-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major
-
Component/s: dependency-check-jenkins-plugin, other
-
Environment:Jenkins 2.73.2, OWASP Dependency Check Plugin 3.0.1
Since some days the OWASP Dependency Check plugin always fails.
The following information is logged:
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException [DependencyCheck] Cause: Finally failed connecting to Central search. Giving up after 5 tries. [DependencyCheck] Message: Could not connect to Central search. Analysis failed. [DependencyCheck] org.owasp.dependencycheck.analyzer.exception.AnalysisException: Could not connect to Central search. Analysis failed. [DependencyCheck] at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:244) [DependencyCheck] at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:137) [DependencyCheck] at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88) [DependencyCheck] at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37) [DependencyCheck] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [DependencyCheck] at java.lang.Thread.run(Thread.java:745) [DependencyCheck] Caused by: java.io.IOException: Finally failed connecting to Central search. Giving up after 5 tries. [DependencyCheck] at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:288) [DependencyCheck] at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:198) [DependencyCheck] ... 7 more [DependencyCheck] Caused by: java.io.IOException: Could not connect to MavenCentral (400): Bad Request [DependencyCheck] at org.owasp.dependencycheck.data.central.CentralSearch.searchSha1(CentralSearch.java:181) [DependencyCheck] at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:266) [DependencyCheck] ... 8 more
The site https://search.maven.org can be reached with curl from the machine where Jenkins is executed.
