When running Blackduck Detect in an environment having a proxy server requiring Basic authentication, the signature scanner will throw an exception even we had provided proxy username and password:
2025-11-19 12:14:13 UTC INFO [main] --- Will include the Signature Scanner tool.
2025-11-19 12:14:13 UTC DEBUG [main] --- Signature scanner will use the Black Duck server to download/update the scanner - this is the most likely situation.
2025-11-19 12:14:13 UTC DEBUG [main] --- Using Tools Scan CLI download API (new).
2025-11-19 12:14:13 UTC INFO [main] --- No scan targets provided - registering the source path /opt/bamboo-agent-home/xml-data/build-dir/FISMON-B254APP-BDS/sysmon/vwg.fh.fismon/SysMon.Implementation.Web to scan
2025-11-19 12:14:14 UTC DEBUG [main] --- The directory structure was likely created by the installer
2025-11-19 12:14:14 UTC DEBUG [main] --- Locally installed signature scanner version: 2025.1.1
2025-11-19 12:14:14 UTC DEBUG [main] --- Locally installed Signature Scanner version is up to date - skipping download.
2025-11-19 12:14:14 UTC DEBUG [main] --- The directory structure was likely created by the installer
2025-11-19 12:14:14 UTC ERROR [main] --- Could not get Black Duck server certificate which is required for managing the local keystore - communicating to the server will have to be configured manually: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
2025-11-19 12:14:14 UTC DEBUG [main] --- Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
at java.base/sun.net.www.protocol.http.HttpURLConnection.doTunneling0(HttpURLConnection.java:2313)
at java.base/sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2183)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:142)
at com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ToolsApiScannerInstaller.connectAndGetServerCertificate(ToolsApiScannerInstaller.java:227)
at com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ToolsApiScannerInstaller.downloadSignatureScanner(ToolsApiScannerInstaller.java:213)
at com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ToolsApiScannerInstaller.installOrUpdateScanner(ToolsApiScannerInstaller.java:118)
at com.blackduck.integration.blackduck.codelocation.signaturescanner.ScanBatchRunner.executeScans(ScanBatchRunner.java:90)
at com.blackduck.integration.detect.tool.signaturescanner.operation.SignatureScanOperation.performScanActions(SignatureScanOperation.java:15)
at com.blackduck.integration.detect.lifecycle.run.operation.OperationRunner.lambda$signatureScan$43(OperationRunner.java:1019)
at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:36)
at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:27)
at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationAuditLog.namedPublic(OperationAuditLog.java:35)
at com.blackduck.integration.detect.lifecycle.run.operation.OperationRunner.signatureScan(OperationRunner.java:1019)
at com.blackduck.integration.detect.lifecycle.run.step.SignatureScanStepRunner.executeScan(SignatureScanStepRunner.java:84)
at com.blackduck.integration.detect.lifecycle.run.step.SignatureScanStepRunner.runSignatureScannerOnline(SignatureScanStepRunner.java:53)
at com.blackduck.integration.detect.lifecycle.run.step.IntelligentModeStepRunner.lambda$runOnline$5(IntelligentModeStepRunner.java:128)
at com.blackduck.integration.detect.lifecycle.run.step.utility.StepHelper.lambda$runToolIfIncluded$0(StepHelper.java:31)
at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:36)
at com.blackduck.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrappedWithCallbacks(OperationWrapper.java:31)
at com.blackduck.integration.detect.lifecycle.run.step.utility.StepHelper.runToolIfIncluded(StepHelper.java:66)
at com.blackduck.integration.detect.lifecycle.run.step.utility.StepHelper.runToolIfIncluded(StepHelper.java:30)
at com.blackduck.integration.detect.lifecycle.run.step.IntelligentModeStepRunner.runOnline(IntelligentModeStepRunner.java:126)
at com.blackduck.integration.detect.lifecycle.run.DetectRun.run(DetectRun.java:137)
at com.blackduck.integration.detect.Application.runApplication(Application.java:229)
at com.blackduck.integration.detect.Application.run(Application.java:150)
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:759)
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:749)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:164)
at com.blackduck.integration.detect.Application.main(Application.java:99)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:65)
2025-11-19 12:14:14 UTC INFO [main] --- The Black Duck Signature Scanner downloaded/found successfully: /opt/bamboo-agent-home/xml-data/build-dir/FISMON-B254APP-BDS/blackduck/tools
2025-11-19 12:14:14 UTC INFO [main] --- Starting the Black Duck Signature Scan commands.
2025-11-19 12:14:14 UTC DEBUG [pool-2-thread-1] --- The directory structure was likely created by the installer
2025-11-19 12:14:14 UTC DEBUG [pool-2-thread-1] --- Using this java installation : /usr/lib/jvm/java-17-openjdk-amd64/bin/java
This is caused by connectAndGetServerCertificate method which doesn't support proxy authentication.
|
private void connectAndGetServerCertificate(HttpUrl httpsServer, ScanPaths scanPaths) { |
These parameters were used to run Detect:
2025-11-19 12:13:48 UTC DEBUG [main] --- Initializing detect.
2025-11-19 12:13:48 UTC DEBUG [main] --- You seem to be running in a LINUX operating system.
2025-11-19 12:13:48 UTC DEBUG [main] --- You seem to be using amd64 architecture.
2025-11-19 12:13:48 UTC DEBUG [main] --- Detect boot begin.
Detect Version: 10.0.0
2025-11-19 12:13:48 UTC DEBUG [main] --- Configuration processed completely.
2025-11-19 12:13:48 UTC INFO [main] ---
2025-11-19 12:13:48 UTC INFO [main] --- Current property values:
2025-11-19 12:13:48 UTC INFO [main] --- --property = value [notes]
2025-11-19 12:13:48 UTC INFO [main] --- ------------------------------------------------------------
2025-11-19 12:13:48 UTC INFO [main] --- blackduck.api.token = **************************************************************************************************** [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- blackduck.proxy.host = proxy.saas.XXXXX [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- blackduck.proxy.password = ************************ [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- blackduck.proxy.port = 8080 [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- blackduck.proxy.username = XXXXXX [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- blackduck.url = https://XXXXXXXXX [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- detect.blackduck.signature.scanner.snippet.matching = SNIPPET_MATCHING [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- detect.excluded.detector.types = MAVEN [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- detect.excluded.directories = **/target,bamboo-specs/ [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- detect.npm.dependency.types.excluded = DEV,PEER [env]
2025-11-19 12:13:48 UTC INFO [main] --- detect.output.path = /opt/bamboo-agent-home/xml-data/build-dir/FISMON-B254APP-BDS/blackduck [env]
2025-11-19 12:13:48 UTC INFO [main] --- detect.project.name = XXXXXXXXXX [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- detect.project.version.name = 2025.4.0.0 [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- detect.source.path = XXXXXXXX [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- logging.level.detect = DEBUG [cmd]
2025-11-19 12:13:48 UTC INFO [main] --- ------------------------------------------------------------
When running Blackduck Detect in an environment having a proxy server requiring Basic authentication, the signature scanner will throw an exception even we had provided proxy username and password:
This is caused by
connectAndGetServerCertificatemethod which doesn't support proxy authentication.blackduck-common/src/main/java/com/blackduck/integration/blackduck/codelocation/signaturescanner/command/ToolsApiScannerInstaller.java
Line 319 in b41a477
These parameters were used to run Detect: