Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-57203

OWASP Dependency-Check Plugin is unable to read results from the Node Security Project (NspAnalyzer)

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Hello,

      I have configured OWASP Dependency Check Plugin for security scan but I am getting following error in console output :

       

      [DependencyCheck] Scanning: /var/lib/jenkins/workspace/XXXXXXXXXXXXXXX
      [DependencyCheck] Analyzing Dependencies
      [DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
      [DependencyCheck] Exception Caught: org.owasp.dependencycheck.analyzer.exception.AnalysisException
      [DependencyCheck] Cause: api.nodesecurity.io
      [DependencyCheck] Message: Failed to read results from the Node Security Project (NspAnalyzer); the analyzer is being disabled and may result in false negatives.
      [DependencyCheck] org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to read results from the Node Security Project (NspAnalyzer); the analyzer is being disabled and may result in false negatives.
      [DependencyCheck] at org.owasp.dependencycheck.analyzer.NspAnalyzer.analyzeDependency(NspAnalyzer.java:222)
      [DependencyCheck] at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:136)
      [DependencyCheck] at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
      [DependencyCheck] at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
      [DependencyCheck] at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      [DependencyCheck] at java.lang.Thread.run(Thread.java:748)
      [DependencyCheck] Caused by: java.net.UnknownHostException: api.nodesecurity.io
      [DependencyCheck] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
      [DependencyCheck] at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
      [DependencyCheck] at java.net.Socket.connect(Socket.java:589)
      [DependencyCheck] at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
      [DependencyCheck] at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
      [DependencyCheck] at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
      [DependencyCheck] at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
      [DependencyCheck] at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
      [DependencyCheck] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
      [DependencyCheck] at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1156)
      [DependencyCheck] at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050)
      [DependencyCheck] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
      [DependencyCheck] at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
      [DependencyCheck] at org.owasp.dependencycheck.data.nsp.NspSearch.submitPackage(NspSearch.java:114)
      [DependencyCheck] at org.owasp.dependencycheck.analyzer.NspAnalyzer.analyzeDependency(NspAnalyzer.java:179)
      [DependencyCheck] ... 7 more
      [DependencyCheck]

        Attachments

          Activity

          Hide
          sspringett Steve Springett added a comment -

          NSP was removed from Dependency-Check in v3.3.4 - current version is 4.0.2. Also, I do not open random word documents. Upgrade to 4.0.2 and the issue should disappear. Additionally, the functionality reported is not specific to the Jenkins plugin, rather, part of Dependency-Check itself (Jenkins simply wraps it). If you continue to experience this issue, you'll need to open an issue on the Dependency-Check project.

          Show
          sspringett Steve Springett added a comment - NSP was removed from Dependency-Check in v3.3.4 - current version is 4.0.2. Also, I do not open random word documents. Upgrade to 4.0.2 and the issue should disappear. Additionally, the functionality reported is not specific to the Jenkins plugin, rather, part of Dependency-Check itself (Jenkins simply wraps it). If you continue to experience this issue, you'll need to open an issue on the Dependency-Check project.
          Hide
          anujgupta Anuj Gupta added a comment -

          Hi Steve,

          Thanks for your quick response. I tried updating the version to 4.0.2 but getting following error while upgrading. 

          Even I tried to upload .hpi of latest version... In that case also, page throws error after uploading 50% of plugin. 

          I tried many other things also but nothing is working. Plz help me out.

           

          OWASP Dependency-Check  Failure -java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:210) at java.net.SocketInputStream.read(SocketInputStream.java:141) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) at java.io.BufferedInputStream.read(BufferedInputStream.java:345) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:735) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:678) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:706) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:3000) at java.net.URLConnection.getHeaderFieldLong(URLConnection.java:629) at java.net.URLConnection.getContentLengthLong(URLConnection.java:501) at java.net.URLConnection.getContentLength(URLConnection.java:485) at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1126) Caused: java.net.SocketException: Connection reset at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1944) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1939) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1938) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1508) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1139) Caused: java.io.IOException: Failed to load http://updates.jenkins-ci.org/download/plugins/dependency-check-jenkins-plugin/4.0.2/dependency-check-jenkins-plugin.hpi to /var/lib/jenkins/plugins/dependency-check-jenkins-plugin.jpi.tmp at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1146) Caused: hudson.util.IOException2: Failed to download from http://updates.jenkins-ci.org/download/plugins/dependency-check-jenkins-plugin/4.0.2/dependency-check-jenkins-plugin.hpi at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1172) at hudson.model.UpdateCenter$DownloadJob._run(UpdateCenter.java:1677) at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:1874) at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1651) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at hudson.remoting.AtmostOneThreadExecutor$Worker.run(AtmostOneThreadExecutor.java:112) at java.lang.Thread.run(Thread.java:748)

           

          Thanks

          Anuj Gupta

          Show
          anujgupta Anuj Gupta added a comment - Hi Steve, Thanks for your quick response. I tried updating the version to 4.0.2 but getting following error while upgrading.  Even I tried to upload .hpi of latest version... In that case also, page throws error after uploading 50% of plugin.  I tried many other things also but nothing is working. Plz help me out.   OWASP Dependency-Check  Failure -java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:210) at java.net.SocketInputStream.read(SocketInputStream.java:141) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) at java.io.BufferedInputStream.read(BufferedInputStream.java:345) at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:735) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:678) at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:706) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:3000) at java.net.URLConnection.getHeaderFieldLong(URLConnection.java:629) at java.net.URLConnection.getContentLengthLong(URLConnection.java:501) at java.net.URLConnection.getContentLength(URLConnection.java:485) at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1126) Caused: java.net.SocketException: Connection reset at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1944) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1939) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1938) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1508) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1139) Caused: java.io.IOException: Failed to load http://updates.jenkins-ci.org/download/plugins/dependency-check-jenkins-plugin/4.0.2/dependency-check-jenkins-plugin.hpi to /var/lib/jenkins/plugins/dependency-check-jenkins-plugin.jpi.tmp at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1146) Caused: hudson.util.IOException2: Failed to download from http://updates.jenkins-ci.org/download/plugins/dependency-check-jenkins-plugin/4.0.2/dependency-check-jenkins-plugin.hpi at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1172) at hudson.model.UpdateCenter$DownloadJob._run(UpdateCenter.java:1677) at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:1874) at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1651) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at hudson.remoting.AtmostOneThreadExecutor$Worker.run(AtmostOneThreadExecutor.java:112) at java.lang.Thread.run(Thread.java:748)   Thanks Anuj Gupta
          Hide
          anujgupta Anuj Gupta added a comment -

          While updating plugin under 'Advanced' tab'of 'Manage Plugins', the progress percentage  shows till 52% of plugin update and after that I got "Page cannot be displayed" error. Please find attached the screenshot where the page stucks in Jenkins Plugin Manager.

          Thanks

          Anuj Gupta 

          OWASP Dependency Check.docx

          Show
          anujgupta Anuj Gupta added a comment - While updating plugin under 'Advanced' tab'of 'Manage Plugins', the progress percentage  shows till 52% of plugin update and after that I got "Page cannot be displayed" error. Please find attached the screenshot where the page stucks in Jenkins Plugin Manager. Thanks Anuj Gupta  OWASP Dependency Check.docx

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            anujgupta Anuj Gupta
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: