*CLOSED

THE PLUGIN HAS TO BE FULLTY REMOVED (DELTION FROM JENKINS HOME) AND REINSTALLED AGAIN *

Hi 

Jenkins 2.492.1 

OWASP Dependency-Check   Version: 5.6.0 

When we pull  the latest data, there is this error 

 
at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 3303802] (through reference chain: io.github.jeremylong.openvulnerability.client.nvd.CveApiJson20["vulnerabilities"]>java.util.ArrayList[1471]>io.github.jeremylong.openvulnerability.client.nvd.DefCveItem["cve"]>io.github.jeremylong.openvulnerability.client.nvd.CveItem["metrics"]>io.github.jeremylong.openvulnerability.client.nvd.Metrics["cvssMetricV40"]>java.util.ArrayList[0]>io.github.jeremylong.openvulnerability.client.nvd.CvssV4["cvssData"]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data["modifiedSubIntegrityImpact"])

 Caused by: java.lang.IllegalArgumentException: SAFETY

The full log in the attached file

This breaking change means the plugin can't generate a report because it's trying to pull the data always , so even if we don't want to check for new data, it will pull them and fail on the parsing.

there is coreponidng issue for this in
https://github.com/jeremylong/open-vulnerability-cli/issues/270
https://github.com/dependency-check/DependencyCheck/issues/7468

Example job Setup

pipeline {
    agent any
    
    stages {
 
 
        stage('owasp check  ') {
            steps {
                dependencyCheck(
                additionalArguments: '--scan target/',
                nvdCredentialsId: 'owasp-key',
                odcInstallation: 'owasp-check'
                )
            }
        }
        
    }
}