I am curious. Did this issue ever get resolved? I am observing something similar, although my context ( PHP source) is different.
I am running through Jenkins, and I do not see any error messages in the console.
Building on master in workspace /var/lib/jenkins/jobs/OWASP/workspace
[DependencyCheck] OWASP Dependency-Check Plugin v3.2.1
[DependencyCheck] Executing Dependency-Check with the following options:
[DependencyCheck] -name = OWASP
[DependencyCheck] -scanPath = /var/lib/jenkins/jobs/Git_Checkout/workspace
[DependencyCheck] -outputDirectory = /var/lib/jenkins/jobs/OWASP/workspace
[DependencyCheck] -dataDirectory = /var/lib/jenkins/jobs/OWASP/workspace/dependency-check-data
[DependencyCheck] -dataMirroringType = none
[DependencyCheck] -isQuickQueryTimestampEnabled = true
[DependencyCheck] -jarAnalyzerEnabled = true
[DependencyCheck] -nodePackageAnalyzerEnabled = true
[DependencyCheck] -nspAnalyzerEnabled = true
[DependencyCheck] -composerLockAnalyzerEnabled = true
[DependencyCheck] -pythonDistributionAnalyzerEnabled = true
[DependencyCheck] -pythonPackageAnalyzerEnabled = true
[DependencyCheck] -rubyBundlerAuditAnalyzerEnabled = false
[DependencyCheck] -rubyGemAnalyzerEnabled = true
[DependencyCheck] -cocoaPodsAnalyzerEnabled = true
[DependencyCheck] -swiftPackageManagerAnalyzerEnabled = true
[DependencyCheck] -archiveAnalyzerEnabled = true
[DependencyCheck] -assemblyAnalyzerEnabled = true
[DependencyCheck] -centralAnalyzerEnabled = true
[DependencyCheck] -nuspecAnalyzerEnabled = true
[DependencyCheck] -nexusAnalyzerEnabled = false
[DependencyCheck] -autoconfAnalyzerEnabled = true
[DependencyCheck] -cmakeAnalyzerEnabled = true
[DependencyCheck] -opensslAnalyzerEnabled = true
[DependencyCheck] -showEvidence = true
[DependencyCheck] -formats = XML HTML VULN JSON CSV
[DependencyCheck] -autoUpdate = true
[DependencyCheck] -updateOnly = false
[DependencyCheck] Data directory created
[DependencyCheck] Scanning: /var/lib/jenkins/jobs/Git_Checkout/workspace
[DependencyCheck] Analyzing Dependencies
Build step 'Invoke Dependency-Check analysis' changed build result to SUCCESS
[DependencyCheck] Collecting Dependency-Check analysis files...
[DependencyCheck] Searching for all files in /var/lib/jenkins/jobs/OWASP/workspace that match the pattern **/dependency-check-report.xml
[DependencyCheck] Parsing 1 file in /var/lib/jenkins/jobs/OWASP/workspace
[DependencyCheck] Successfully parsed file /var/lib/jenkins/jobs/OWASP/workspace/dependency-check-report.xml with 3 unique warnings and 0 duplicates.
Skipping warnings blame since Git is the only supported SCM up to now.%n
[DependencyCheck] Computing warning deltas based on reference build #3
However, when I drill into the results, I see the following in the message below. File 785f2910.tmp holds the content of this message. What is odd is that it is describing /var/lib/jenkins/jobs/Git_Checkout/workspace/Miscellaneous/saml/composer.lock:openid/php-openid/dev-master as a source file. /var/lib/jenkins/jobs/Git_Checkout/workspace/Miscellaneous/saml/composer.lock is a file, but I am not sure what it is trying to reference starting with the colon.
Any thoughts?
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.
|
01 Copying the source file '/var/lib/jenkins/jobs/Git_Checkout/workspace/Miscellaneous/saml/composer.lock:openid/php-openid/dev-master' from the workspace to the build folder '785f2910.tmp' on the Jenkins master failed.
02 Is the file '/var/lib/jenkins/jobs/Git_Checkout/workspace/Miscellaneous/saml/composer.lock:openid/php-openid/dev-master' a valid filename?
03 If you are building on a slave: please check if the file is accessible under '$JENKINS_HOME/[job-name]//var/lib/jenkins/jobs/Git_Checkout/workspace/Miscellaneous/saml/composer.lock:openid/php-openid/dev-master'
04 If you are building on the master: please check if the file is accessible under '$JENKINS_HOME/[job-name]/workspace//var/lib/jenkins/jobs/Git_Checkout/workspace/Miscellaneous/saml/composer.lock:openid/php-openid/dev-master'
05 java.io.IOException: Failed to copy /var/lib/jenkins/jobs/Git_Checkout/workspace/Miscellaneous/saml/composer.lock:openid/php-openid/dev-master to /var/lib/jenkins/jobs/OWASP/builds/4/workspace-files/785f2910.tmp
06 at hudson.FilePath.copyTo(FilePath.java:2131)
|