Perform policy evaluation checks in GitLab: sonartype evaluation results file not found

Question

I'm using a GitLab pipeline to build my project and would like to perform policy evaluations against the build artifacts using nexus iq policy evaluation. The project is a multi module project and I've defined a job for each module like so:

nexusiq <module-name>:
  tags:
    - build
  image: sonatype/nexus-iq-cli
  stage: test
  needs:
    - build deploy
  rules:
    - if: $CI_COMMIT_REF_NAME == "master"
      when: never
    - if: $CI_COMMIT_REF_NAME =~ /feature/
      when: never
    - if: $CI_COMMIT_REF_NAME =~ /bugfix/
      when: never
    - when: on_success
  script:
    - >
      /sonatype/evaluate
      -s https://nexus-iq.company-name.de/
      -a $NEXUS_IQ_USER_NAME:$NEXUS_IQ_USER_PASSWORD
      -i <REPO-GROUP>_com.company-name.<project-name>_<module-name>
      -t $NEXUSIQ_STAGE

However, the jobs fail and I'm getting the error message Evaluation results file does not exist at specified location: /sonatype/reports/policy-eval-results.json

I tried to define the location by adding this snippet after the script part but the error remained the same:

  artifacts:
    name: "policy-eval-<project-name>-$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
    paths:
      - <REPO-GROUP>_com.company-name.<project-name>_<module-name>-policy-eval-report.html

Also adding the path to a JSON file where the results of the policy evaluation will be stored using the -r switch in the script part but that also didn't help.

  -r, --result-file <REPO-GROUP>_com.company-name.<project-name>_<module-name>-policy-eval-report.json>

What am I doing wrong?

Answer 1

This kind of error could be for several reasons, usually because the evaluation did not succeed completely. For example the runner could be running out of memory before the cli completes the scan. Can you share more of the error message you get, possibly look at clm-server.log in the iq server as well to see if there are any further clues deeper in the error stack trace.