-
Notifications
You must be signed in to change notification settings - Fork 93
Debugging Scan Failures
There are various reasons a scan can fail - most of which have an easy fix.
If you haven't set your HUB_PROXY_HOST, HUB_PROXY_PORT, and HUB_PROXY_SCHEME=https (usually) variables for the Black Duck jobrunner, webapp, registration, and authentication containers, then you may have connectivity issues to the Black Duck KB (Knowledge Base).
You'll be able to see these errors in the jobrunner logs (And you'll see error notices in the scans page as well).
You see errors with status code 500 when you run Black Duck Detect, iScan, or the OpsSight Connector.
500 errors typically mean that the scan was able to hit the hub-nginx service, but that the scan wasn't able to be picked up by the hub-scan services. If your Black Duck instance is healthy, and you get a 500 scan error, make sure that your hub-scan pods are healthy. Sometimes, this can be caused by an overaggressive liveness check, which isn't properly tuned for your cluster.
In Kubernetes, liveness checks in the Black Duck containers can cause containers to prematurely restart. This is often the case on oversubscribed clusters, where it might take a while for scan containers to come up. To remedy this, set the initialization time for your liveness checks to something lenient, i.e. 480 seconds.
In this case, it is likely that there simply aren't enough resources on your cluster to run Black Duck. You need at least one functioning hub-scan and jobrunner pod in order to complete an end-to-end scan, so ask your administrator to increase your cluster's memory/CPU bandwidth, and or to taint a node for Black Duck, so that you don't have to compete with other apps in the same cluster.
If at any time the credentials to your Postgres instance change, you'll need to make sure to update all the (two) secrets for it. You will see lots of error logs in the webapp, jobrunner, and hub-scan services mentioning that JDBC failures to connect have occurred. Updating the secrets should automatically fix the problem once the containers restart. (See Black Duck Installation Parameters for help here.)