DependencyCheck: org.owasp.dependencycheck.analyzer.PinnedMavenInstallAnalyzer could not be instantiated
Describe the bug
My build crashes with a dependency check specific exception.
Version of dependency-check used
The problem occurs using version 7.4.1 of the org.owasp.dependencycheck (gradle plugin) and jdk 17.0.5
Log file
With release 7.4.1
./gradlew --console plain --parallel dependencyCheckAnalyze --stacktrace
> Task :buildSrc:compileKotlin UP-TO-DATE
> Task :buildSrc:compileJava NO-SOURCE
> Task :buildSrc:compileGroovy NO-SOURCE
> Task :buildSrc:pluginDescriptors UP-TO-DATE
> Task :buildSrc:processResources UP-TO-DATE
> Task :buildSrc:classes UP-TO-DATE
> Task :buildSrc:inspectClassesForKotlinIC UP-TO-DATE
> Task :buildSrc:jar UP-TO-DATE
> Task :buildSrc:assemble UP-TO-DATE
> Task :buildSrc:compileTestKotlin NO-SOURCE
> Task :buildSrc:pluginUnderTestMetadata UP-TO-DATE
> Task :buildSrc:compileTestJava NO-SOURCE
> Task :buildSrc:compileTestGroovy NO-SOURCE
> Task :buildSrc:processTestResources NO-SOURCE
> Task :buildSrc:testClasses UP-TO-DATE
> Task :buildSrc:test NO-SOURCE
> Task :buildSrc:validatePlugins UP-TO-DATE
> Task :buildSrc:check UP-TO-DATE
> Task :buildSrc:build UP-TO-DATE
> Task :dependencyCheckAnalyze FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':dependencyCheckAnalyze'.
> org.owasp.dependencycheck.analyzer.Analyzer: Provider org.owasp.dependencycheck.analyzer.PinnedMavenInstallAnalyzer could not be instantiated
* Try:
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
* Exception is:
org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':dependencyCheckAnalyze'.
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.lambda$executeIfValid$1(ExecuteActionsTaskExecuter.java:142)
at org.gradle.internal.Try$Failure.ifSuccessfulOrElse(Try.java:282)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:140)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:128)
at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:77)
at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46)
at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:51)
at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57)
at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:56)
at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199)
at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66)
at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59)
at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52)
at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:69)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:327)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:314)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:307)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:293)
at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:420)
at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:342)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48)
Caused by: java.util.ServiceConfigurationError: org.owasp.dependencycheck.analyzer.Analyzer: Provider org.owasp.dependencycheck.analyzer.PinnedMavenInstallAnalyzer could not be instantiated
at org.owasp.dependencycheck.analyzer.AnalyzerService.getAnalyzers(AnalyzerService.java:103)
at org.owasp.dependencycheck.Engine.loadAnalyzers(Engine.java:233)
at org.owasp.dependencycheck.Engine.initializeEngine(Engine.java:201)
at org.owasp.dependencycheck.Engine.<init>(Engine.java:190)
at org.owasp.dependencycheck.Engine.<init>(Engine.java:165)
at org.owasp.dependencycheck.Engine.<init>(Engine.java:155)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at org.owasp.dependencycheck.gradle.tasks.AbstractAnalyze.analyze(AbstractAnalyze.groovy:75)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:125)
at org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58)
at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:51)
at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:29)
at org.gradle.api.internal.tasks.execution.TaskExecution$3.run(TaskExecution.java:236)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26)
at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66)
at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59)
at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:47)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:68)
at org.gradle.api.internal.tasks.execution.TaskExecution.executeAction(TaskExecution.java:221)
at org.gradle.api.internal.tasks.execution.TaskExecution.executeActions(TaskExecution.java:204)
at org.gradle.api.internal.tasks.execution.TaskExecution.executeWithPreviousOutputFiles(TaskExecution.java:187)
at org.gradle.api.internal.tasks.execution.TaskExecution.execute(TaskExecution.java:165)
at org.gradle.internal.execution.steps.ExecuteStep.executeInternal(ExecuteStep.java:89)
at org.gradle.internal.execution.steps.ExecuteStep.access$000(ExecuteStep.java:40)
at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:53)
at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:50)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199)
at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66)
at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59)
at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73)
at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:50)
at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:40)
at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:68)
at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:38)
at org.gradle.internal.execution.steps.CancelExecutionStep.execute(CancelExecutionStep.java:41)
at org.gradle.internal.execution.steps.TimeoutStep.executeWithoutTimeout(TimeoutStep.java:74)
at org.gradle.internal.execution.steps.TimeoutStep.execute(TimeoutStep.java:55)
at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:51)
at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:29)
at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.executeDelegateBroadcastingChanges(CaptureStateAfterExecutionStep.java:124)
at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:80)
at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:58)
at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:48)
at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:36)
at org.gradle.internal.execution.steps.BuildCacheStep.executeWithoutCache(BuildCacheStep.java:181)
at org.gradle.internal.execution.steps.BuildCacheStep.lambda$execute$1(BuildCacheStep.java:71)
at org.gradle.internal.Either$Right.fold(Either.java:175)
at org.gradle.internal.execution.caching.CachingState.fold(CachingState.java:59)
at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:69)
at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:47)
at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:36)
at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:25)
at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:36)
at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:22)
at org.gradle.internal.execution.steps.SkipUpToDateStep.executeBecause(SkipUpToDateStep.java:110)
at org.gradle.internal.execution.steps.SkipUpToDateStep.lambda$execute$2(SkipUpToDateStep.java:56)
at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:56)
at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:38)
at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:73)
at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:44)
at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:37)
at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:27)
at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:89)
at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:50)
at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:114)
at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:57)
at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:76)
at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:50)
at org.gradle.internal.execution.steps.SkipEmptyWorkStep.executeWithNoEmptySources(SkipEmptyWorkStep.java:254)
at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:91)
at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:56)
at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:32)
at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:21)
at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsStartedStep.execute(MarkSnapshottingInputsStartedStep.java:38)
at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:43)
at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:31)
at org.gradle.internal.execution.steps.AssignWorkspaceStep.lambda$execute$0(AssignWorkspaceStep.java:40)
at org.gradle.api.internal.tasks.execution.TaskExecution$4.withWorkspace(TaskExecution.java:281)
at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:40)
at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:30)
at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:37)
at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:27)
at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:44)
at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:33)
at org.gradle.internal.execution.impl.DefaultExecutionEngine$1.execute(DefaultExecutionEngine.java:76)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:139)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:128)
at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:77)
at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46)
at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:51)
at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57)
at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:56)
at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199)
at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66)
at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59)
at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52)
at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:69)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:327)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:314)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:307)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:293)
at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:420)
at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:342)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48)
Caused by: java.lang.NoClassDefFoundError: Could not initialize class org.owasp.dependencycheck.analyzer.PinnedMavenInstallAnalyzer
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
... 126 more
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
See https://docs.gradle.org/7.5.1/userguide/command_line_interface.html#sec:command_line_warnings
BUILD FAILED in 1s
8 actionable tasks: 1 executed, 7 up-to-date
To Reproduce
have have no idea
Expected behavior
Gradle should just not crash 😃
Additional context
A excerpt of my build.gradle.kts:
plugins {
id "org.jetbrains.kotlin.jvm" version "${kotlinVersion}"
id "org.jetbrains.kotlin.kapt" version "${kotlinVersion}"
id "org.jetbrains.kotlin.plugin.allopen" version "${kotlinVersion}"
id "org.jetbrains.kotlin.plugin.jpa" version "${kotlinVersion}"
id "com.github.johnrengelman.shadow" version "7.1.2"
id "com.github.ben-manes.versions" version "0.42.0"
id "io.micronaut.application" version "2.0.8"
id "jacoco"
id "org.liquibase.gradle" version "2.1.1"
id "com.adarshr.test-logger" version "3.2.0"
id "com.github.jk1.dependency-license-report" version "2.0"
id "com.diffplug.spotless" version "6.8.0"
id "org.sonarqube" version "3.4.0.2513"
id "org.owasp.dependencycheck" version "7.4.1"
}
...
dependencyCheck {
format='HTML'
}
...
dependencies {
compileOnly 'org.jetbrains:annotations:23.0.0'
kapt("io.micronaut:micronaut-http-validation")
implementation("io.micronaut:micronaut-http-client")
implementation("io.micronaut:micronaut-runtime")
implementation("io.micronaut.kotlin:micronaut-kotlin-runtime")
implementation("io.micronaut.sql:micronaut-jdbc-hikari")
implementation("org.jetbrains.kotlin:kotlin-reflect:${kotlinVersion}")
implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}")
implementation("io.micronaut:micronaut-inject")
implementation("io.micronaut:micronaut-validation")
implementation("io.micronaut.micrometer:micronaut-micrometer-core")
implementation("io.micronaut.micrometer:micronaut-micrometer-registry-jmx")
implementation("io.swagger.core.v3:swagger-annotations:2.2.0")
implementation("io.micronaut:micronaut-management")
implementation("io.micronaut.security:micronaut-security-jwt")
implementation("io.micronaut.kotlin:micronaut-kotlin-extension-functions")
implementation("io.micronaut.rabbitmq:micronaut-rabbitmq")
implementation("io.micronaut.cache:micronaut-cache-caffeine")
implementation("io.micronaut.nats:micronaut-nats")
implementation("com.maginatics:jdbclint:0.5.0")
implementation("io.micronaut.reactor:micronaut-reactor")
implementation("io.projectreactor.addons:reactor-extra:3.4.8")
implementation("io.projectreactor.kotlin:reactor-kotlin-extensions:1.1.6")
implementation('io.micronaut.reactor:micronaut-reactor-http-client')
runtimeOnly("com.fasterxml.jackson.module:jackson-module-kotlin:2.13.3")
developmentOnly("io.micronaut:micronaut-runtime-osx")
developmentOnly("net.java.dev.jna:jna:5.11.0")
developmentOnly("io.methvin:directory-watcher:0.15.1")
kapt("io.micronaut:micronaut-inject-java")
kapt("io.micronaut:micronaut-validation")
kapt("io.micronaut.openapi:micronaut-openapi")
implementation("io.micronaut:micronaut-runtime")
implementation("javax.annotation:javax.annotation-api")
implementation("io.sentry:sentry:4.3.0")
implementation("io.sentry:sentry-logback:4.3.0")
implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.13.0")
implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
implementation("net.logstash.logback:logstash-logback-encoder:6.6")
implementation("ch.qos.logback:logback-classic")
runtimeOnly("org.postgresql:postgresql:$postgresVersion")
runtimeOnly("io.micronaut.sql:micronaut-jdbc-hikari")
runtimeOnly("io.netty:netty-transport-native-epoll:linux-x86_64")
implementation("io.minio:minio:8.4.1")
implementation 'xmlpull:xmlpull:1.1.3.1' // TODO(APP-10091)
implementation 'com.google.api-client:google-api-client-xml:1.34.1' // TODO(APP-10091)
implementation("io.github.microutils:kotlin-logging:2.1.21")
implementation("org.apache.commons:commons-text:1.9")
implementation("commons-validator:commons-validator:1.7")
implementation("com.ibm.icu:icu4j:71.1")
implementation("com.google.firebase:firebase-admin:7.3.0")
implementation("org.sejda.webp-imageio:webp-imageio-sejda:0.1.0")
implementation("net.javacrumbs.shedlock:shedlock-provider-jdbc:4.36.0")
// unit test
kaptTest("io.micronaut:micronaut-inject-java")
testImplementation("org.junit.jupiter:junit-jupiter-api:5.8.2")
testImplementation("io.micronaut.test:micronaut-test-junit5")
testImplementation("io.projectreactor:reactor-test:3.4.18")
testImplementation("io.kotest:kotest-assertions-core-jvm:5.2.3") // for kotest core jvm assertions
testImplementation("io.kotest:kotest-assertions-json-jvm:5.2.3") // for kotest json jvm assertions
testImplementation("io.kotest:kotest-property-jvm:5.2.3") // for kotest property test
testImplementation("io.mockk:mockk:1.12.3")
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
testImplementation("org.junit.jupiter:junit-jupiter-params:5.7.2")
testImplementation("org.mock-server:mockserver-client-java:5.14.0")
testImplementation("org.awaitility:awaitility-kotlin:4.2.0")
// testcontainers
testImplementation(platform("org.testcontainers:testcontainers-bom:$testcontainersVersion"))
testImplementation("org.testcontainers:postgresql:$testcontainersVersion")
testImplementation("com.github.dasniko:testcontainers-keycloak:1.10.0")
testImplementation("org.testcontainers:testcontainers:$testcontainersVersion")
testImplementation("org.testcontainers:junit-jupiter:$testcontainersVersion")
testImplementation("org.testcontainers:rabbitmq:$testcontainersVersion")
testImplementation("org.testcontainers:mockserver:$testcontainersVersion")
//arch unit
testImplementation "com.tngtech.archunit:archunit-junit5:0.23.1"
// liquibase
implementation("io.micronaut.liquibase:micronaut-liquibase")
implementation("org.liquibase:liquibase-core")
liquibaseRuntime("io.micronaut.liquibase:micronaut-liquibase")
liquibaseRuntime("javax.xml.bind:jaxb-api:2.4.0-b180830.0359")
liquibaseRuntime(sourceSets.main.output)
liquibaseRuntime(sourceSets.main.resources)
// use advisory locks instead of lock table. this releases the lock always when pod terminates
implementation("com.github.blagerweij:liquibase-sessionlock:1.5.1")
// add everything liquibase needs to generate a database schema from our jpa entity model
liquibaseRuntime("org.postgresql:postgresql:$postgresVersion")
liquibaseRuntime("javax.validation:validation-api:2.0.1.Final")
liquibaseRuntime("org.javassist:javassist:3.28.0-GA")
liquibaseRuntime("org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}")
implementation("org.slf4j:jul-to-slf4j:1.7.36")
}
.....
About this issue
- Original URL
- State: open
- Created 2 years ago
- Comments: 16 (4 by maintainers)
Finally found some time to circle back here… and the issue is due to your buildSrc depending on testcontainers 1.17.6, depending on docker-java-api 3.2.13, depending on jackson-annotations 2.10.3 yielding a classpath conflict with DependencyCheck runs as DependencyCheck PinnedMavenAnalyzer (the jackson ObjectMapper) depends on version 2.14.1 of the annotations in which there is an extra annotation property ‘namespace’ (since 2.12)
Hi. I am continuing to debug this issue with @scoopex . Unfortunately, updating Gradle to 7.6 didn’t fix it for me. I was able to create a minimal reproducible example for me. Maybe someone can provide additional insight with this? Anything would be appreciated.
(simply run
./gradlew dependencyCheckAnalyze)owasp_debug copy.zip
From local experiments the issue for the failing build I expect to be in your Java version.
With Java 8 as the default java it works for me (with ./gradlew), with Java 17 (like you have) it breaks for me too (though with a different error: java.lang.NoClassDefFoundError: Could not initialize class org.codehaus.groovy.vmplugin.v7.Java7)
Building on both Java 8 and Java 17 appears to work with a more modern version of gradle (my system-installed gradle, which I used for my own snapshot builds) is at 7.6, the wrapper-configured gradle of the project is at 6.1.1)
From my own trial-builds when contributing fixes that included changes in, or for, the gradle plugin my recipe for local builds and usage of the results in a local validation project:
First preparatory steps is to
mvn install(with -DskipTests to build faster by skipping all the test-work as it’s currently only for a quick diagnostic snapshot build) from that branch on your local system to get the snapshot binaries of the core of dependency-check from that branch available in your maven local repository (in gradle termsmavenLocal()).Assuming that you have maven available on your system:
git clone https://github.com/jeremylong/DependencyCheck.gitcd DependencyCheckmvn install -DskipTests(takes advantage of your user’s settings.xml, which may include items like proxy settings, network-local maven (proxy-)repositories and properties to use a network-local NIST NVD mirror. The documented official build instructionsmvn -s settings.xml installwould leave those optimizations out, but will ensure that user settings do not mess up the build (one never knows what a local user’s settings.xml may contain, so it’s better to be safe than sorry - if this command fails to properly run retry with the official command including the -s settings.xml)Following that you would need to get the dependency-check gradle sources
cd ..git clone https://github.com/dependency-check/dependency-check-gradle.gitcd dependency-check-gradle7.4.2-SNAPSHOTand comment out the signing parts:gradle publishToMavenLocal@jeremylong @scoopex It might be good to try a snapshot gradle plugin based on a snapshot build from https://github.com/jeremylong/DependencyCheck/tree/issue-5136-diagnostic to get at the root cause.
The symptoms suggest that an ExceptionInInitializerError is swallowed somewhere (or overlooked in the logs) and subsequent attempts to use the PinnedMavenInstallAnalyzer run into the NoClassDefFound as a result (I cannot imagine how the PinnedMavenInstallAnalyzer could really be not present in the classloader when other parts of DependencyCheck core library are properly found, apart from a corrupt jar-file).
The diagnostic patch moves the initialization of the jackson reader to an instance method so that class-initialization should properly complete and the exception would be expected to be thrown (and reported, including stacktrace) by the PinnedMavenInstallAnalyzer initialize method invocation.