Skip to content

Missing proxy auth support #474

Description

@ponchofiesta

When running Blackduck Detect in an environment having a proxy server requiring Basic authentication, the signature scanner will throw an exception even we had provided proxy username and password:

2025-11-19 12:14:13 UTC INFO  [main] --- Will include the Signature Scanner tool.
2025-11-19 12:14:13 UTC DEBUG [main] --- Signature scanner will use the Black Duck server to download/update the scanner - this is the most likely situation.
2025-11-19 12:14:13 UTC DEBUG [main] --- Using Tools Scan CLI download API (new).
2025-11-19 12:14:13 UTC INFO  [main] --- No scan targets provided - registering the source path /opt/bamboo-agent-home/xml-data/build-dir/FISMON-B254APP-BDS/sysmon/vwg.fh.fismon/SysMon.Implementation.Web to scan
2025-11-19 12:14:14 UTC DEBUG [main] --- The directory structure was likely created by the installer
2025-11-19 12:14:14 UTC DEBUG [main] --- Locally installed signature scanner version: 2025.1.1
2025-11-19 12:14:14 UTC DEBUG [main] --- Locally installed Signature Scanner version is up to date - skipping download.
2025-11-19 12:14:14 UTC DEBUG [main] --- The directory structure was likely created by the installer
2025-11-19 12:14:14 UTC ERROR [main] --- Could not get Black Duck server certificate which is required for managing the local keystore - communicating to the server will have to be configured manually: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
2025-11-19 12:14:14 UTC DEBUG [main] --- Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
	at java.base/sun.net.www.protocol.http.HttpURLConnection.doTunneling0(HttpURLConnection.java:2313)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2183)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:142)
	at com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ToolsApiScannerInstaller.connectAndGetServerCertificate(ToolsApiScannerInstaller.java:227)
	at com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ToolsApiScannerInstaller.downloadSignatureScanner(ToolsApiScannerInstaller.java:213)
	at com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ToolsApiScannerInstaller.installOrUpdateScanner(ToolsApiScannerInstaller.java:118)
	at com.blackduck.integration.blackduck.codelocation.signaturescanner.ScanBatchRunner.executeScans(ScanBatchRunner.java:90)
	at com.blackduck.integration.detect.tool.signaturescanner.operation.SignatureScanOperation.performScanActions(SignatureScanOperation.java:15)
	at com.blackduck.integration.detect.lifecycle.run.operation.OperationRunner.lambda$signatureScan$43(OperationRunner.java:1019)
	at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:36)
	at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:27)
	at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationAuditLog.namedPublic(OperationAuditLog.java:35)
	at com.blackduck.integration.detect.lifecycle.run.operation.OperationRunner.signatureScan(OperationRunner.java:1019)
	at com.blackduck.integration.detect.lifecycle.run.step.SignatureScanStepRunner.executeScan(SignatureScanStepRunner.java:84)
	at com.blackduck.integration.detect.lifecycle.run.step.SignatureScanStepRunner.runSignatureScannerOnline(SignatureScanStepRunner.java:53)
	at com.blackduck.integration.detect.lifecycle.run.step.IntelligentModeStepRunner.lambda$runOnline$5(IntelligentModeStepRunner.java:128)
	at com.blackduck.integration.detect.lifecycle.run.step.utility.StepHelper.lambda$runToolIfIncluded$0(StepHelper.java:31)
	at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:36)
	at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrappedWithCallbacks(OperationWrapper.java:31)
	at com.blackduck.integration.detect.lifecycle.run.step.utility.StepHelper.runToolIfIncluded(StepHelper.java:66)
	at com.blackduck.integration.detect.lifecycle.run.step.utility.StepHelper.runToolIfIncluded(StepHelper.java:30)
	at com.blackduck.integration.detect.lifecycle.run.step.IntelligentModeStepRunner.runOnline(IntelligentModeStepRunner.java:126)
	at com.blackduck.integration.detect.lifecycle.run.DetectRun.run(DetectRun.java:137)
	at com.blackduck.integration.detect.Application.runApplication(Application.java:229)
	at com.blackduck.integration.detect.Application.run(Application.java:150)
	at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:759)
	at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:749)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
	at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:164)
	at com.blackduck.integration.detect.Application.main(Application.java:99)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
	at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:65)
2025-11-19 12:14:14 UTC INFO  [main] --- The Black Duck Signature Scanner downloaded/found successfully: /opt/bamboo-agent-home/xml-data/build-dir/FISMON-B254APP-BDS/blackduck/tools
2025-11-19 12:14:14 UTC INFO  [main] --- Starting the Black Duck Signature Scan commands.
2025-11-19 12:14:14 UTC DEBUG [pool-2-thread-1] --- The directory structure was likely created by the installer
2025-11-19 12:14:14 UTC DEBUG [pool-2-thread-1] --- Using this java installation : /usr/lib/jvm/java-17-openjdk-amd64/bin/java

This is caused by connectAndGetServerCertificate method which doesn't support proxy authentication.

private void connectAndGetServerCertificate(HttpUrl httpsServer, ScanPaths scanPaths) {

These parameters were used to run Detect:

2025-11-19 12:13:48 UTC DEBUG [main] --- Initializing detect.
2025-11-19 12:13:48 UTC DEBUG [main] --- You seem to be running in a LINUX operating system.
2025-11-19 12:13:48 UTC DEBUG [main] --- You seem to be using amd64 architecture.
2025-11-19 12:13:48 UTC DEBUG [main] --- Detect boot begin.

Detect Version: 10.0.0

2025-11-19 12:13:48 UTC DEBUG [main] --- Configuration processed completely.
2025-11-19 12:13:48 UTC INFO  [main] --- 
2025-11-19 12:13:48 UTC INFO  [main] --- Current property values:
2025-11-19 12:13:48 UTC INFO  [main] --- --property = value [notes]
2025-11-19 12:13:48 UTC INFO  [main] --- ------------------------------------------------------------
2025-11-19 12:13:48 UTC INFO  [main] --- blackduck.api.token = **************************************************************************************************** [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- blackduck.proxy.host = proxy.saas.XXXXX [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- blackduck.proxy.password = ************************ [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- blackduck.proxy.port = 8080 [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- blackduck.proxy.username = XXXXXX [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- blackduck.url = https://XXXXXXXXX [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- detect.blackduck.signature.scanner.snippet.matching = SNIPPET_MATCHING [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- detect.excluded.detector.types = MAVEN [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- detect.excluded.directories = **/target,bamboo-specs/ [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- detect.npm.dependency.types.excluded = DEV,PEER [env] 
2025-11-19 12:13:48 UTC INFO  [main] --- detect.output.path = /opt/bamboo-agent-home/xml-data/build-dir/FISMON-B254APP-BDS/blackduck [env] 
2025-11-19 12:13:48 UTC INFO  [main] --- detect.project.name = XXXXXXXXXX [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- detect.project.version.name = 2025.4.0.0 [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- detect.source.path = XXXXXXXX [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- logging.level.detect = DEBUG [cmd] 
2025-11-19 12:13:48 UTC INFO  [main] --- ------------------------------------------------------------

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions