ASDF_ASDF: UNKNOWN SHIM JAVA_VERSION: invalid variable name
No version set for command java
Consider adding one of the following versions in your config file at
asdf: unknown shim java
[ERRO] [Spotbugs] [2022-08-04T13:03:49Z] [/go/src/app/analyze.go:187] ▶ Error: SpotBugs analysis failed for /builds/*/backend: exit status 126
[FATA] [Spotbugs] [2022-08-04T13:03:49Z] [/go/src/app/main.go:35] ▶ exit status 126
Uploading artifacts for failed job
00:00
Uploading artifacts...
WARNING: gl-sast-report.json: no matching files. Ensure that the artifact path is relative to the working directory
ERROR: No files to upload
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1
This is my CI Job:
variables:
SAST_JAVA_VERSION: 17
SECURE_LOG_LEVEL: "debug"
include:
- template: Security/SAST.gitlab-ci.yml
.backend_job:
image: registry.gitlab.com/*/amazoncorretto17
before_script:
- export GRADLE_USER_HOME=`pwd`/.gradle
- export GRADLE_OPTS="-Dorg.gradle.daemon=false -Dorg.gradle.caching=true"
- cd backend
cache:
key: "backend"
paths:
- .gradle/wrapper
policy: pull
Build Backend For Spotbugs:
extends: .backend_job
stage: .pre
script:
- ./gradlew compileKotlin
artifacts:
paths:
- "backend/**/build/"
- "backend/build/"
- "backend/.gradle/caches/modules-2"
rules:
- if: *in_merge_request
when: always
spotbugs-sast:
dependencies:
- Build Backend For Spotbugs
variables:
GRADLE_USER_HOME: $CI_PROJECT_DIR/backend/.gradle/
COMPILE: "false"
artifacts:
reports:
sast: gl-sast-report.json
rules:
- if: *in_merge_request
when: always
Here are some information about my environment:
My Gradle Version: 7.4.2
Language: Kotlin
Java Version: 17
I have the same behaviour if I use Spotbugs offline in my local machine.
Also, I tried to use the following versions of Spotbugs and they have the same problem: v3.2.1, v2.30.1, v2.30.3 and v2.28.12.
Does someone has any idea about how to fix this problem?