-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
Docker: jenkins/jenkins:2.60.3-alpine
dependency-check-jenkins-plugin: 2.1.1
analysis-core: 1.9.2
Currently the default global configuration requires 'bundler-audit' to be installed, otherwise the build will result in a failure. This requirement appears to be undocumented and is an issue for provisioned Jenkins Pipeline jobs since we currently lack a possibility to disable analyzers from the pipeline syntax (JENKINS-46739).
Console output
[Pipeline] stage [Pipeline] { (Generating reports) [Pipeline] dependencyCheckAnalyzer [DependencyCheck] OWASP Dependency-Check Plugin v2.1.1 [DependencyCheck] Executing Dependency-Check with the following options: [DependencyCheck] -name = Project [DependencyCheck] -scanPath = /data/jenkins_slaves/jenkins/workspace/Project [DependencyCheck] -outputDirectory = /data/jenkins_slaves/jenkins/workspace/Project [DependencyCheck] -dataDirectory = /data/jenkins_slaves/jenkins/owasp/nvd [DependencyCheck] -dataMirroringType = none [DependencyCheck] -isQuickQueryTimestampEnabled = true [DependencyCheck] -jarAnalyzerEnabled = true [DependencyCheck] -nodeJsAnalyzerEnabled = true [DependencyCheck] -nspAnalyzerEnabled = true [DependencyCheck] -composerLockAnalyzerEnabled = true [DependencyCheck] -pythonDistributionAnalyzerEnabled = true [DependencyCheck] -pythonPackageAnalyzerEnabled = true [DependencyCheck] -rubyBundlerAuditAnalyzerEnabled = true [DependencyCheck] -rubyGemAnalyzerEnabled = true [DependencyCheck] -cocoaPodsAnalyzerEnabled = true [DependencyCheck] -swiftPackageManagerAnalyzerEnabled = true [DependencyCheck] -archiveAnalyzerEnabled = true [DependencyCheck] -assemblyAnalyzerEnabled = true [DependencyCheck] -centralAnalyzerEnabled = true [DependencyCheck] -nuspecAnalyzerEnabled = true [DependencyCheck] -nexusAnalyzerEnabled = false [DependencyCheck] -autoconfAnalyzerEnabled = true [DependencyCheck] -cmakeAnalyzerEnabled = true [DependencyCheck] -opensslAnalyzerEnabled = true [DependencyCheck] -showEvidence = true [DependencyCheck] -formats = XML [DependencyCheck] -autoUpdate = false [DependencyCheck] -updateOnly = false [DependencyCheck] Scanning: /data/jenkins_slaves/jenkins/workspace/Project [DependencyCheck] Analyzing Dependencies [DependencyCheck] One or more exceptions were thrown while executing Dependency-Check [DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.InitializationException [DependencyCheck] Cause: bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. Otherwise ensure that bundle-audit is installed and the path to bundle audit is correctly specified [DependencyCheck] Message: Exception from bundle-audit process: java.io.IOException: Cannot run program "bundle-audit" (in directory "/tmp/dctemp18947d71-004e-485e-bb3e-bcbf5b20d974"): error=2, No such file or directory. Disabling Ruby Bundle Audit Analyzer [DependencyCheck] org.owasp.dependencycheck.exception.InitializationException: Exception from bundle-audit process: java.io.IOException: Cannot run program "bundle-audit" (in directory "/tmp/dctemp18947d71-004e-485e-bb3e-bcbf5b20d974"): error=2, No such file or directory. Disabling Ruby Bundle Audit Analyzer [DependencyCheck] at org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer.initializeFileTypeAnalyzer(RubyBundleAuditAnalyzer.java:163) [DependencyCheck] at org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer.initializeAnalyzer(AbstractFileTypeAnalyzer.java:79) [DependencyCheck] at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.initialize(AbstractAnalyzer.java:135) [DependencyCheck] at org.owasp.dependencycheck.Engine.initializeAnalyzer(Engine.java:776) [DependencyCheck] at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:620) [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:167) [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:98) [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:46) [DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:153) [DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:50) [DependencyCheck] at hudson.remoting.Request$2.run(Request.java:336) [DependencyCheck] at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) [DependencyCheck] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [DependencyCheck] at java.lang.Thread.run(Thread.java:748) [DependencyCheck] Caused by: org.owasp.dependencycheck.analyzer.exception.AnalysisException: bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. Otherwise ensure that bundle-audit is installed and the path to bundle audit is correctly specified [DependencyCheck] at org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer.launchBundleAudit(RubyBundleAuditAnalyzer.java:134) [DependencyCheck] at org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer.initializeFileTypeAnalyzer(RubyBundleAuditAnalyzer.java:158) [DependencyCheck] ... 15 more [DependencyCheck] Caused by: java.io.IOException: Cannot run program "bundle-audit" (in directory "/tmp/dctemp18947d71-004e-485e-bb3e-bcbf5b20d974"): error=2, No such file or directory [DependencyCheck] at java.lang.ProcessBuilder.start(ProcessBuilder.java:1048) [DependencyCheck] at org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer.launchBundleAudit(RubyBundleAuditAnalyzer.java:132) [DependencyCheck] ... 16 more [DependencyCheck] Caused by: java.io.IOException: error=2, No such file or directory [DependencyCheck] at java.lang.UNIXProcess.forkAndExec(Native Method) [DependencyCheck] at java.lang.UNIXProcess.<init>(UNIXProcess.java:247) [DependencyCheck] at java.lang.ProcessImpl.start(ProcessImpl.java:134) [DependencyCheck] at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029) [DependencyCheck] ... 17 more [DependencyCheck] [Pipeline] dependencyCheckPublisher [DependencyCheck] Skipping publisher since build result is FAILURE [Pipeline] archiveArtifacts Skipped archiving because build is not successful [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline Finished: FAILURE
Pipeline syntax
stage ("Generating reports") { dependencyCheckAnalyzer datadir: '', hintsFile: '', isFailOnErrorDisabled: true, includeCsvReports: false, includeHtmlReports: false, includeJsonReports: false, isAutoupdateDisabled: true, outdir: '', scanpath: '', skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: '', zipExtensions: '' }