[
https://issues.redhat.com/browse/ISPN-12682?page=com.atlassian.jira.plugi...
]
Dan Berindei updated ISPN-12682:
--------------------------------
Git Pull Request:
https://github.com/infinispan/infinispan/pull/9028
Status: Pull Request Sent (was: Open)
Upgrade org.owasp:dependency-check-maven to version 6.1.0.
It should at least improve the error reporting.
dependency-check-maven plugin fails CI builds
---------------------------------------------
Key: ISPN-12682
URL:
https://issues.redhat.com/browse/ISPN-12682
Project: Infinispan
Issue Type: Bug
Components: Build
Affects Versions: 12.0.0.Final
Reporter: Dan Berindei
Assignee: Dan Berindei
Priority: Major
Fix For: 12.1.0.Final
CI builds for master are randomly failing because of the OWASP {{dependency-check-maven}}
plugin:
{noformat}
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal
org.owasp:dependency-check-maven:6.0.2:check (default-cli) on project
infinispan-cachestore-jdbc: One or more exceptions occurred during dependency-check
analysis
Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: One or more
exceptions occurred during analysis:
Failed to request component-reports
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:644)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck
(BaseDependencyCheckMojo.java:1606)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute
(BaseDependencyCheckMojo.java:883)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
(DefaultBuildPluginManager.java:137)
{noformat}
I was not able to reproduce the failure locally, and the OWASP dependency check plugin
does not log the actual errors. It uses a custom {{ExceptionCollection}} class to wrap
multiple exceptions, instead of {{Throwable.addSuppressed()}} method added in Java 1.7,
and the Maven logger bypasses {{ExceptionCollection.printStackTrace()}}.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)