Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47991

OWASP Dependency Check Plugin: HTTP 400 when trying to connect to MavenCentral

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Since some days the OWASP Dependency Check plugin always fails.

      The following information is logged:

      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      [DependencyCheck] Cause: Finally failed connecting to Central search. Giving up after 5 tries.
      [DependencyCheck] Message: Could not connect to Central search. Analysis failed.
      [DependencyCheck] org.owasp.dependencycheck.analyzer.exception.AnalysisException: Could not connect to Central search. Analysis failed.
      [DependencyCheck] 	at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:244)
      [DependencyCheck] 	at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:137)
      [DependencyCheck] 	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
      [DependencyCheck] 	at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
      [DependencyCheck] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      [DependencyCheck] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      [DependencyCheck] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      [DependencyCheck] 	at java.lang.Thread.run(Thread.java:745)
      [DependencyCheck] Caused by: java.io.IOException: Finally failed connecting to Central search. Giving up after 5 tries.
      [DependencyCheck] 	at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:288)
      [DependencyCheck] 	at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:198)
      [DependencyCheck] 	... 7 more
      [DependencyCheck] Caused by: java.io.IOException: Could not connect to MavenCentral (400): Bad Request
      [DependencyCheck] 	at org.owasp.dependencycheck.data.central.CentralSearch.searchSha1(CentralSearch.java:181)
      [DependencyCheck] 	at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:266)
      [DependencyCheck] 	... 8 more

      The site https://search.maven.org can be reached with curl from the machine where Jenkins is executed.

        Attachments

          Activity

          Hide
          cplaetzinger Christian Plätzinger added a comment -

          Tried to setup the OWASP Dependency Check plugin and encountered the same issue

          Show
          cplaetzinger Christian Plätzinger added a comment - Tried to setup the OWASP Dependency Check plugin and encountered the same issue
          Hide
          burberius Jens Oberender added a comment - - edited

          I found this issue via a Google search.

          I encounter the same problem, but on Gitlab CI. So in fact it's not a problem of the jenkins plugin but the maven-dependency-check plugin.

          There is already an issue about that: https://github.com/jeremylong/DependencyCheck/issues/978

          Show
          burberius Jens Oberender added a comment - - edited I found this issue via a Google search. I encounter the same problem, but on Gitlab CI. So in fact it's not a problem of the jenkins plugin but the maven-dependency-check plugin. There is already an issue about that:  https://github.com/jeremylong/DependencyCheck/issues/978
          Hide
          cplaetzinger Christian Plätzinger added a comment -

          I use the maven plugin. Adding

          <centralAnalyzerEnabled>false</centralAnalyzerEnabled>

          to the configuration solved the issue temporary. Should be of course enabled again once https://github.com/jeremylong/DependencyCheck/issues/978 is released.

          Show
          cplaetzinger Christian Plätzinger added a comment - I use the maven plugin. Adding <centralAnalyzerEnabled> false </centralAnalyzerEnabled> to the configuration solved the issue temporary. Should be of course enabled again once  https://github.com/jeremylong/DependencyCheck/issues/978  is released.
          Hide
          eska_muc S. K. added a comment - - edited

          Reduced priority from "Blocker" to "Major", because there's a workaround (thanks Jens Oberender for giving the hint to the GitHub Issue):

          In "Manage Jenkins"/"Configure System" navigate to section "OWASP Dependency Check" and open "Advanced ...". Uncheck "Enable Maven Central analyzer" in section "OWASP Dependency-Check: Standard Analyzers"

           

          Show
          eska_muc S. K. added a comment - - edited Reduced priority from "Blocker" to "Major", because there's a workaround (thanks Jens Oberender for giving the hint to the GitHub Issue): In "Manage Jenkins"/"Configure System" navigate to section "OWASP Dependency Check" and open "Advanced ...". Uncheck "Enable Maven Central analyzer" in section "OWASP Dependency-Check: Standard Analyzers"  
          Hide
          sspringett Steve Springett added a comment -

          This issue has been fixed in v3.0.2 released today.

          Show
          sspringett Steve Springett added a comment - This issue has been fixed in v3.0.2 released today.

            People

            Assignee:
            sspringett Steve Springett
            Reporter:
            eska_muc S. K.
            Votes:
            3 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: