Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46868

DependencyCheck AnalysisException connect timed out

    Details

    • Similar Issues:

      Description

      Since I come back from holidays, I got the following error on my job:
      16:30:15 [DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
      16:30:15 [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      16:30:15 [DependencyCheck] Cause: connect timed out
      16:30:15 [DependencyCheck] Message: connect timed out
       

      Before the holidays, plugin version was OWASP Dependency-Check Plugin v1.4.5  and now it's OWASP Dependency-Check Plugin v2.1.0 .
      We have no idea on which connection is attempted to result this exception.

      Does exist a way to make the plugin more verbose ? test the connection ?
      Thanks

        Attachments

          Activity

          Hide
          boly38 Brice V added a comment -

          A solution has been found on our side by the FaaS team.
          Plugin were configured (Jenkins admin) to bypass proxy: "OWASP Dependency-Check" / "Bypass proxy to download NVD data feeds" checked.
          This because CVE endpoints are on our intranet and proxy must not be used in our case.
          The issue was for the "Node Security Platform analyzer" ("OWASP Dependency-Check: Experimental Analyzers"). 
          Seems that this analyzer have to access to "nodesecurity.io" but as "Bypass" proxy options is enabled, this result in connect timeout. Seems that nonProxyHosts are not well handled by this library. That point should be tested and confirmed by DependencyCheck team.
          Regards

          Show
          boly38 Brice V added a comment - A solution has been found on our side by the FaaS team. Plugin were configured (Jenkins admin) to bypass proxy: "OWASP Dependency-Check" / "Bypass proxy to download NVD data feeds" checked. This because CVE endpoints are on our intranet and proxy must not be used in our case. The issue was for the "Node Security Platform analyzer" ("OWASP Dependency-Check: Experimental Analyzers").  Seems that this analyzer have to access to "nodesecurity.io" but as "Bypass" proxy options is enabled, this result in connect timeout. Seems that nonProxyHosts are not well handled by this library. That point should be tested and confirmed by DependencyCheck team. Regards
          Hide
          boly38 Brice V added a comment - - edited

          removing experimental "Node Security Platform analyzer" or avoid bypassing proxy are short term workarounds (for enduser that rely on proxy).

          Show
          boly38 Brice V added a comment - - edited removing experimental "Node Security Platform analyzer" or avoid bypassing proxy are short term workarounds (for enduser that rely on proxy).

            People

            • Assignee:
              Unassigned
              Reporter:
              boly38 Brice V
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: