DependencyCheck: NPE during aggregate check in a multi module project
Describe the bug
NPE during aggregate check in a multi module project
Version of dependency-check used
Maven-Plugin:
- 6.3.2 has the error
- 6.3.1 doesn’t have the error
Log file
Stacktrace (Click to expand)
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.3.2:aggregate (aggregate) on project gui-base: Execution aggregate of goal org.owasp:dependency-check-maven:6.3.2:aggregate failed.: NullPointerException -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.owasp:dependency-check-maven:6.3.2:aggregate (aggregate) on project gui-base: Execution aggregate of goal org.owasp:dependency-check-maven:6.3.2:aggregate failed.
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.apache.maven.plugin.PluginExecutionException: Execution aggregate of goal org.owasp:dependency-check-maven:6.3.2:aggregate failed.
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:148)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: java.lang.NullPointerException
at org.apache.maven.shared.artifact.filter.resolve.transform.EclipseAetherFilterTransformer$2.accept (EclipseAetherFilterTransformer.java:152)
at org.eclipse.aether.util.filter.AndDependencyFilter.accept (AndDependencyFilter.java:83)
at org.eclipse.aether.util.filter.OrDependencyFilter.accept (OrDependencyFilter.java:81)
at org.eclipse.aether.util.graph.visitor.FilteringDependencyVisitor.visitEnter (FilteringDependencyVisitor.java:80)
at org.eclipse.aether.util.graph.visitor.TreeDependencyVisitor.visitEnter (TreeDependencyVisitor.java:67)
at org.eclipse.aether.graph.DefaultDependencyNode.accept (DefaultDependencyNode.java:343)
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveDependencies (DefaultRepositorySystem.java:332)
at org.apache.maven.shared.transfer.dependencies.resolve.internal.Maven31DependencyResolver.resolveDependencies (Maven31DependencyResolver.java:216)
at org.apache.maven.shared.transfer.dependencies.resolve.internal.Maven31DependencyResolver.resolveDependencies (Maven31DependencyResolver.java:198)
at org.apache.maven.shared.transfer.dependencies.resolve.internal.DefaultDependencyResolver.resolveDependencies (DefaultDependencyResolver.java:60)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.collectMavenDependencies (BaseDependencyCheckMojo.java:1328)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.collectDependencies (BaseDependencyCheckMojo.java:1467)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.scanArtifacts (BaseDependencyCheckMojo.java:1114)
at org.owasp.dependencycheck.maven.AggregateMojo.scanDependencies (AggregateMojo.java:73)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1719)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:966)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[ERROR]
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
To Reproduce
Run the aggregate goal in a multi module project.
Expected behavior
No exception
Additional context Add any other context about the problem here.
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 11
- Comments: 24 (6 by maintainers)
I ran into the same issue. The branch
bug/dependency-check-maven-6.3.2-npeof the repository acanda/spring-banner-plugin contains a small Maven project that reproduces the issue when you runmvn clean verify -X. The NPE does not occur with 6.3.1.The NPE occurs with both Maven 3.6.3 and 3.8.2:
The fix will be released - hopefully Friday morning (US Eastern).
The fix will be in the next release - just finishing up testing.
Registered https://issues.apache.org/jira/browse/MSHARED-998
@viktor-thell-seal Definitely want to include a test to ensure this doesn’t surface again in future. Still looking to see if we can change our internal resolution approach to mitigate the issue without requiring a fix in the maven shared utilities. No experience on my side regarding timelines for a fix in maven.
Could you leave this issue open untill it is solved? I ran into the same issue and could not find this ticket. Probably many others will experience the same.
Nothing to do with aggregates or multi-module. I get the same NPE stacktrace running check on a single regular project.