Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46746

Default configuration shouldn't fail on missing 'bundler-audit'

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • dependency-check-jenkins-plugin
    • None
    • Docker: jenkins/jenkins:2.60.3-alpine
      dependency-check-jenkins-plugin: 2.1.1
      analysis-core: 1.9.2

      Currently the default global configuration requires 'bundler-audit' to be installed, otherwise the build will result in a failure. This requirement appears to be undocumented and is an issue for provisioned Jenkins Pipeline jobs since we currently lack a possibility to disable analyzers from the pipeline syntax (JENKINS-46739).

      Console output

      [Pipeline] stage
[Pipeline] { (Generating reports)
[Pipeline] dependencyCheckAnalyzer
[DependencyCheck] OWASP Dependency-Check Plugin v2.1.1
[DependencyCheck] Executing Dependency-Check with the following options:
[DependencyCheck]  -name = Project
[DependencyCheck]  -scanPath = /data/jenkins_slaves/jenkins/workspace/Project
[DependencyCheck]  -outputDirectory = /data/jenkins_slaves/jenkins/workspace/Project
[DependencyCheck]  -dataDirectory = /data/jenkins_slaves/jenkins/owasp/nvd
[DependencyCheck]  -dataMirroringType = none
[DependencyCheck]  -isQuickQueryTimestampEnabled = true
[DependencyCheck]  -jarAnalyzerEnabled = true
[DependencyCheck]  -nodeJsAnalyzerEnabled = true
[DependencyCheck]  -nspAnalyzerEnabled = true
[DependencyCheck]  -composerLockAnalyzerEnabled = true
[DependencyCheck]  -pythonDistributionAnalyzerEnabled = true
[DependencyCheck]  -pythonPackageAnalyzerEnabled = true
[DependencyCheck]  -rubyBundlerAuditAnalyzerEnabled = true
[DependencyCheck]  -rubyGemAnalyzerEnabled = true
[DependencyCheck]  -cocoaPodsAnalyzerEnabled = true
[DependencyCheck]  -swiftPackageManagerAnalyzerEnabled = true
[DependencyCheck]  -archiveAnalyzerEnabled = true
[DependencyCheck]  -assemblyAnalyzerEnabled = true
[DependencyCheck]  -centralAnalyzerEnabled = true
[DependencyCheck]  -nuspecAnalyzerEnabled = true
[DependencyCheck]  -nexusAnalyzerEnabled = false
[DependencyCheck]  -autoconfAnalyzerEnabled = true
[DependencyCheck]  -cmakeAnalyzerEnabled = true
[DependencyCheck]  -opensslAnalyzerEnabled = true
[DependencyCheck]  -showEvidence = true
[DependencyCheck]  -formats = XML
[DependencyCheck]  -autoUpdate = false
[DependencyCheck]  -updateOnly = false
[DependencyCheck] Scanning: /data/jenkins_slaves/jenkins/workspace/Project
[DependencyCheck] Analyzing Dependencies

[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.InitializationException
[DependencyCheck] Cause: bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. Otherwise ensure that bundle-audit is installed and the path to bundle audit is correctly specified
[DependencyCheck] Message: Exception from bundle-audit process: java.io.IOException: Cannot run program "bundle-audit" (in directory "/tmp/dctemp18947d71-004e-485e-bb3e-bcbf5b20d974"): error=2, No such file or directory. Disabling Ruby Bundle Audit Analyzer
[DependencyCheck] org.owasp.dependencycheck.exception.InitializationException: Exception from bundle-audit process: java.io.IOException: Cannot run program "bundle-audit" (in directory "/tmp/dctemp18947d71-004e-485e-bb3e-bcbf5b20d974"): error=2, No such file or directory. Disabling Ruby Bundle Audit Analyzer
[DependencyCheck]     at org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer.initializeFileTypeAnalyzer(RubyBundleAuditAnalyzer.java:163)
[DependencyCheck]     at org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer.initializeAnalyzer(AbstractFileTypeAnalyzer.java:79)
[DependencyCheck]     at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.initialize(AbstractAnalyzer.java:135)
[DependencyCheck]     at org.owasp.dependencycheck.Engine.initializeAnalyzer(Engine.java:776)
[DependencyCheck]     at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:620)
[DependencyCheck]     at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:167)
[DependencyCheck]     at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:98)
[DependencyCheck]     at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:46)
[DependencyCheck]     at hudson.remoting.UserRequest.perform(UserRequest.java:153)
[DependencyCheck]     at hudson.remoting.UserRequest.perform(UserRequest.java:50)
[DependencyCheck]     at hudson.remoting.Request$2.run(Request.java:336)
[DependencyCheck]     at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
[DependencyCheck]     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[DependencyCheck]     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[DependencyCheck]     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[DependencyCheck]     at java.lang.Thread.run(Thread.java:748)
[DependencyCheck] Caused by: org.owasp.dependencycheck.analyzer.exception.AnalysisException: bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. Otherwise ensure that bundle-audit is installed and the path to bundle audit is correctly specified
[DependencyCheck]     at org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer.launchBundleAudit(RubyBundleAuditAnalyzer.java:134)
[DependencyCheck]     at org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer.initializeFileTypeAnalyzer(RubyBundleAuditAnalyzer.java:158)
[DependencyCheck]     ... 15 more
[DependencyCheck] Caused by: java.io.IOException: Cannot run program "bundle-audit" (in directory "/tmp/dctemp18947d71-004e-485e-bb3e-bcbf5b20d974"): error=2, No such file or directory
[DependencyCheck]     at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048)
[DependencyCheck]     at org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer.launchBundleAudit(RubyBundleAuditAnalyzer.java:132)
[DependencyCheck]     ... 16 more
[DependencyCheck] Caused by: java.io.IOException: error=2, No such file or directory
[DependencyCheck]     at java.lang.UNIXProcess.forkAndExec(Native Method)
[DependencyCheck]     at java.lang.UNIXProcess.<init>(UNIXProcess.java:247)
[DependencyCheck]     at java.lang.ProcessImpl.start(ProcessImpl.java:134)
[DependencyCheck]     at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029)
[DependencyCheck]     ... 17 more
[DependencyCheck]
[Pipeline] dependencyCheckPublisher
[DependencyCheck] Skipping publisher since build result is FAILURE
[Pipeline] archiveArtifacts
Skipped archiving because build is not successful
[Pipeline] }

[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: FAILURE

      Pipeline syntax

      stage ("Generating reports") {
        dependencyCheckAnalyzer datadir: '',
                hintsFile: '',
                isFailOnErrorDisabled: true,
                includeCsvReports: false,
                includeHtmlReports: false,
                includeJsonReports: false,
                isAutoupdateDisabled: true,
                outdir: '',
                scanpath: '',
                skipOnScmChange: false,
                skipOnUpstreamChange: false,
                suppressionFile: '',
                zipExtensions: ''
}

        1. Screen Shot 2017-11-30 at 2.20.50 PM.png
          Screen Shot 2017-11-30 at 2.20.50 PM.png
          98 kB

            Unassigned Unassigned
            code_bunny H. Izaak
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: