Health check 'Security Vulnerabilities' fails with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Security Vulnerabilities fails with the following error: “The health check was unable to complete within the timeout of 30000ms”
Environment
- Atlassian Troubleshooting and Support Tools 1.34.0 or later versions
- Forward Proxy
- Firewall restriction
Diagnosis
The following errors can be seen in the logs:
WARN [PluginSchedulerTask-com.atlassian.troubleshooting.healthcheck.scheduler.HealthCheckSchedulerImpl:job] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
WARN [PluginSchedulerTask-com.atlassian.troubleshooting.healthcheck.scheduler.HealthCheckSchedulerImpl:job] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
WARN [PluginSchedulerTask-com.atlassian.troubleshooting.healthcheck.scheduler.HealthCheckSchedulerImpl:job] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
WARN [HealthCheck:thread-2] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
WARN [http-nio-127.0.0.1-8085-exec-10 url: /rest/troubleshooting/1.0/check/process/7fbf417a-9eea-4a8d-8701-4810f7e4f7a0/results; user: admin] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
WARN [support-zip] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
WARN [PluginSchedulerTask-com.atlassian.troubleshooting.healthcheck.scheduler.HealthCheckSchedulerImpl:job] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
WARN [PluginSchedulerTask-com.atlassian.troubleshooting.healthcheck.scheduler.HealthCheckSchedulerImpl:job] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
WARN [PluginSchedulerTask-com.atlassian.troubleshooting.healthcheck.scheduler.HealthCheckSchedulerImpl:job] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
WARN [PluginSchedulerTask-com.atlassian.troubleshooting.healthcheck.scheduler.HealthCheckSchedulerImpl:job] [SupportHealthCheckProcess] Health check 'Security Vulnerabilities' failed with severity 'undefined': 'The health check was unable to complete within the timeout of 30000ms.'
Further troubleshooting
Run the curl command from the application server:
curl --trace dump https://atst-data.atl-paas.net/healthcheck/cve/bamboo.json
curl -v --trace-time https://atst-data.atl-paas.net/healthcheck/cve/bamboo.json
Please share the result with Atlassian Support to double-check that the Security Vulnerabilities are correct, along with the time response from the trace below:
Cause
This is caused due to the security vulnerability health check being introduced in the recent Atlassian Troubleshooting and Support Tools version since 1.34.0 and onward versions.
To make it work, your application needs to be able to access the following URL:
Since the https://atst-data.atl-paas.net is hosted by Cloudfront, the IP range list and Amazon web services and CloudFront need to be set in the proxy/firewall.
Usually, adding the *.atl-paas.net wildcard address to the Outgoing proxies whitelist would be enough, but if there is no proxy between Bamboo and the internet, the IP ACLs will need to be added manually on the Firewall or enable DNS-based ACLs if the firewall supports it.
Solution
- If a connection can’t be established, for example, if you’re using a restrictive firewall or proxy server settings, the tool won’t be able to fetch any updates to version data, security vulnerability or documentation.
- We recommend reviewing the forward proxy and/or firewall restrictions to allow access to *.atl-paas.net.
- A feature has been added under recent ATST version 1.36.1, where if it cannot allow access to *.atl-paas.net due to security policies, then the admin does have an option to disable this check. In case you disable this health check, then as expected Bamboo will not be able to report security vulnerabilities as a part of system health checks.
Workaround
- Create a local mirror of
https://atst-data.atl-paas.net/healthcheck/cve/<product>.json
on the company's premises, where<product>
=bamboo.
- On the local mirror, host the
<product>.json
file in the <URL>/healthcheck/cve
location Add the following entry to the Bamboo properties file
-Datst.data.url=https://cve.mydomain.net
- Bamboo will then follow https://cve.mydomain.net/healthcheck/cve/bamboo.json instead of reaching out to the Internet. This allows more control over the results and avoids messing with Firewall rules.