Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-2957

Fix OWASP Checks on ASF Jenkins Environment

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 7.0.9, 7.1.4, 8.0.5, 8.0.6
    • Fix Version/s: 7.0.10, 7.1.5, 8.0.7, 8.0.8
    • Component/s: TomEE Build
    • Labels:
      None
    • Environment:

      Description

      Jenkins build for the "master-owasp-check" failed due to an unresolveable maven property `maven.multiModuleProjectDirectory` [1].

       
      [ERROR] Unable to create an Input Stream for ${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xmljava.io.FileNotFoundException: ${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml (No such file or directory)
      at java.io.FileInputStream.open0 (Native Method)
      at java.io.FileInputStream.open (FileInputStream.java:195)
      at java.io.FileInputStream.<init> (FileInputStream.java:138)
      at java.io.FileInputStream.<init> (FileInputStream.java:93)
      at org.owasp.dependencycheck.utils.FileUtils.getResourceAsStream (FileUtils.java:166)
      at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionFile (AbstractSuppressionAnalyzer.java:218)
      at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionData (AbstractSuppressionAnalyzer.java:132)
      at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:103)
      at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102)
      at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:781)
      at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:617)
      at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1620)
      at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:889)
      at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
      at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
      at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
      at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
      at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
      at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
      at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
      at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
      at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
      at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
      at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
      at org.jvnet.hudson.maven3.launcher.Maven35Launcher.main (Maven35Launcher.java:130)
      at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke (Method.java:498)
      at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
      at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
      at jenkins.maven3.agent.Maven35Main.launch (Maven35Main.java:178)
      at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke (Method.java:498)
      at hudson.maven.Maven3Builder.call (Maven3Builder.java:139)
      at hudson.maven.Maven3Builder.call (Maven3Builder.java:70)
      at hudson.remoting.UserRequest.perform (UserRequest.java:211)
      at hudson.remoting.UserRequest.perform (UserRequest.java:54)
      at hudson.remoting.Request$2.run (Request.java:369)
      at hudson.remoting.InterceptingExecutorService$1.call (InterceptingExecutorService.java:72)
      at java.util.concurrent.FutureTask.run (FutureTask.java:266)
      at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624)
      at java.lang.Thread.run (Thread.java:748)[WARNING] Suppression file '${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml' does not exist[ERROR] Exception occurred initializing Vulnerability Suppression Analyzer.[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
      [INFO] Finished Dependency Bundling Analyzer (0 seconds)
      [INFO] Analysis Complete (3 seconds)
       

      [1] https://ci-builds.apache.org/job/Tomee/job/master-owasp-check/20/console

        Attachments

          Activity

            People

            • Assignee:
              rzo1 Richard Zowalla
              Reporter:
              rzo1 Richard Zowalla
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: