CodeScene: Difference between revisions

CodeScene

https://codescene.com/

CLI Tools

https://codescene.io/docs/cli/index.html

CLI Usage

cs review

CLI Configuration

Version update check failed, proceeding.
In order to use the full CLI tool you will need to set up your environment
with a Personal Access Token.

- codescene.io -> https://codescene.io/users/me/pat

- CodeScene Enterprise -> https://your.codescene.com/configuration/user/token

Generate a new PAT token then set your environment variables as follows:

- codescene.io -> $env:CS_ACCESS_TOKEN = '<your-PAT>'

- CodeScene Enterprise -> $env:CS_ACCESS_TOKEN = '<your-PAT>'

Windows CLI Tools Installation

Invoke-WebRequest -Uri 'https://downloads.codescene.io/enterprise/cli/install-cs-tool.ps1' -OutFile install-cs-tool.ps1
.\install-cs-tool.ps1

$env:CS_ACCESS_TOKEN = 'your-access-token'

If using an onpremise code scene server:

$env:CS_ONPREM_URL = 'https://codescene.example.com'

Run a code scene command:

cs review

Issues

SSL Certificate Issues

Untrusted On-Premise CodeScene Server - Legitimate SSL Certificate

Okay, so you paid for an official SSL Certificate, but CodeScene is not trusting it? No worries, likey the problem is the web server is just simply not exporting out the full SSL certificate chain. Should be easily resolved. Just tell your IT team not to just export the end leaf SSL certificate, but the full SSL chain, including the intermediary certificates. This should resolve the issue

Error:

PS C:\code> cs review

Version update check failed, proceeding.
License check failed (https://good-codescene.example.com/api/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Can't Wait on IT, Test Now

If you don't want to wait for IT, you can test it out by checking out the next section, "Custom SSL Certificate"...

But first, collect the SSL Certificate chain:

Use Firefox, view the SSL certificate chain, and export it out. (Click the lock in the address bar, select Connection Secure, select More Information, View Certificate, under Miscellaneious select Download "PEM (chain)".

Then open this PEM text file, and split this chain file into several files named 1.pem, 2.pem, 3.pem, etc... depending on how many levels deep it is.

1.pem:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

2.pem

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

etc...

Untrusted On-Premise CodeScene Server - Custom SSL Certificate

Okay, so you didn't pay for an official SSL Certificate? Sigh, Java is the worst when it comes to dealing with Custom SSL Certificates. Sorry. But you've made your bed, and wish to sleep in it, so buckle up, and here we go...

Error:

PS C:\code> cs review

Version update check failed, proceeding.
License check failed (https://bad-codescene.example.com/api/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

First, you will need to build a custom Java Keystore, and every command, tool, and application will need to reference this custom Keystore. It's ugly. Very ugly.

Install OpenJDK for Keytool

Install the OpenJDK ( https://openjdk.org/install/ | https://jdk.java.net/ ), because screw Sun/Oracle and their schenaigans:

winget install openjdk --source winget

Gather your custom certificate file(s) and name them something like 1.pem

Build custom keystore

# Pick a place to put the keystore file, for example, c:\code\codescene.jks
mkdir c:\code
cd \code

keytool -importcert -trustcacerts -file 1.pem -alias codescene_1 -keystore codescene.jks -storepass changeit
keytool -importcert -trustcacerts -file 2.pem -alias codescene_2 -keystore codescene.jks -storepass changeit
keytool -importcert -trustcacerts -file 3.pem -alias codescene_3 -keystore codescene.jks -storepass changeit
...etc...

Note: If you are asked to trust the certificate, or if the certificate is already in the system keystore, agree to add it to the keystore anyway.

It's not needed, as the default is a PKCS12 format, but if you want you can add the storetype:

keytool -importcert -trustcacerts -file 1.pem -alias codescene_1 -storetype PKCS12 -keystore codescene.jks -storepass changeit

Test CS-CLI with Keystore

To use the keystore you will need to inject it in various ways with Visual Code, CS-CLI, CS-MCP, etc. For the CS-CLI, for example:

# Powershell example
$CS_ONPREM_URL = 'https://bad-codescene.example.com'
$CS_ACCESS_TOKEN = 'insert-my-access-token-key-here-xxxxxxxxxxxxxxxx'
cs review -Djavax.net.ssl.trustStore=C:/code/codescene.jks -Djavax.net.ssl.trustStorePassword=changeit 

Note, once the license has been cached, you should be able to call the CS-CLI command again without the keystore parameters, at least until the cached license expires:

cs review

Untrusted SSL Certificate - Corporate SSL Proxy

If your company uses a SSL decryption monitoring certificate, you may run into this:

PS C:\code> cs review

Version update check failed, proceeding.
License check failed (https://api.codescene.io/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Solution

• First - cry. Java is the worst at dealing with custom SSL keystores. Sorry.

• Second - okay, so you still want to continue?