Stack Overflow
Stack Overflow

Questions tagged [maven-dependency-check-plugin]

22 questions
12
votes
1 answer

How to ignore Maven dependency-check failure on missing nvd file

I tried to perform a release of my project today using the Maven release plugin. It failed due to the dependency-check-maven plugin's attempt to download the 2020 version of the CVD file, which hasn't yet been uploaded: Unable to download meta…
Daniel Widdis
  • 8,424
  • 13
  • 41
  • 63
4
votes
2 answers

Facing the SSLHandshakeException while running the OWASP dependency checker in jenkin

Error: 15:35:18 [ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta 15:35:18 [ERROR] caused by DownloadFailedException: Download failed, unable to retrieve…
Madhavaraman
  • 51
  • 1
  • 7
4
votes
2 answers

Disable modules in owasp dependency-check maven plugin

In my project I use dependency-check-maven to run OWASP verifications. Project contains several java modules and a front end module. Configuration in pom is basic one like this org.owasp
Vitalii
  • 10,091
  • 18
  • 83
  • 151
4
votes
1 answer

How to resolve proxy issue in owasp dependency check?

I ran the below command to run the dependency check under a proxy server. ./dependency-check.sh \ --scan test/sample.jar \ --project test_owasp \ --out test/output \ It gives me the following output: [DependencyCheck] [ERROR] Unable…
Kanaga Manikandan Gopal
  • 141
  • 2
  • 3
  • 9
3
votes
0 answers

Jenkinsfile pipeline with DependenceCheck fail with RetireJS checking

Error as below: [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 29.902 s [INFO] Finished at: 2021-01-21T09:58:57+08:00 [INFO]…
CloudNativeLab
  • 43
  • 5
2
votes
1 answer

What to do when Owasp dependency finds vulnerabilities

I want to ask, that what to do when Owasp dependency-check finds vulnerabilities. I've recently deployed to a project and I'm a fresher, so I don't know what to do. I've got a list of dependency those are vulnerabilities so how to find the stable…
Vignesh Gupta
  • 21
  • 1
2
votes
1 answer

How to detect the depenency check vulnerabilities on sonarqube?

I'm trying to run dependency check on sonarqube through jenkins using dependency check plugin. I'm able to generate report. but its not showing on sonarqube in vulnerability section. it says 0 vulnerabilities. I also installed dependency check…
Sreekanth Chityala
  • 47
  • 4
1
vote
1 answer

dependency-check-maven - suppression not working

I'm trying to whitelist certain libraries where the risk has been acknowledged - ideally I'd like to do this from inside the pom.xml itself, but it appears this isn't possible. I've created a simple project with a dependency (H2) which has an…
Jakg
  • 922
  • 12
  • 39
1
vote
2 answers

An error occurred while analyzing 'package-lock.json' (Node Audit Analyzer)

I try to use dependency-check-maven in every test build job in Jenkins: mvn org.owasp:dependency-check-maven:6.2.2:aggregate -DskipSystemScope=true -Dformat=ALL -DprettyPrint=true -DcentralAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false…
Maciej Szymonowicz
  • 603
  • 1
  • 6
  • 18
1
vote
0 answers

OWASP Dependency-check does not scan any issue with Jenkins pipeline but freestyle job

I am running OWASP dependency-check in Jenkins. However, when i run it with Jenkins freestyle job, it shows 2 vulnerabilities from the report. But with the same source code, i run it with Jenkin pipeline, it shows the report, but 0…
Viet Nguyen
  • 83
  • 1
  • 8
1
vote
1 answer

dependency-check: retry mechanism for Sonatype OSS Index Analyser

I have temporary problems with the Sonatype OSS index analyser. I am very sure that it is due to our proxy in the company I have to go through. Some of the requests fail: 15:25:48 13:25:48.165 [WARN] [org.owasp.dependencycheck.AnalysisTask] An…
FrankS77
  • 271
  • 4
  • 17
0
votes
1 answer

Dependency-Check Offline Issue (mvn -o)

I am currently facing a challenge with running the Dependency-Check plugin in offline mode using "mvn -o." Although I have mirrored all external resources locally, I encounter an issue that prevents successful execution. The specific error message…
badr dahmane
  • 1
0
votes
1 answer

security issues analysis via mvn dependency-check:check and better report

Within maven project, I can do mvn dependency-check:check for the tools to download NVD CVE security issues database, analyze and show report, what dependencies have known security issues. However, as solution would be update several dependencies…
Paul Verest
  • 60,022
  • 51
  • 208
  • 332
0
votes
1 answer

SonarQube Dependency-check plugin not generating report

I installed dependency-check plugin in sonarqube but report is not generating, it says no HTML report found. Dependency-Check error message I'm trying to install dependency-check plugin in sonarqube to get dependency report. I installed plugin in…
Santhosh
  • 1
0
votes
0 answers

System Security - Manually Identifying Vulnerabilities

Refer to the seven security areas outlined in the Vulnerability Assessment Process Flow Diagram. Use what you’ve learned in steps 1 and 2 to guide your manual review. Identify all vulnerabilities in the Project One Code Base, linked in Supporting…
Premsanity
  • 1
  • 4
1
2