Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-12682

dependency-check-maven plugin fails CI builds

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • 12.1.0.Final
    • 12.0.0.Final
    • Build
    • None

      CI builds for master are randomly failing because of the OWASP dependency-check-maven plugin:

      org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.owasp:dependency-check-maven:6.0.2:check (default-cli) on project infinispan-cachestore-jdbc: One or more exceptions occurred during dependency-check analysis
Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during analysis:
    Failed to request component-reports
    at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:644)
    at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1606)
    at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:883)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)

      I was not able to reproduce the failure locally, and the OWASP dependency check plugin does not log the actual errors. It uses a custom ExceptionCollection class to wrap multiple exceptions, instead of Throwable.addSuppressed() method added in Java 1.7, and the Maven logger bypasses ExceptionCollection.printStackTrace().

              Unassigned Unassigned
              dberinde@redhat.com Dan Berindei (Inactive)
              Archiver:
              rhn-support-adongare Amol Dongare

                Created:
                Updated:
                Resolved:
                Archived: