Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Jenkins scan giving error 'Build step failed with exception java.io.IOException:...'

Govind | Last updated: Jan 21, 2020 07:33AM UTC

Hello Team, We are scanning one application from Jenkins using plugin: Burp Scan. If we scan the application from Burp Enterprise then scanning is happening, where as when we try to scan same application from Jenkins it is giving below error. Could you please let us know what is the probable cause and how to resolve it. I checked the application URL and credentials outside Burp & Jenkins and able to access it. Please let me know if other details you need that I can provide you on email. Jenkins Console Logs: C:\Program Files\Jenkins\UFT_EntAutomation_N1\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\ACC_new>exit 0 ERROR: Build step failed with exception java.io.IOException: Unexpected response from server: 500 - {"type":"ServerError","code":27,"error":"User not permitted to edit scans for this site"} at net.portswigger.burp.api.driver.BurpCiDriver.scan(Unknown Source) at org.jenkinsci.plugins.burpscan.BurpScanRecorder.perform(BurpScanRecorder.java:134) Caused: java.io.UncheckedIOException at org.jenkinsci.plugins.burpscan.BurpScanRecorder.perform(BurpScanRecorder.java:139) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741) at hudson.model.Build$BuildExecution.build(Build.java:206) at hudson.model.Build$BuildExecution.doRun(Build.java:163) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504) at hudson.model.Run.execute(Run.java:1818) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:429) Build step 'Burp scan' marked build as failure Email was triggered for: Failure - Any Sending email for trigger: Failure - Any Sending email to: sshabbir@ups.com vponnusamy@ups.com gsureka@ups.com rdasari@ups.com Finished: FAILURE Thanks, Govind

Michelle, PortSwigger Agent | Last updated: Jan 21, 2020 08:11AM UTC

When a user is created in Enterprise Server it can be assigned permissions to restrict access so it can only access certain sites, which from the error looks to be the cause of the problem here. In Enterprise server you will need to review the sites that exist and then check any site restrictions applied to your API user's group. Please let us know if you need any help.

Burp User | Last updated: Jan 21, 2020 10:57AM UTC

Hello Michelle, With the current API user we were able to scan from Jenkins a week ago and was running successfully. We have update to Burp Enterprise and then we start facing this issue. We are able to scan successfully from Burp Enterprise with other user. Same behavior I observed with other application and by creating new site it resolved the error of Server 500, but with this it remain. I requested Burp Enterprise admin to confirm us the access to API user for this site under test and will let you know on that. Thanks, Govind

Michelle, PortSwigger Agent | Last updated: Jan 21, 2020 11:15AM UTC

Hi Govind Thanks for the update. If you or your Enterprise admin need any further help or advice with the user permissions settings, feel free to send over screenshots to support@portswigger.net.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.