Error displays when setting a issue to resolved


(Todd) #1
  • versions
    Version 7.1 (build 11001)

  • error observed
    Red box displays showing:
    “Evaluation missing for the following conditions: [Condition{metricKey=‘vulnerabilities’, operator=GREATER_THEN, warningThreshold=‘1’, errorThreshold=‘5’, onLeakPerios=true}, condition{metricKey=‘blocker_violations’,operator=GREATER_THAN, warningThreshold=‘1’,errorThreshold=‘5’, onLeakPeriod=true}]”

There are other errors similar to this one which point to the changers I made to our GATE.

  • steps to reproduce
    Add some additional conditions to the quality gate in the same leak period.
    Run scan.
    Select a issue and resolve it.
    Red box with message appears at top center.
    Click X to close box.
    Page doesn’t refresh and issue appears to be unresolved.

  • potential workaround
    If you refresh page you see that the issue was resolved.


(G Ann Campbell) #2

Hi,

Could you give a full listing of your Quality Gate conditions, please?

Thx,
Ann


(Todd) #3

attached a image.


(Todd) #4

2018-07-31_9-20-16


(Todd) #5

I just realized that that error does not go with any of the conditions in the pic. I have been playing around with them but you should get the idea.


(G Ann Campbell) #6

Hi,

In fact, the error does go with conditions in your screenshot,

  • the last one: Vulnerabilities Over Leak Period is greater than: Warning=0, Error=5
  • the first one: Blocker issues Over Leak Period is greather than: Warning=0, Error=5

First, let me be clear: the interface should not have allowed you to set these two conditions. Instead you should have been guided to use New Blocker Issues and New Vulnerabilities. That UX problem is on our radar (although not a current priority): MMF-473 - Simplify the definition of Quality Gate.

Now let’s talk about what’s in your quality gate:

  • Blocker Issues Over Leak Period
  • New Blocker Issues

You’ve asked for the same thing twice here, and should delete one. For technical reasons it should be the first one.

  • Vulnerabilities Over Leak Period
  • New Vulnerabilities

Ditto

  • Security Rating on New Code
  • New Vulnerabilities

Here the overlap is more subtle. Both conditions are about Security-related issues raised on new code. The first one allows you to tune what severity of issue you want to raise an alarm for. Your Warning=A setting tunes it to raise an alarm for any new issues. Your Error=B setting allows Minor issues but raises an alarm for anything else. (The scale is documented here.) The second condition also raises an alarm for any new issues. So as currently set, these two conditions are also redundant.

HTH,
Ann


(Todd) #7

Thank you kindly for your help!
Now with an understanding of how the Metrics do overlap, I reassessed our quality gate and modified it accordingly. Errors gone