Release Notes for Synopsys Detect Plugin

Owned by Ray O'Meara (Unlicensed)
Last updated: Apr 07, 2023 by Chris Potts
4 min read

Version 8.0.0

New features

  • Updated to be compatible with Synopsys Detect 8.x.x. (Downloading and using detect8.(sh/ps1)).

Changed features

  • The Jenkins plugin has been upgraded to use Synopsys Detect 8.x.x for execution.

  • The plugin has been built against upgraded Jenkins/Jenkins plugin versions in order to mitigate known security risks.

  • The minimal Jenkins version required is 2.377.

  • Configuration and usage of the plugin is unchanged.

Resolved issues

  • (IDTCTJNKNS-258) CVE-2022-42889 for Synopsys Detect Jenkins plugin 7.0.0

  • (IDTCTJNKNS-261) Synopsys Detect v8 for Jenkins plugin

  • (IDTCTJNKNS-255) Update dependency for Jenkins version, including optional plugin dependencies

  • (IDTCTJNKNS-254) Only escape Detect parameter values

  • (IDTCTJNKNS-253) Improve clarity of messages logged when running plugin

  • (IDTCTJNKNS-252) Update internal dependencies to latest

  • (IDTCTJNKNS-247) Detect shell scripts are executed first and then downloaded in Pipeline execution in Linux and Windows slave nodes

  • (IDTCTJNKNS-239) Avoid leaking API token string in the console output

  • (IDTCTJNKNS-228) Unable to use java version specified in pipeline when running Detect in Air Gap mode

  • (IDTCTJNKNS-224) Improve clarity in the transition between the different stages of Detect for Jenkins

  • (IDTCTJNKNS-220) Jenkins Build is changed to Unstable for Invalid values in Synopsys Detect Installers

  • (IDTCTJNKNS-192) Size must be between 1 and 50 when --detect.project.tag is more than 50 characters

Version 7.0.0 Aug 17, 2021

New features

  • Update major version to match major version of Detect that it runs

  • Update plugin to be compatible with Detect 7.x.x. This includes:

    • Download and use detect7.(sh/ps1)

    • Use property detect.timeout instead of blackduck.timeout

    • Remove support for using blackduck.password and blackduck.username and exclusively use blackduck.api.token

  • Update UI when configuring plugin so that it will only list 'Secret Text' saved entries (Manage Jenkins -> Configure System -> Synopsys Detect -> Black Duck credentials)

Changed features

When using Detect script (sh/ps1), no longer cache the script. Plugin will download the script on each execution.

Version 3.1.0 Nov 4, 2020

New features

  • Added the capability to run Synopsys Detect in Air Gap mode using the Synopsys Detect plugin.

Version 3.0.0 Aug 19, 2020

New features

  • Added capability to turn off automatic escaping by setting the environment variable DETECT_PLUGIN_ESCAPING to false.

Resolved issues

  • Resolved an issue wherein proxy details could not be determined from Jenkins when running a Black Duck job on a Jenkins agent because it only worked on the Jenkins main node. (IDTCTJNKNS-181)

Changed features

  • The Polaris fields in the plugin are removed.
    This functionality has moved to Synopsys Polaris for Jenkins.

  • Updated the minimum version for Jenkins to 2.150.3.

  • Connection validation is improved when testing through a proxy.

Version 2.1.1

Resolved issues

  • Resolved an issue wherein Synopsys Detect for Jenkins didn't escape commas correctly in PowerShell arguments. 

  • Resolved an issue wherein Synopsys Detect for Jenkins didn't function when there were spaces in the workspace path resulting in failure to find the shell/PowerShell script. 

  • Version 2.0.2 of the Synopsys Detect for Jenkins plugin violated semantic versioning by introducing a non-backward compatible change. Updating to any 2.X version from version 2.0.1 or earlier must be done with caution as that update might break existing functionality. 

Version 2.1.0

New features

  • Synopsys Detect for Jenkins now returns an exit code of 0 for a successful pipeline run.

Changed features

  • On build failures, Synopsys Detect for Jenkins no longer modifies the build status when run in a Jenkins pipeline. Now, it throws an exception error if Detect fails.

  • Synopsys Detect for Jenkins is improved to support the pipeline step context. Using withEnv and running Docker now works as expected.

  • Added improvements for working with containers.

  • Verified support for Detect Jenkins plugin in the Cloudbees Core environment built with Kubernetes.

Version 2.0.2

New features

  • Added auto-escaping parameters.

Changed features

Resolved issues

  • Resolved an issue wherein a null pointer exception may be thrown when the proxy user name is blank.

  • Resolved in issue wherein the plugin was not properly escaping the path to the PowerShell script.  This also improves handling of elements like random pipes in the path.

Version 2.0.1

Resolved issues

  • Resolved an issue wherein configuration/connection settings for the plugin are deleted when restarting Jenkins.

Version 2.0.0

New features

  • You can now run Synopsys Detect for Jenkins by uploading a Detect JAR file.

  • Synopsys Detect for Jenkins now uses the Polaris credentials stored in the credentials plugin in Jenkins.

Version 1.5.0

Resolved issues

  • Resolved an issue wherein the proxy settings may be ignored when downloading the jar file.

  • Resolved an issue that may have caused an error when connecting to the test repository.

Changed features

  • Synopsys Detect for Jenkins now displays in parenthesis the version of Detect packaged with the plugin.

Version 1.4.1

  • Maintenance release with overall improvements in stability and security.

Version 1.4.0

  • Added support for converting from a Maven project to a Gradle project.

  • Improved error handling for Detect exit codes.

  • Addressed an issue wherein cancelling a Detect job was not terminating correctly.

Version 1.3.0

  • Added support for Java 8.

  • Black Duck Detect for Jenkins now supports Jenkins version 2.60.1 and higher.

  • Added API key support.

  • Added support for Microsoft NT Lan Manager (NTLM) protocol.

Version 1.2.0

  • Added support for Java 7.

  • Now includes support for an Artifactory URL override option.

Version 1.1.0

  • Added DSL support.

Version 1.0.2

Resolved Issues

  • Subordinate nodes do not use the proxy to download the Black Duck Detect .jar file (potential fix).

Version 1.0.1

Resolved Issues

  • Resolved an issue wherein JenkinsProxyHelper.shouldUseProxy (final URL, final String noProxyHosts) was incorrectly returning false if the Hub URL was set, and incorrectly returning true when the Hub host name should be ignored.

  • Resolved an issue with the Java executable path.

Version 1.0.0

  • First release of product.

©2023 Synopsys, Inc. All Rights Reserved