[JENKINS-73784] Dependency-Check 10.0.4 Plugin display no Vulnerabilities - Jenkins Jira

Type: Bug
Resolution: Not A Defect
Priority: Major
Component/s: dependency-check-jenkins-plugin
Labels:
None
Environment:
Jenkins 2.462.2
dependency-check-plugin version 5.5.1

Similar Issues:
Powered by SuggestiMate

Show

We run Jenkins in Kubernetes, OWASP Dependency-Check version 10.0.4 is started as a container and performs scans.

Jenkins plugin in pipeline display "No Vulnerabilities Found" but xml report does contains vulnerabilities.

Console output:

// + dependency-check -n -s . -f XML --prettyPrint -o report.xml
[INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
   About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
   False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Central Analyzer (1 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[WARN] Unable to determine Package-URL identifiers for 2 dependencies
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing XML report to: /home/jenkins/agent/workspace/build_tracing-config_master/report.xml
[Pipeline] }
[Pipeline] // script
[Pipeline] dependencyCheckPublisher
Collecting Dependency-Check artifact
Parsing file /home/jenkins/agent/workspace/build_tracing-config_master/report.xml

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

report.xml
17 kB
2024-09-17 07:43

is related to

JENKINS-73461 Dependency-Check 10.0.2 Plugin display no Vulnerabilities

Closed

Assignee:: Nikolas Falco

Reporter:: Igor

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024-09-16 13:42

Updated:: 2024-09-19 20:48

Resolved:: 2024-09-19 20:48

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates