[JENKINS-39988] Build Management Tools - Thresholding

[tlenaic]

No description provided.

[JordanGS]

So this is my question, how do we change this feature so that's it's a Post-Build Action. Does it make more sense to make it a Post-Build Action or Keep it as a Build Action. In my mind, it should be a robot framework plugin, just like the robot framework plugin. That way future additions to the Project Status page would have access to relevant information.

Thoughts @tlenaic @thc202 ?

[tlenaic]

@JordanGS
I join you, and my first idea was to do it as a post build action. But I needed a function quickly. so i do it like that.
And on Manage threshold i rewrite the function. Let me know if you prefer the new one or the oldest in the previous PR #4

[JordanGS]

@tlenaic i like the new code in PR#8 more 👍 It is much cleaner! do not go back to the old code ;)

I've opened a Google Group discussion

Let's see what the Jenkins developers say, if there is an easy way for Build Action and Post-Build Action to easily communicate. I do not want a new zap process in Post Build, but there are a lot of benefits to having Build Management Thresholds as a Post-Build, let's wait and see what they say, is that okay?

[JordanGS]

@tlenaic Would you mind trying to create it as a Post-Build action, as per the Google Group discussion? I can try to help as best as i can and we can work on it together if you like.

[JordanGS]

@tlenaic Also please let me know if you'd like to be added to the Contributors page

I'll need your Jenkins userid as well as your email.

[tlenaic]

yes i will look at it, as soon as possible -> next week. i am busy now

[tlenaic]

@JordanGS i am back from holiday. jenkins userid = ngola_boy mail = [email protected]
i will create a group discussion and look at it thursday and friday

[tlenaic]

Hi, like will see i have take a look on it.
it is just the begining. i have try to understand how both jenkins and zap worked and for now i am here.
https://groups.google.com/forum/#!topic/zaproxy-jenkins/_27wC7ujsls

[tlenaic]

@JordanGS i have a question in the group discussion.

[JordanGS]

@tleniac I don't have an available pc at the moment, will take a look on Saturday afternoon, I need to do some research as well to answer Cheers, Goran.

…

On Apr 28, 2017, 8:12 AM -0400, tlenaic ***@***.***>, wrote: @JordanGS (https://github.com/JordanGS) i have a question in the group discussion. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub (#8 (comment)), or mute the thread (https://github.com/notifications/unsubscribe-auth/AQzk-ABB9R47rhHy8t5XqHsW73tu9ud1ks5r0dfAgaJpZM4M848c).

[tlenaic]

@JordanGS have you review manage threshold ? or take a look at postbuild action ? sooner it will be done, better it will be. now i can remember what i've done, but i am not sure that in on month, it will still be the case.

[tlenaic]

if you are busy, maybe we could first review UI, help and condition of stability of a build. once we agree on that may be merged.
and take time later to look deeper on post action, if my way does not match.
i think post build step is not only an issue for mange threshold, but jira feature too

[JordanGS]

Health issues in the family, I'll find some time in a day or two. Sorry Cheers, Goran.

…

On May 3, 2017, 12:59 PM -0400, tlenaic ***@***.***>, wrote: if you are busy, maybe we could first review UI, help and condition of stability of a build. once we agree on that may be merged. and take time later to look deeper on post action, if my way does not match. i think post build step is not only an issue for mange threshold, but jira feature too — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub (#8 (comment)), or mute the thread (https://github.com/notifications/unsubscribe-auth/AQzk-EyvzWAOUIibjfnVr3ltJowbGjI2ks5r2LJmgaJpZM4M848c).

[JordanGS]

@tlenaic reading and catching up now.

Updated your contact information: https://wiki.jenkins-ci.org/display/JENKINS/List+of+Contributors

[JordanGS]

@thc202 @tlenaic Not uploading any code yet for thresholding as a Post Build. I have one question for you guys. As more items more to Post Build step, that's there i think JIRA Creation and Report Generation should be as well. What do you guys think would be the best approach

1. Pass in values from the build step to the Post Build, this could have a LOT of parameters and values passed. Not sure as to the jenkins implications. Could be limited to one parameter passed if we create a config file and just pass the name, then read in the values from the config file in the post build step.
   PROs: Single Parameter passed
   CONs: Export Report and JIRA would have to stay in the main Build Step as well as any other future third party tools. Limits how much i can minimize the UI in the future since everything ZAP related would be in the Build Step ONLY.

2. Start and Shutdown ZAP in the build step to do all the scanning and then Start and Shutdown ZAP again in the Post Build step, while it loads the session from the Build Step.
   PROs: Single string passed (the name of persisted session)
   CONs: The session would have to be loaded twice, the second load would potentially be of a very large session. Forces users to use the compact session feature.

Personally, i'm leaning towards option 2, compacting a session has never been an issue for me. I've compacted large 40-50GB session files and then they load in 10-30 seconds once their filesize is compressed. What do you both think? 1 or 2?

The only thing is that if we go with 2, threshold will need to be put on hold for a little bit simply because i'll need to make the installation of zap more object oriented and less reliant on the ZAPDriver class which is already too bloated. With Option 1 on the other hand, all we would have to pass is 4 integer values which is really simple, they would be calculated in the ZAPDriver and passed as an Action Parameter, then read in the Post Build.

Update: https://github.com/JordanGS/zap-plugin/tree/development-1.1.0-thresholding has code for two instance of zap being started and stopped, it's just rough code and needs to be more object oriented and values properly parsed. I need more time to fix it. This is a starting point for Option 2

Option 1 on the other hand would just be:

ZAPBuilder perform method

        build.addAction(new MyAction());
        MyAction abs = build.getAction(MyAction.class);
        abs.setLow(zaproxy.getLowAlert());

Then the Post Build Class would just have

        MyAction abs = build.getAction(MyAction.class);
        System.out.println("LOW COUNT: " + abs.getLow());

The class MyAction can be automatically created by eclipse and would just require the getter/setter/constructor.

As i said, option 2 requires more time and is a bit harder but would be more beneficial in the long run i believe. Thoughts?

[tlenaic]

I shared your ideas on JIRA Creation, Thresholding and Report Generation.
Option 2 seems to be the best option.
that join my approach of having executezapPostbuild on zapdriver.
with zapManagement, we could relieve zapDriver.
we will have 2 class, one for build and an other for postbuild step and for new feature, it may be easier.
Option1 now looks easy to do, if postbuild step is limitate to thresholding

[tlenaic]

@JordanGS i have improve your project we are almost at the end. let me now if you have better result than me. i put my project on the google group discussion

[tlenaic]

@JordanGS @thc202 i join the latest version of the feature on the group ? any feedback ?
May be i should add to a branch and try to push it ?

[thc202]

I'll take a look at the latest code tomorrow morning. I think it's fine to push to this branch(?).

[JordanGS]

@tlenaic I'll update tonight and get it merged tomorrow.

[tlenaic]

@JordanGS @thc202 i was sick this weekend. i see you have push previous work "NICE !"
If you want i can update the branch tonight

[JordanGS]

I'm working on some code changes, there were issues with the zip you attached. Give me a day or two and then you can update. Sound good?

…

On Jul 11, 2017, 11:57 AM -0400, tlenaic ***@***.***>, wrote: @JordanGS @thc202 i was sick this weekend. i see you have push previous work "NICE !" If you want i can update the branch tonight — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[tlenaic]

@JordanGS Nice and thanks.

[JordanGS]

@tlenaic working on development-2.0.0-action branch, once that is merged and finished i'll merge this. The reason for the delay being that i would like ZAP class to be a controller for both ZAPDriver and ZAPManagement, rather than having duplicated code in both. More OO and easier to maintain in the long run. I'll rush to finish that overhaul.

[tlenaic]

@JordanGS hi, have you solved your issue ? do you need me to try to solved it ?
if not solved, i think the serialize issue must come from the name "ZAP.class" you should try "ZAPController.class".

[tlenaic]

@JordanGS @thc202 hi, hope you are having good vacation.
Just to let you know where i am on feature in my branch.
development-2.0.0-thresholding -> new feature on threshold
development-2.0.0-Controller -> launch zap by using class zap.java in zapmanegement.(i modified your work on development-2.0.0-action ) -> not yet finish zap.java only control zapmanagement
if you have time take a look a try them.
i also have an other branch LoadContext, the feature work and by the way i corrected a UI bug on authentification in this feature.

[arslanjavaid1]

When this will be merged or any update on progress?

[arslanjavaid1]

Will this be merged anytime sooner?