DependencyCheck: Exception occurred initializing RetireJS Analyzer when using gradle plugin

Describe the bug I get error “Exception occurred initializing RetireJS Analyzer” when running ./gradlew dependencyCheckAnalyze

Version of dependency-check used latest.release version of the Gradle plugin which at the time of writing is 8.4.2

Log file

./gradlew dependencyCheckAnalyze 

> Task :dependencyCheckAnalyze
Verifying dependencies for project switchboard
Checking for updates and analyzing dependencies for vulnerabilities
Exception occurred initializing RetireJS Analyzer.

Region [NODEAUDIT] : Not alive and dispose was called, filename: NODEAUDIT
Region [CENTRAL] : Not alive and dispose was called, filename: CENTRAL
Region [POM] : Not alive and dispose was called, filename: POM

To Reproduce Run ./gradlew dependencyCheckAnalyze

Expected behavior It should run the dependency check

Additional context My build.gradle.kts file:

plugins {
	val kotlinVersion = "1.9.10"
	id("org.springframework.boot") version "3.1.5"
	id("io.spring.dependency-management") version "1.1.3"
	id("org.owasp.dependencycheck") version "latest.release"
	kotlin("jvm") version kotlinVersion
	kotlin("plugin.spring") version kotlinVersion
}

repositories {
	mavenCentral()
	maven {
		setUrl("https://jitpack.io")
	}
}

dependencies {
	...
}

kotlin {
	jvmToolchain(17)
}

dependencyCheck {
    failBuildOnCVSS = 4f
    failOnError = true
    suppressionFile = "config/dependency-check-suppressions.xml"
	analyzers.assemblyEnabled = false
}

About this issue

  • Original URL
  • State: closed
  • Created 8 months ago
  • Reactions: 2
  • Comments: 18 (2 by maintainers)

Most upvoted comments

@anabright

They’ve just fixed it. Tickets can be closed

It’s still happening for me

https://github.com/jeremylong/DependencyCheck/blob/0a43232db2cc772c2f2ada6e7111891484132191/core/src/main/resources/dependencycheck.properties#L126 since you’re probably having the invalid version and DC does not update it since it was cached since less then 24 hours you got three options

  1. running task dependencyCheckPurge and dependencyCheckUpdate as suggested in the issue #6029
  2. rm jsrepository.json
  3. setting the argument at line 126 to 1

good luck

+4
Marx314 on Nov 1, 2023

I just enter a new issue on that subject on the Retire.js repo: https://github.com/RetireJS/retire.js/issues/423

I think the last commit on this project is missing an infoproperty

+4
aurelien-baudin on Oct 31, 2023

They’ve just fixed it. Tickets can be closed

It’s still happening for me

+3
anabright on Nov 1, 2023

I think this one can probably be closed now @anabright?

+2
chadlwilson on Dec 6, 2023

FYI I’ve been able to use the following to get past the error today using the maven CLI (have to both force the update and override the url to use the previous version of the RetireJs jsrepository.json before the latest commit from earlier today)

mvn -DskipTests org.owasp:dependency-check-maven:check -DfailBuildOnCVSS=8.5 -DretireJsForceUpdate=true -DretireJsUrl=https://raw.githubusercontent.com/RetireJS/retire.js/0fe12bb575eda270536dc0ce47fca0dd17b6ab33/repository/jsrepository.json

+2
ddjonline on Oct 31, 2023

They’ve just fixed it. Tickets can be closed

+1
aurelien-baudin on Nov 1, 2023

You can utilize the retireJsUrl configuration property to set the download URL to the last working commit, should be https://raw.githubusercontent.com/RetireJS/retire.js/0fe12bb575eda270536dc0ce47fca0dd17b6ab33/repository/jsrepository.json

+1
RikuXan on Oct 31, 2023
Read more comments on GitHub
← DependencyCheck: Error reading CPE data
DependencyCheck: ExecutionException/NullPointer on Update →