Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73382

Report parser fails on report file generated by dependency-check version 10

XMLWordPrintable

    • 5.5.1

      After using DependencyCheck Plugin 10.0.0 in our Maven project we see this error message in the job logs which might origin from the Jenkins dependency-check-plugin:

      Collecting Dependency-Check artifact
Parsing file /.../workspace/somejob/myproject/target/dependency-check-report.xml
ERROR: Unable to parse /.../workspace/somejob/myproject/target/dependency-check-report.xml

      The build is still successful. I don't see any problems with the structure of the XML. Just the values for the version are different.

      New in DependencyCheck 10.0.0 is the support for cvssV4 in the JSON.

      The XML itself uses the same schema:

      dependency-check-maven-9.0.9
      <?xml version="1.0"?>
<analysis xmlns="https://jeremylong.github.io/DependencyCheck/dependency-check.4.0.xsd">
	<scanInfo>
		<engineVersion>9.0.9</engineVersion>
		<dataSource>
<...>
      dependency-check-maven-10.0.0
      <?xml version="1.0"?>
<analysis xmlns="https://jeremylong.github.io/DependencyCheck/dependency-check.4.0.xsd">
	<scanInfo>
		<engineVersion>10.0.0</engineVersion>
		<dataSource>
<...>

      Can you verify this problem? I guess the plugin needs to be based on the new DependencyCheck version.

      See also https://github.com/jeremylong/DependencyCheck/issues/6746

        1. dependency-check-report_vulnerable.xml
          88 kB
        2. dependency-check-report.xml
          4 kB
        3. dependency-check-report-1.xml
          1 kB

            nfalco Nikolas Falco
            raap_subshell Daniel
            Votes:
            3 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved: