v2.0.1.1 fail to analyze NPM-Nodejs package.json

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Minor
    • Component/s: dependency-check-jenkins-plugin
    • None
    • Environment:
      Centos 7
      Jenkins 2.69
      OWASP Dependency-Check Plugin v2.0.1.1

      When I try analyze dependencies to a Nodejs project, the plugin fail every times. However when I exec analysis with NSP from Nodejs command line, it not fail.

      The plugin are connected to Internet because I cant see the requests to api.nodesecurity.io:443.

      I attached my package.json, package-lock.json and nsp-result.xml.
      [DependencyCheck] OWASP Dependency-Check Plugin v2.0.1.1
      [DependencyCheck] Executing Dependency-Check with the following options:
      [DependencyCheck] -name = job
      [DependencyCheck] -scanPath = /var/lib/jenkins/workspace/job
      [DependencyCheck] -outputDirectory = /var/lib/jenkins/workspace/job
      [DependencyCheck] -dataDirectory = /var/lib/jenkins/dependency-check-data
      [DependencyCheck] -dataMirroringType = none
      [DependencyCheck] -proxyServer = IP
      [DependencyCheck] -proxyPort = PORT
      [DependencyCheck] -isQuickQueryTimestampEnabled = true
      [DependencyCheck] -jarAnalyzerEnabled = true
      [DependencyCheck] -nodeJsAnalyzerEnabled = true
      [DependencyCheck] -nspAnalyzerEnabled = true
      [DependencyCheck] -composerLockAnalyzerEnabled = true
      [DependencyCheck] -pythonDistributionAnalyzerEnabled = true
      [DependencyCheck] -pythonPackageAnalyzerEnabled = true
      [DependencyCheck] -rubyBundlerAuditAnalyzerEnabled = true
      [DependencyCheck] -rubyGemAnalyzerEnabled = true
      [DependencyCheck] -cocoaPodsAnalyzerEnabled = true
      [DependencyCheck] -swiftPackageManagerAnalyzerEnabled = true
      [DependencyCheck] -archiveAnalyzerEnabled = true
      [DependencyCheck] -assemblyAnalyzerEnabled = true
      [DependencyCheck] -centralAnalyzerEnabled = true
      [DependencyCheck] -nuspecAnalyzerEnabled = true
      [DependencyCheck] -nexusAnalyzerEnabled = false
      [DependencyCheck] -autoconfAnalyzerEnabled = true
      [DependencyCheck] -cmakeAnalyzerEnabled = true
      [DependencyCheck] -opensslAnalyzerEnabled = true
      [DependencyCheck] -showEvidence = true
      [DependencyCheck] -formats = XML
      [DependencyCheck] -autoUpdate = false
      [DependencyCheck] -updateOnly = false
      [DependencyCheck] Scanning: /var/lib/jenkins/workspace/job
      [DependencyCheck] Analyzing Dependencies
      [DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.InitializationException
      [DependencyCheck] Cause: bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. Otherwise ensure that bundle-audit is installed and the path to bundle audit is correctly specified
      [DependencyCheck] Message: Exception from bundle-audit process: java.io.IOException: Cannot run program "bundle-audit" (in directory "/tmp/dctempff8f565b-d0cb-43a4-a6b2-561a347ad2d4"): error=2, No such file or directory. Disabling Ruby Bundle Audit Analyzer
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      [DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      [DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      [DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      [DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      [DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonArrayBuilderImpl$JsonArrayImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: java.lang.ClassCastException
      [DependencyCheck] Message: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      [DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      [DependencyCheck] Message: Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.
      Build step 'Invoke OWASP Dependency-Check analysis' changed build result to FAILURE
       

        1. nsp_report.xml
          4 kB
        2. package.json
          1.0 kB
        3. package-lock.json
          172 kB

            Assignee:
            Steve Springett
            Reporter:
            Yunier Sosa
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: