DependencyCheck: OWASP gradle check failed

Describe the bug We got a crash on CI.

Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during analysis:
	Failed to request component-reports: null
	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:699)
	at org.owasp.dependencycheck.Engine$analyzeDependencies$3.call(Unknown Source)
	at org.owasp.dependencycheck.gradle.tasks.AbstractAnalyze.analyze(AbstractAnalyze.groovy:89)

** Version of dependency-check used ** The problem occurs using version 5.1.0 gradle plugin.

** Log file ** Full stacktrace is here.

Nothing special but here is also build log

To Reproduce No steps to reproduce. Looks like some race condition or gradle cache issues.

Expected behavior OWASP report doesn’t crash.

Additional context It is an android project that uses AGP 3.4.2 and Gralde 5.5.1. It is a multimodule project and we use gradle cache.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 2
  • Comments: 24 (9 by maintainers)

Commits related to this issue

Most upvoted comments

Hi,

I have the same issue using 5.2.0. It does not occur using 5.0.0 but I cannot use it as it got that other issue #2073.

+2
gabrielbieules on Aug 1, 2019

I have added additional logging to try and figure out what is going on - this will be included in the next release (point release hopefully this weekend).

+1
jeremylong on Aug 1, 2019
Read more comments on GitHub
← DependencyCheck: OWASP: AnalysisException: Failed to request component-reports caused by NullPointerException: null
DependencyCheck: PKIX path building failed :: javax.net.ssl.SSLHandshakeException on nvd.nist.gov →