-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Centos 7
Jenkins 2.69
OWASP Dependency-Check Plugin v2.0.1.1
When I try analyze dependencies to a Nodejs project, the plugin fail every times. However when I exec analysis with NSP from Nodejs command line, it not fail.
The plugin are connected to Internet because I cant see the requests to api.nodesecurity.io:443.
I attached my package.json, package-lock.json and nsp-result.xml.
[DependencyCheck] OWASP Dependency-Check Plugin v2.0.1.1
[DependencyCheck] Executing Dependency-Check with the following options:
[DependencyCheck] -name = job
[DependencyCheck] -scanPath = /var/lib/jenkins/workspace/job
[DependencyCheck] -outputDirectory = /var/lib/jenkins/workspace/job
[DependencyCheck] -dataDirectory = /var/lib/jenkins/dependency-check-data
[DependencyCheck] -dataMirroringType = none
[DependencyCheck] -proxyServer = IP
[DependencyCheck] -proxyPort = PORT
[DependencyCheck] -isQuickQueryTimestampEnabled = true
[DependencyCheck] -jarAnalyzerEnabled = true
[DependencyCheck] -nodeJsAnalyzerEnabled = true
[DependencyCheck] -nspAnalyzerEnabled = true
[DependencyCheck] -composerLockAnalyzerEnabled = true
[DependencyCheck] -pythonDistributionAnalyzerEnabled = true
[DependencyCheck] -pythonPackageAnalyzerEnabled = true
[DependencyCheck] -rubyBundlerAuditAnalyzerEnabled = true
[DependencyCheck] -rubyGemAnalyzerEnabled = true
[DependencyCheck] -cocoaPodsAnalyzerEnabled = true
[DependencyCheck] -swiftPackageManagerAnalyzerEnabled = true
[DependencyCheck] -archiveAnalyzerEnabled = true
[DependencyCheck] -assemblyAnalyzerEnabled = true
[DependencyCheck] -centralAnalyzerEnabled = true
[DependencyCheck] -nuspecAnalyzerEnabled = true
[DependencyCheck] -nexusAnalyzerEnabled = false
[DependencyCheck] -autoconfAnalyzerEnabled = true
[DependencyCheck] -cmakeAnalyzerEnabled = true
[DependencyCheck] -opensslAnalyzerEnabled = true
[DependencyCheck] -showEvidence = true
[DependencyCheck] -formats = XML
[DependencyCheck] -autoUpdate = false
[DependencyCheck] -updateOnly = false
[DependencyCheck] Scanning: /var/lib/jenkins/workspace/job
[DependencyCheck] Analyzing Dependencies
[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.InitializationException
[DependencyCheck] Cause: bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. Otherwise ensure that bundle-audit is installed and the path to bundle audit is correctly specified
[DependencyCheck] Message: Exception from bundle-audit process: java.io.IOException: Cannot run program "bundle-audit" (in directory "/tmp/dctempff8f565b-d0cb-43a4-a6b2-561a347ad2d4"): error=2, No such file or directory. Disabling Ruby Bundle Audit Analyzer
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
[DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
[DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
[DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
[DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
[DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonArrayBuilderImpl$JsonArrayImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: java.lang.ClassCastException
[DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
[DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
[DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
Build step 'Invoke OWASP Dependency-Check analysis' changed build result to FAILURE