Started by user Running as SYSTEM [EnvInject] - Loading node environment variables. Building remotely on XXX (linux) in workspace /var/lib/jenkins/workspace/ODC-PLUGIN [WS-CLEANUP] Deleting project workspace... [WS-CLEANUP] Deferred wipeout is used... [WS-CLEANUP] Done The recommended git tool is: git using credential JenkinsAE-AzDO-Zugriff Cloning the remote Git repository Cloning repository XXX > git init /var/lib/jenkins/workspace/ODC-PLUGIN # timeout=10 Fetching upstream changes from XXX > git --version # timeout=10 > git --version # 'git version 2.43.5' using GIT_ASKPASS to set credentials Jenkins Setting http proxy: proxy-server-intern.sha.vrkw.de:8080 > git fetch --tags --force --progress -- XXX +refs/heads/*:refs/remotes/origin/* # timeout=10 > git config remote.origin.url XXX # timeout=10 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10 Avoid second fetch > git rev-parse refs/remotes/origin/feature/OwaspDB^{commit} # timeout=10 Checking out Revision b6a14baf31e38be8a00e0b6f37aa9350e6404375 (refs/remotes/origin/feature/OwaspDB) > git config core.sparsecheckout # timeout=10 > git checkout -f b6a14baf31e38be8a00e0b6f37aa9350e6404375 # timeout=10 Commit message: "Updated pom.xml" > git rev-list --no-walk b6a14baf31e38be8a00e0b6f37aa9350e6404375 # timeout=10 Injecting SonarQube environment variables using the configuration: SonarQube No emails were triggered. Parsing POMs Established TCP socket on 39171 maven35-agent.jar already up to date maven35-interceptor.jar already up to date maven3-interceptor-commons.jar already up to date [ODC-PLUGIN] $ /var/lib/jenkins/tools/jdk-11/bin/java -Xmx1024m -cp /var/lib/jenkins/maven35-agent.jar:/var/lib/jenkins/tools/apache-maven/boot/plexus-classworlds-2.6.0.jar:/var/lib/jenkins/tools/apache-maven/conf/logging jenkins.maven3.agent.Maven35Main /var/lib/jenkins/tools/apache-maven /var/lib/jenkins/remoting.jar /var/lib/jenkins/maven35-interceptor.jar /var/lib/jenkins/maven3-interceptor-commons.jar 39171 <===[JENKINS REMOTING CAPACITY]===>channel started Executing Maven: -B -f /var/lib/jenkins/workspace/ODC-PLUGIN/pom.xml -s /home/jenkins/.m2/settings.xml -Psecurity-check verify -DskipTests [INFO] Scanning for projects... [INFO] ------------------------------------------------------------------------ [INFO] Reactor Build Order: [INFO] [INFO] BSH-Info Smart Client [jar] [INFO] BSH-Info Smart Server [jar] [INFO] OWASP-TEST-PIPELINE [pom] [INFO] [INFO] --------------< de.shgruppe.bi.vcmobile:vcmobile-client >--------------- [INFO] Building BSH-Info Smart Client 1.6.9-SNAPSHOT [1/3] [INFO] --------------------------------[ jar ]--------------------------------- [INFO] [INFO] --- maven-enforcer-plugin:3.0.0-M1:enforce (enforce-project-rules) @ vcmobile-client --- [INFO] noSnapshotsInDependencyManagement: Skipping since not a release. [INFO] [INFO] --- frontend-maven-plugin:1.7.6:install-node-and-npm (installNodeAndNpm) @ vcmobile-client --- [INFO] Installing node version v14.16.0 [INFO] Unpacking /var/lib/jenkins/local-maven-repo-INT/com/github/eirslett/node/14.16.0/node-14.16.0-linux-x64.tar.gz into /var/lib/jenkins/workspace/ODC-PLUGIN/client/target/node/tmp [INFO] Copying node binary from /var/lib/jenkins/workspace/ODC-PLUGIN/client/target/node/tmp/node-v14.16.0-linux-x64/bin/node to /var/lib/jenkins/workspace/ODC-PLUGIN/client/target/node/node [INFO] Extracting NPM [INFO] Installed node locally. [INFO] [INFO] --- frontend-maven-plugin:1.7.6:npm (npmInstall) @ vcmobile-client --- [INFO] npm not inheriting proxy config from Maven [INFO] Running 'npm ci' in /var/lib/jenkins/workspace/ODC-PLUGIN/client [INFO] [INFO] > nice-napi@1.0.2 install /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/nice-napi [INFO] > node-gyp-build [INFO] [INFO] [INFO] > esbuild@0.14.2 postinstall /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/esbuild [INFO] > node install.js [INFO] [INFO] [INFO] > core-js@3.19.3 postinstall /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@angular-devkit/build-angular/node_modules/core-js [INFO] > node -e "try{require('./postinstall')}catch(e){}" [INFO] [INFO] [INFO] > core-js@3.20.2 postinstall /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/core-js [INFO] > node -e "try{require('./postinstall')}catch(e){}" [INFO] [INFO] [INFO] > @fortawesome/fontawesome-free@5.15.4 postinstall /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@fortawesome/fontawesome-free [INFO] > node attribution.js [INFO] [INFO] Font Awesome Free 5.15.4 by @fontawesome - https://fontawesome.com [INFO] License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) [INFO] [INFO] [INFO] > @angular/cli@13.1.2 postinstall /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@angular/cli [INFO] > node ./bin/postinstall/script.js [INFO] [INFO] added 1282 packages in 8.166s [INFO] [INFO] --- frontend-maven-plugin:1.7.6:npm (npmBuild) @ vcmobile-client --- [INFO] npm not inheriting proxy config from Maven [INFO] Running 'npm run build-production' in /var/lib/jenkins/workspace/ODC-PLUGIN/client [INFO] [INFO] > vcmobile@1.6.9-SNAPSHOT build-production /var/lib/jenkins/workspace/ODC-PLUGIN/client [INFO] > ng build --configuration production --outputHashing=all --output-path dist/META-INF/resources [INFO] [ERROR] - Generating browser application bundles (phase: setup)... [ERROR] ✔ Browser application bundle generation complete. [ERROR] ✔ Browser application bundle generation complete. [ERROR] - Copying assets... [ERROR] ✔ Copying assets complete. [ERROR] - Generating index html... [ERROR] ✔ Index html generation complete. [INFO] [INFO] Initial Chunk Files | Names | Raw Size | Estimated Transfer Size [INFO] main.e9bc7cf05e280e66.js | main | 1.18 MB | 278.18 kB [INFO] styles.837c714a02c55bf7.css | styles | 222.39 kB | 28.68 kB [INFO] polyfills.2f1d29849d10023b.js | polyfills | 44.45 kB | 13.50 kB [INFO] runtime.a317d8136845bcd6.js | runtime | 1.23 kB | 628 bytes [INFO] [INFO] | Initial Total | 1.44 MB | 320.97 kB [INFO] [INFO] Build at: 2024-07-18T08:23:46.985Z - Hash: 9ff99e88857d2da6 - Time: 39387ms [INFO] [INFO] --- maven-resources-plugin:2.7:resources (default-resources) @ vcmobile-client --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 27 resources [INFO] [INFO] --- frontend-maven-plugin:1.7.6:npm (npmLint) @ vcmobile-client --- [INFO] Skipping execution. [INFO] [INFO] --- frontend-maven-plugin:1.7.6:npm (npmTest) @ vcmobile-client --- [INFO] Skipping execution. [INFO] [INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ vcmobile-client --- [INFO] Building jar: /var/lib/jenkins/workspace/ODC-PLUGIN/client/target/vcmobile-client-1.6.9-SNAPSHOT.jar [INFO] [INFO] ------------------< de.shgruppe.bi.vcmobile:vcmobile >------------------ [INFO] Building BSH-Info Smart Server 1.6.9-SNAPSHOT [2/3] [INFO] --------------------------------[ jar ]--------------------------------- [INFO] [INFO] --- maven-enforcer-plugin:3.0.0-M3:enforce (enforce-project-rules) @ vcmobile --- [INFO] noSnapshotsInDependencyManagement: Skipping since not a release. [INFO] [INFO] --- jacoco-maven-plugin:0.8.4:prepare-agent (default-prepare-agent) @ vcmobile --- [INFO] argLine set to -javaagent:/var/lib/jenkins/local-maven-repo-INT/org/jacoco/org.jacoco.agent/0.8.4/org.jacoco.agent-0.8.4-runtime.jar=destfile=/var/lib/jenkins/workspace/ODC-PLUGIN/server/target/jacoco.exec [INFO] [INFO] --- spring-boot-maven-plugin:2.6.1:build-info (build-info) @ vcmobile --- [INFO] [INFO] --- maven-resources-plugin:3.2.0:resources (default-resources) @ vcmobile --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Using 'UTF-8' encoding to copy filtered properties files. [INFO] Copying 5 resources [INFO] Copying 0 resource [INFO] [INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ vcmobile --- [INFO] Changes detected - recompiling the module! [INFO] Compiling 32 source files to /var/lib/jenkins/workspace/ODC-PLUGIN/server/target/classes [INFO] [INFO] --- maven-resources-plugin:3.2.0:testResources (default-testResources) @ vcmobile --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Using 'UTF-8' encoding to copy filtered properties files. [INFO] Copying 3 resources [INFO] [INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ vcmobile --- [INFO] Changes detected - recompiling the module! [INFO] Compiling 7 source files to /var/lib/jenkins/workspace/ODC-PLUGIN/server/target/test-classes [INFO] [INFO] --- maven-surefire-plugin:2.22.2:test (default-test) @ vcmobile --- [INFO] Tests are skipped. [INFO] [INFO] >>> maven-pmd-plugin:3.11.0:check (default) > :pmd @ vcmobile >>> [INFO] [INFO] --- maven-pmd-plugin:3.11.0:pmd (pmd) @ vcmobile --- [INFO] [INFO] <<< maven-pmd-plugin:3.11.0:check (default) < :pmd @ vcmobile <<< [INFO] [INFO] [INFO] --- maven-pmd-plugin:3.11.0:check (default) @ vcmobile --- [INFO] You have 10 PMD violations. For more details see: /var/lib/jenkins/workspace/ODC-PLUGIN/server/target/pmd.xml [INFO] [INFO] --- maven-jar-plugin:3.1.1:jar (default-jar) @ vcmobile --- [INFO] Building jar: /var/lib/jenkins/workspace/ODC-PLUGIN/server/target/vcmobile-1.6.9-SNAPSHOT.jar [INFO] [INFO] --- spring-boot-maven-plugin:2.6.1:repackage (repackage) @ vcmobile --- [INFO] Replacing main artifact with repackaged archive [INFO] [INFO] --- jacoco-maven-plugin:0.8.4:report (default-report) @ vcmobile --- [INFO] Skipping JaCoCo execution due to missing execution data file. [INFO] [INFO] ----------------< de.shgruppe.bi.vcmobile:vcmobile-pom >---------------- [INFO] Building OWASP-TEST-PIPELINE 1.6.9-SNAPSHOT [3/3] [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- maven-enforcer-plugin:3.0.0-M1:enforce (enforce-project-rules) @ vcmobile-pom --- [INFO] noSnapshotsInDependencyManagement: Skipping since not a release. [INFO] [INFO] --- cyclonedx-maven-plugin:2.8.0:makeAggregateBom (default) @ vcmobile-pom --- [INFO] CycloneDX: Resolving Aggregated Dependencies [WARNING] BOM dependency listed but is not depended upon: pkg:maven/de.shgruppe.bi.vcmobile/vcmobile@1.6.9-SNAPSHOT?type=jar [INFO] CycloneDX: Creating BOM version 1.5 with 79 component(s) [INFO] CycloneDX: Writing and validating BOM (XML): /var/lib/jenkins/workspace/ODC-PLUGIN/target/bom.xml [INFO] attaching as vcmobile-pom-1.6.9-SNAPSHOT-cyclonedx.xml [INFO] CycloneDX: Writing and validating BOM (JSON): /var/lib/jenkins/workspace/ODC-PLUGIN/target/bom.json [INFO] attaching as vcmobile-pom-1.6.9-SNAPSHOT-cyclonedx.json [INFO] [INFO] --- dependency-check-maven:10.0.2:aggregate (default) @ vcmobile-pom --- [INFO] Found snapshot reactor project in aggregate for de.shgruppe.bi.vcmobile:vcmobile-client:1.6.9-SNAPSHOT - creating a virtual dependency as the snapshot found in the repository may contain outdated dependencies. [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 💖 Sponsor: https://github.com/sponsors/jeremylong [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@angular/localize/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@angular/localize/node_modules/@babel/core/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@angular/localize/node_modules/semver/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@angular/localize/node_modules/source-map/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@es-joy/jsdoccomment/node_modules/comment-parser/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@es-joy/jsdoccomment/node_modules/jsdoc-type-pratt-parser/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@es-joy/jsdoccomment/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@popperjs/core/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/experimental-utils/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/comment-parser/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/eslint-plugin-jsdoc/node_modules/@es-joy/jsdoccomment/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/eslint-plugin-jsdoc/node_modules/comment-parser/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/eslint-plugin-jsdoc/node_modules/jsdoc-type-pratt-parser/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/eslint-plugin-jsdoc/node_modules/regextras/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/eslint-plugin-jsdoc/node_modules/spdx-expression-parse/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/eslint-plugin-jsdoc/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/eslint-plugin-jsdoc/node_modules/escape-string-regexp/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/eslint-plugin-prefer-arrow/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/jsdoc-type-pratt-parser/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/karma-chrome-launcher/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/karma-chrome-launcher/node_modules/which/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/regextras/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/spdx-exceptions/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/spdx-expression-parse/node_modules/spdx-exceptions/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/spdx-expression-parse/node_modules/spdx-license-ids/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/spdx-expression-parse/package.json [WARNING] Unable to find node module: /var/lib/jenkins/workspace/ODC-PLUGIN/client/node_modules/spdx-license-ids/package.json [INFO] Finished Node.js Package Analyzer (1 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) [INFO] Finished CPE Analyzer (5 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.logging\.log4j/log4j\-to\-slf4j@.*$, regex=true, caseSensitive=false},cve={CVE-2021-44228,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.logging\.log4j/log4j\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-44228,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.logging\.log4j/log4j\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-44832,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.logging\.log4j/log4j\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-45046,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.logging\.log4j/log4j\-to\-slf4j@.*$, regex=true, caseSensitive=false},cve={CVE-2021-44832,}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (8 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/ODC-PLUGIN/target/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/ODC-PLUGIN/target/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/ODC-PLUGIN/target/dependency-check-report.json [WARNING] One or more dependencies were identified with known vulnerabilities in OWASP-TEST-PIPELINE: async:^2.6.2 (pkg:npm/async@2.6.3, cpe:2.3:a:async_project:async:2.6.3:*:*:*:*:*:*:*) : CVE-2021-43138 decode-uri-component:^0.2.0 (pkg:npm/decode-uri-component@0.2.0, cpe:2.3:a:decode-uri-component_project:decode-uri-component:0.2.0:*:*:*:*:*:*:*) : CVE-2022-38900, CVE-2022-38778 engine.io:~6.1.0 (pkg:npm/engine.io@6.1.0, cpe:2.3:a:socket:engine.io:6.1.0:*:*:*:*:*:*:*) : CVE-2022-21676, CVE-2022-41940, CVE-2023-31125 follow-redirects:^1.0.0 (pkg:npm/follow-redirects@1.14.6, cpe:2.3:a:follow-redirects:follow_redirects:1.14.6:*:*:*:*:*:*:*, cpe:2.3:a:follow-redirects_project:follow-redirects:1.14.6:*:*:*:*:*:*:*) : CVE-2022-0155, CVE-2023-26159, CVE-2022-0536 http-cache-semantics:^4.1.0 (pkg:npm/http-cache-semantics@4.1.0, cpe:2.3:a:http-cache-semantics_project:http-cache-semantics:4.1.0:*:*:*:*:*:*:*) : CVE-2022-25881 ip:^1.1.5 (pkg:npm/ip@1.1.5, cpe:2.3:a:fedorindutny:ip:1.1.5:*:*:*:*:*:*:*) : CVE-2023-42282 jackson-databind-2.13.0.jar (pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.0, cpe:2.3:a:fasterxml:jackson-databind:2.13.0:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.13.0:*:*:*:*:*:*:*) : CVE-2020-36518, CVE-2021-46877, CVE-2022-42003, CVE-2022-42004, CVE-2023-35116 json5:1.0.1 (pkg:npm/json5@1.0.1, cpe:2.3:a:json5:json5:1.0.1:*:*:*:*:*:*:*) : CVE-2022-46175 json5:^2.1.2 (pkg:npm/json5@2.2.0, cpe:2.3:a:json5:json5:2.2.0:*:*:*:*:*:*:*) : CVE-2022-46175 jsrsasign:10.5.1 (pkg:npm/jsrsasign@10.5.1, cpe:2.3:a:jsrsasign_project:jsrsasign:10.5.1:*:*:*:*:*:*:*) : CVE-2022-25898, CVE-2024-21484 jszip:^3.1.3 (pkg:npm/jszip@3.7.1, cpe:2.3:a:jszip_project:jszip:3.7.1:*:*:*:*:*:*:*) : CVE-2022-48285 karma:6.3.9 (pkg:npm/karma@6.3.9, cpe:2.3:a:karma_project:karma:6.3.9:*:*:*:*:*:*:*) : CVE-2021-23495, CVE-2022-0437 loader-utils:1.4.0 (pkg:npm/loader-utils@1.4.0, cpe:2.3:a:webpack.js:loader-utils:1.4.0:*:*:*:*:*:*:*) : CVE-2022-37601, CVE-2022-37599, CVE-2022-37603 loader-utils:2.0.2 (pkg:npm/loader-utils@2.0.2, cpe:2.3:a:webpack.js:loader-utils:2.0.2:*:*:*:*:*:*:*) : CVE-2022-37601, CVE-2022-37599, CVE-2022-37603 loader-utils:3.2.0 (pkg:npm/loader-utils@3.2.0, cpe:2.3:a:webpack.js:loader-utils:3.2.0:*:*:*:*:*:*:*) : CVE-2022-37599, CVE-2022-37603 log4js:6.3.0 (pkg:npm/log4js@6.3.0, cpe:2.3:a:log4js_project:log4js:6.3.0:*:*:*:*:*:*:*) : CVE-2022-21704 logback-core-1.2.7.jar (pkg:maven/ch.qos.logback/logback-core@1.2.7, cpe:2.3:a:qos:logback:1.2.7:*:*:*:*:*:*:*) : CVE-2023-6378, CVE-2021-42550 minimatch:^3.0.4 (pkg:npm/minimatch@3.0.4, cpe:2.3:a:minimatch_project:minimatch:3.0.4:*:*:*:*:*:*:*) : CVE-2022-3517 minimist:^1.2.0 (pkg:npm/minimist@1.2.5, cpe:2.3:a:substack:minimist:1.2.5:*:*:*:*:*:*:*) : CVE-2021-44906 moment:2.29.1 (pkg:npm/moment@2.29.1, cpe:2.3:a:momentjs:moment:2.29.1:*:*:*:*:*:*:*) : CVE-2022-24785, CVE-2022-31129 nanoid:^3.1.30 (pkg:npm/nanoid@3.1.30, cpe:2.3:a:nanoid_project:nanoid:3.1.30:*:*:*:*:*:*:*) : CVE-2021-23566 nimbus-jose-jwt-9.14.jar/META-INF/maven/net.minidev/json-smart/pom.xml (pkg:maven/net.minidev/json-smart@2.4.7, cpe:2.3:a:json-smart_project:json-smart:2.4.7:*:*:*:*:*:*:*, cpe:2.3:a:json-smart_project:json-smart-v2:2.4.7:*:*:*:*:*:*:*) : CVE-2023-1370 postcss:7.0.39 (pkg:npm/postcss@7.0.39, cpe:2.3:a:postcss:postcss:7.0.39:*:*:*:*:*:*:*) : CVE-2023-44270 postcss:8.4.4 (pkg:npm/postcss@8.4.4, cpe:2.3:a:postcss:postcss:8.4.4:*:*:*:*:*:*:*) : CVE-2023-44270 qs:6.5.2 (pkg:npm/qs@6.5.2, cpe:2.3:a:qs_project:qs:6.5.2:*:*:*:*:*:*:*) : CVE-2022-24999 qs:6.9.6 (pkg:npm/qs@6.9.6, cpe:2.3:a:qs_project:qs:6.9.6:*:*:*:*:*:*:*) : CVE-2022-24999 snakeyaml-1.29.jar (pkg:maven/org.yaml/snakeyaml@1.29, cpe:2.3:a:snakeyaml_project:snakeyaml:1.29:*:*:*:*:*:*:*) : CVE-2022-1471, CVE-2022-25857, CVE-2022-38749, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854, CVE-2022-38750 socket.io-parser:4.0.4 (pkg:npm/socket.io-parser@4.0.4, cpe:2.3:a:socket:socket.io-parser:4.0.4:*:*:*:*:*:*:*) : CVE-2022-2421, CVE-2023-32695 spring-boot-2.6.1.jar (pkg:maven/org.springframework.boot/spring-boot@2.6.1, cpe:2.3:a:vmware:spring_boot:2.6.1:*:*:*:*:*:*:*) : CVE-2023-20873, CVE-2023-20883 spring-boot-devtools-2.6.1.jar (pkg:maven/org.springframework.boot/spring-boot-devtools@2.6.1, cpe:2.3:a:vmware:spring_boot:2.6.1:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_boot_tools:2.6.1:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_tools:2.6.1:*:*:*:*:*:*:*) : CVE-2023-20873, CVE-2023-20883 spring-boot-starter-web-2.6.1.jar (pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.1, cpe:2.3:a:vmware:spring_boot:2.6.1:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:2.6.1:*:*:*:*:*:*:*) : CVE-2023-20873, CVE-2023-20883 spring-core-5.3.13.jar (pkg:maven/org.springframework/spring-core@5.3.13, cpe:2.3:a:pivotal_software:spring_framework:5.3.13:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.13:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.13:*:*:*:*:*:*:*) : CVE-2022-22965, CVE-2023-20860, CVE-2022-22950, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863, CVE-2022-22968, CVE-2022-22970, CVE-2021-22060 spring-security-core-5.6.0.jar (pkg:maven/org.springframework.security/spring-security-core@5.6.0, cpe:2.3:a:pivotal_software:spring_security:5.6.0:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_security:5.6.0:*:*:*:*:*:*:*) : CVE-2022-22978, CVE-2022-31692, CVE-2023-34034, CVE-2022-31690, CVE-2022-22976 spring-security-oauth2-resource-server-5.6.0.jar (pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@5.6.0, cpe:2.3:a:pivotal:spring_security_oauth:5.6.0:*:*:*:*:*:*:*, cpe:2.3:a:pivotal_software:spring_security:5.6.0:*:*:*:*:*:*:*, cpe:2.3:a:pivotal_software:spring_security_oauth:5.6.0:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_security:5.6.0:*:*:*:*:*:*:*) : CVE-2022-22978, CVE-2022-31692, CVE-2023-34034, CVE-2022-31690, CVE-2022-22976 spring-security-web-5.6.0.jar (pkg:maven/org.springframework.security/spring-security-web@5.6.0, cpe:2.3:a:pivotal_software:spring_security:5.6.0:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_security:5.6.0:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:5.6.0:*:*:*:*:*:*:*) : CVE-2022-22978, CVE-2022-31692, CVE-2023-34034, CVE-2022-31690, CVE-2022-22976 spring-web-5.3.13.jar (pkg:maven/org.springframework/spring-web@5.3.13, cpe:2.3:a:pivotal_software:spring_framework:5.3.13:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.13:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.13:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:5.3.13:*:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2022-22965, CVE-2023-20860, CVE-2022-22950, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863, CVE-2022-22968, CVE-2022-22970, CVE-2021-22060 spring-webmvc-5.3.13.jar (pkg:maven/org.springframework/spring-webmvc@5.3.13, cpe:2.3:a:pivotal_software:spring_framework:5.3.13:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.13:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.13:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:5.3.13:*:*:*:*:*:*:*) : CVE-2022-22965, CVE-2023-20860, CVE-2022-22950, CVE-2022-22971, CVE-2023-20861, CVE-2023-20863, CVE-2022-22968, CVE-2022-22970, CVE-2021-22060 terser:^5.7.2 (pkg:npm/terser@5.10.0, cpe:2.3:a:terser:terser:5.10.0:*:*:*:*:*:*:*) : CVE-2022-25858 tomcat-embed-core-9.0.55.jar (pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.55, cpe:2.3:a:apache:tomcat:9.0.55:*:*:*:*:*:*:*, cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.55:*:*:*:*:*:*:*) : CVE-2022-29885, CVE-2022-42252, CVE-2022-45143, CVE-2023-44487, CVE-2023-46589, CVE-2022-23181, CVE-2022-34305, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708, CVE-2021-43980 tough-cookie:2.5.0 (pkg:npm/tough-cookie@2.5.0, cpe:2.3:a:salesforce:tough-cookie:2.5.0:*:*:*:*:*:*:*) : CVE-2023-26136 ua-parser-js:0.7.31 (pkg:npm/ua-parser-js@0.7.31, cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.31:*:*:*:*:*:*:*) : CVE-2022-25927 webpack:5.65.0 (pkg:npm/webpack@5.65.0, cpe:2.3:a:webpack.js:webpack:5.65.0:*:*:*:*:*:*:*) : CVE-2023-28154 word-wrap:1.2.3 (pkg:npm/word-wrap@1.2.3, cpe:2.3:a:word-wrap_project:word-wrap:1.2.3:*:*:*:*:*:*:*) : CVE-2023-26115 xml2js:0.4.23 (pkg:npm/xml2js@0.4.23, cpe:2.3:a:xml2js_project:xml2js:0.4.23:*:*:*:*:*:*:*) : CVE-2023-0842 See the dependency-check report for more details. [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary for OWASP-TEST-PIPELINE 1.6.9-SNAPSHOT: [INFO] [INFO] BSH-Info Smart Client .............................. SUCCESS [ 58.876 s] [INFO] BSH-Info Smart Server .............................. SUCCESS [ 7.400 s] [INFO] OWASP-TEST-PIPELINE ................................ SUCCESS [ 16.065 s] [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 01:25 min [INFO] Finished at: 2024-07-18T10:24:13+02:00 [INFO] ------------------------------------------------------------------------ Waiting for Jenkins to finish collecting data [JENKINS] Archiving /var/lib/jenkins/workspace/ODC-PLUGIN/pom.xml to de.shgruppe.bi.vcmobile/vcmobile-pom/1.6.9-SNAPSHOT/vcmobile-pom-1.6.9-SNAPSHOT.pom [JENKINS] Archiving /var/lib/jenkins/workspace/ODC-PLUGIN/target/bom.xml to de.shgruppe.bi.vcmobile/vcmobile-pom/1.6.9-SNAPSHOT/vcmobile-pom-1.6.9-SNAPSHOT-cyclonedx.xml [JENKINS] Archiving /var/lib/jenkins/workspace/ODC-PLUGIN/target/bom.json to de.shgruppe.bi.vcmobile/vcmobile-pom/1.6.9-SNAPSHOT/vcmobile-pom-1.6.9-SNAPSHOT-cyclonedx.json [JENKINS] Archiving /var/lib/jenkins/workspace/ODC-PLUGIN/server/pom.xml to de.shgruppe.bi.vcmobile/vcmobile/1.6.9-SNAPSHOT/vcmobile-1.6.9-SNAPSHOT.pom [JENKINS] Archiving /var/lib/jenkins/workspace/ODC-PLUGIN/server/target/vcmobile-1.6.9-SNAPSHOT.jar to de.shgruppe.bi.vcmobile/vcmobile/1.6.9-SNAPSHOT/vcmobile-1.6.9-SNAPSHOT.jar [JENKINS] Archiving /var/lib/jenkins/workspace/ODC-PLUGIN/client/pom.xml to de.shgruppe.bi.vcmobile/vcmobile-client/1.6.9-SNAPSHOT/vcmobile-client-1.6.9-SNAPSHOT.pom [JENKINS] Archiving /var/lib/jenkins/workspace/ODC-PLUGIN/client/target/vcmobile-client-1.6.9-SNAPSHOT.jar to de.shgruppe.bi.vcmobile/vcmobile-client/1.6.9-SNAPSHOT/vcmobile-client-1.6.9-SNAPSHOT.jar channel stopped WARN: Unable to locate 'report-task.txt' in the workspace. Did the SonarScanner succeed? Collecting Dependency-Check artifact Parsing file /var/lib/jenkins/workspace/ODC-PLUGIN/target/dependency-check-report.xml ERROR: Unable to parse /var/lib/jenkins/workspace/ODC-PLUGIN/target/dependency-check-report.xml Email was triggered for: Always Sending email for trigger: Always Sending email to: XXX Finished: SUCCESS