Hi, we are trying to use the Jenkins plugin but it fails both as a separate update job and within the build jobs. Below is the output from the update job. And below that, part of the system log.
Thought it might be similar to issues-523 but not quite.
We do not have a proxy and if I use the gradle dependency check plugin within the build (and not the Jenkins one) it does work. But not desirable, as takes a long time and can't share the data across build jobs.
Jenkins - 2.14
Java - SE 8u92
OWASP Dependency-Check Plugin v1.4.3
Thanks in advance
Building in workspace /var/lib/jenkins/workspace/OWASP NVD Update
[DependencyCheck] OWASP Dependency-Check Plugin v1.4.3
[DependencyCheck] Executing Dependency-Check with the following options:
[DependencyCheck] -name = OWASP NVD Update
[DependencyCheck] -outputDirectory = /var/lib/jenkins/workspace/OWASP NVD Update
[DependencyCheck] -dataDirectory = /var/lib/jenkins/workspace/OWASP NVD Update/userContent/owasp/nvd
[DependencyCheck] -verboseLogFile = /var/lib/jenkins/workspace/OWASP NVD Update/dependency-check.log
[DependencyCheck] -dataMirroringType = none
[DependencyCheck] -isQuickQueryTimestampEnabled = true
[DependencyCheck] -useMavenArtifactsScanPath = false
[DependencyCheck] -jarAnalyzerEnabled = false
[DependencyCheck] -nodeJsAnalyzerEnabled = false
[DependencyCheck] -composerLockAnalyzerEnabled = false
[DependencyCheck] -pythonAnalyzerEnabled = false
[DependencyCheck] -rubyGemAnalyzerEnabled = false
[DependencyCheck] -cocoaPodsAnalyzerEnabled = false
[DependencyCheck] -swiftPackageManagerAnalyzerEnabled = false
[DependencyCheck] -archiveAnalyzerEnabled = false
[DependencyCheck] -assemblyAnalyzerEnabled = false
[DependencyCheck] -centralAnalyzerEnabled = false
[DependencyCheck] -nuspecAnalyzerEnabled = false
[DependencyCheck] -nexusAnalyzerEnabled = false
[DependencyCheck] -autoconfAnalyzerEnabled = false
[DependencyCheck] -cmakeAnalyzerEnabled = false
[DependencyCheck] -opensslAnalyzerEnabled = false
[DependencyCheck] -showEvidence = true
[DependencyCheck] -format = XML
[DependencyCheck] -autoUpdate = true
[DependencyCheck] -updateOnly = true
[DependencyCheck] Performing NVD update only
[DependencyCheck] Unable to update the Dependency-Check database
Build step 'Invoke OWASP Dependency-Check NVD update only' marked build as failure
Finished: FAILURE
........
Checking for updates
Oct 04, 2016 8:40:54 AM FINE org.owasp.dependencycheck.data.nvdcve.CveDB
Database dialect: H2
Oct 04, 2016 8:40:55 AM FINE org.owasp.dependencycheck.data.nvdcve.CveDB
Database dialect: H2
Oct 04, 2016 8:40:55 AM FINE org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve add
Checking for updates from: https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz
Oct 04, 2016 8:40:56 AM SEVERE org.owasp.dependencycheck.utils.Downloader getLastModified
IO Exception: Connection reset
Oct 04, 2016 8:40:56 AM FINE org.owasp.dependencycheck.utils.Downloader getLastModified
Exception details
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.owasp.dependencycheck.utils.Downloader.getLastModified(Downloader.java:254)
at org.owasp.dependencycheck.utils.Downloader.getLastModified(Downloader.java:221)
at org.owasp.dependencycheck.data.update.nvd.UpdateableNvdCve.add(UpdateableNvdCve.java:101)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.retrieveCurrentTimestampsFromWeb(NvdCveUpdater.java:330)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded(NvdCveUpdater.java:259)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:79)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:492)
at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:135)
at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.performBuild(DependencyCheckExecutor.java:98)
at org.jenkinsci.plugins.DependencyCheck.AbstractDependencyCheckBuilder$1.call(AbstractDependencyCheckBuilder.java:90)
at org.jenkinsci.plugins.DependencyCheck.AbstractDependencyCheckBuilder$1.call(AbstractDependencyCheckBuilder.java:87)
at hudson.remoting.LocalChannel.call(LocalChannel.java:45)
at org.jenkinsci.plugins.DependencyCheck.AbstractDependencyCheckBuilder.perform(AbstractDependencyCheckBuilder.java:87)
at org.jenkinsci.plugins.DependencyCheck.DependencyCheckUpdateOnlyBuilder.perform(DependencyCheckUpdateOnlyBuilder.java:84)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
at hudson.model.Build$BuildExecution.build(Build.java:205)
at hudson.model.Build$BuildExecution.doRun(Build.java:162)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
at hudson.model.Run.execute(Run.java:1720)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:404)