-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Blocker
-
Component/s: dependency-check-jenkins-plugin
-
None
*CLOSED
THE PLUGIN HAS TO BE FULLTY REMOVED (DELTION FROM JENKINS HOME) AND REINSTALLED AGAIN *
HiĀ
Jenkins 2.492.1Ā
OWASP Dependency-Check Ā Version: 5.6.0Ā
When we pullĀ the latest data, there is this errorĀ
Ā
at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 3303802] (through reference chain: io.github.jeremylong.openvulnerability.client.nvd.CveApiJson20["vulnerabilities"]>java.util.ArrayList[1471]>io.github.jeremylong.openvulnerability.client.nvd.DefCveItem["cve"]>io.github.jeremylong.openvulnerability.client.nvd.CveItem["metrics"]>io.github.jeremylong.openvulnerability.client.nvd.Metrics["cvssMetricV40"]>java.util.ArrayList[0]>io.github.jeremylong.openvulnerability.client.nvd.CvssV4["cvssData"]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data["modifiedSubIntegrityImpact"])
Ā Caused by: java.lang.IllegalArgumentException: SAFETY
The full log in the attached file
This breaking change means the plugin can't generate a report because it's trying to pull the data always , so even if we don't want to check for new data, it will pull them and fail on the parsing.
there is coreponidng issue for this in
https://github.com/jeremylong/open-vulnerability-cli/issues/270
https://github.com/dependency-check/DependencyCheck/issues/7468
Example job Setup
pipeline {
agent any
stages {
stage('owasp check ') {
steps {
dependencyCheck(
additionalArguments: '--scan target/',
nvdCredentialsId: 'owasp-key',
odcInstallation: 'owasp-check'
)
}
}
}
}
