Hello.
I had configured my repo to analyze it by Lift. The analysis finished successfully previously.
The results page was showing some issues, tools results were collected and shown on its page, build logs told that almost all tools succeeded (except Error Prone), but still, results were processed & visible.
The build log looked like this:
Running V2 API tools
Running Error Prone
Capture:
Failed when invoking process
Error Prone complete in 6.041171722s
ErrorProne_JDK11 tool error: Capture:
Execution Failed: Script "javac -J-classpath ...........<<trimmed content>>.........." exited with code 4.
Running V3 API (build-based) tools
Running FindSecBugs
Standard error:
Found 1 bug in 45 seconds
Running Infer
Standard error:
Found 0 bugs in 46 seconds
Running V1 API (bulk) tools
Running Open Source Vulnerabilities
Sanitizing repository
Found 5 bugs in 2m28s
Running Cobra
Sanitizing repository
Found 0 bugs in 2 seconds
Running GoSec
Sanitizing repository
Found 0 bugs in 0 seconds
Running Shellcheck
Sanitizing repository
Found 8 bugs in 0 seconds
Running Semgrep
Sanitizing repository
Found 0 bugs in 9 seconds
Running V4 API tools
Running Bill Of Materials
Sanitizing repository
Found 0 bugs in 2m29s
The last analysis with results processed & shown successfully was from 30.November 2021
But currently, analysis completes with Congratulations! Lift did not find any issues in your repository!.
https://lift.sonatype.com/result/vainyksi/lighty-core/01FRTAM7PHYNC6AFRC7RVPR7QJ
(or analysis for same commit, but not in the PR https://lift.sonatype.com/results/github.com/vainyksi/lighty-core/01FRTE6VTD4623NHWVBS7CCZ4K)
And
Lift's advanced analyzers failed to run. This is usually because Lift needs more detail about how to build your code. See the Troubleshooting and Configuring Lift sections of the documentation for tips on how to fix this issue.
Tool Results shows No data in the table.
And build log shows that tool Open Source Vulnerabilities failed together with Bill Of Materials, but without more info what was the reason of failure?
Running V3 API (build-based) tools
Running FindSecBugs
Standard error:
Found 1 bug in 2m55s
Running ErrorProne
Found 466 bugs in 42m17s
Running Infer
Standard error:
Found 42 bugs in 7m47s
Running V1 API (bulk) tools
Running Open Source Vulnerabilities
Sanitizing repository
Analysis failed in 10m4s
Running Cobra
Sanitizing repository
Found 0 bugs in 2 seconds
Running GoSec
Sanitizing repository
Found 0 bugs in 0 seconds
Running Shellcheck
Sanitizing repository
Found 8 bugs in 0 seconds
Running Semgrep
Sanitizing repository
Found 0 bugs in 9 seconds
Running V4 API tools
Running Bill Of Materials
Sanitizing repository
Analysis failed in 9m56s
but, maven build project successfully:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:59 min
I am looking to docs, but I can not see anything what could help.
Please, can anyone help, what config might be missing? Or where the problem might be?
My .lift.toml:
build = "maven"
jdkVersion = "11"
Thanks in advance
Michal
. We’re investing heavily in the stability and performance of Sonatype Lift and its great to hear that it has paid off in this case.