Hi
i am trying to use the gradle dependency check module with a
kotlin/micronaut project and i am running in a strage exception.
I suppose that this is caused by a classloading problem.
The entire build fails if a call a random target. It seems that
Gradle stumbles over the problem already in the initialization
phase before starting to execute tasks.
I also tried to upgrade all dependencies and plugin, but i was not
successful :-)
When i remove the org.owasp.dependencycheck plugin, my build runs
with any target and without problems.
Do you have any suggestions how to analyze or solve this problem?
I configured the following (build.gradle):
plugins {
id "org.jetbrains.kotlin.jvm" version "${kotlinVersion}"
id "org.jetbrains.kotlin.kapt" version "${kotlinVersion}"
id "org.jetbrains.kotlin.plugin.allopen" version "${kotlinVersion}"
id "org.jetbrains.kotlin.plugin.jpa" version "${kotlinVersion}"
id "com.github.johnrengelman.shadow" version "7.1.2"
id "com.github.ben-manes.versions" version "0.42.0"
id "io.micronaut.application" version "2.0.8"
id "jacoco"
id "org.liquibase.gradle" version "2.1.1"
id "com.adarshr.test-logger" version "3.2.0"
id "com.github.jk1.dependency-license-report" version "2.0"
id "com.diffplug.spotless" version "6.8.0"
id "org.sonarqube" version "3.4.0.2513"
id "org.owasp.dependencycheck" version "7.3.0"
}
...
dependencyCheck {
format='HTML'
}
...
dependencies {
compileOnly 'org.jetbrains:annotations:23.0.0'
kapt("io.micronaut:micronaut-http-validation")
implementation("io.micronaut:micronaut-http-client")
implementation("io.micronaut:micronaut-runtime")
implementation("io.micronaut.kotlin:micronaut-kotlin-runtime")
implementation("io.micronaut.sql:micronaut-jdbc-hikari")
implementation("org.jetbrains.kotlin:kotlin-reflect:${kotlinVersion}")
implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}")
implementation("io.micronaut:micronaut-inject")
implementation("io.micronaut:micronaut-validation")
implementation("io.micronaut.micrometer:micronaut-micrometer-core")
implementation("io.micronaut.micrometer:micronaut-micrometer-registry-jmx")
implementation("io.swagger.core.v3:swagger-annotations:2.2.0")
implementation("io.micronaut:micronaut-management")
implementation("io.micronaut.security:micronaut-security-jwt")
implementation("io.micronaut.kotlin:micronaut-kotlin-extension-functions")
implementation("io.micronaut.rabbitmq:micronaut-rabbitmq")
implementation("io.micronaut.cache:micronaut-cache-caffeine")
implementation("io.micronaut.nats:micronaut-nats")
implementation("com.maginatics:jdbclint:0.5.0")
implementation("io.micronaut.reactor:micronaut-reactor")
implementation("io.projectreactor.addons:reactor-extra:3.4.8")
implementation("io.projectreactor.kotlin:reactor-kotlin-extensions:1.1.6")
implementation('io.micronaut.reactor:micronaut-reactor-http-client')
runtimeOnly("com.fasterxml.jackson.module:jackson-module-kotlin:2.13.3")
developmentOnly("io.micronaut:micronaut-runtime-osx")
developmentOnly("net.java.dev.jna:jna:5.11.0")
developmentOnly("io.methvin:directory-watcher:0.15.1")
kapt("io.micronaut:micronaut-inject-java")
kapt("io.micronaut:micronaut-validation")
kapt("io.micronaut.openapi:micronaut-openapi")
implementation("io.micronaut:micronaut-runtime")
implementation("javax.annotation:javax.annotation-api")
implementation("io.sentry:sentry:4.3.0")
implementation("io.sentry:sentry-logback:4.3.0")
implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.13.0")
implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
implementation("net.logstash.logback:logstash-logback-encoder:6.6")
implementation("ch.qos.logback:logback-classic")
runtimeOnly("org.postgresql:postgresql:$postgresVersion")
runtimeOnly("io.micronaut.sql:micronaut-jdbc-hikari")
runtimeOnly("io.netty:netty-transport-native-epoll:linux-x86_64")
implementation("io.minio:minio:8.4.1")
implementation 'xmlpull:xmlpull:1.1.3.1' // TODO(APP-10091)
implementation 'com.google.api-client:google-api-client-xml:1.34.1' // TODO(APP-10091)
implementation("io.github.microutils:kotlin-logging:2.1.21")
implementation("org.apache.commons:commons-text:1.9")
implementation("commons-validator:commons-validator:1.7")
implementation("com.ibm.icu:icu4j:71.1")
implementation("com.google.firebase:firebase-admin:7.3.0")
implementation("org.sejda.webp-imageio:webp-imageio-sejda:0.1.0")
implementation("net.javacrumbs.shedlock:shedlock-provider-jdbc:4.36.0")
// unit test
kaptTest("io.micronaut:micronaut-inject-java")
testImplementation("org.junit.jupiter:junit-jupiter-api:5.8.2")
testImplementation("io.micronaut.test:micronaut-test-junit5")
testImplementation("io.projectreactor:reactor-test:3.4.18")
testImplementation("io.kotest:kotest-assertions-core-jvm:5.2.3") // for kotest core jvm assertions
testImplementation("io.kotest:kotest-assertions-json-jvm:5.2.3") // for kotest json jvm assertions
testImplementation("io.kotest:kotest-property-jvm:5.2.3") // for kotest property test
testImplementation("io.mockk:mockk:1.12.3")
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
testImplementation("org.junit.jupiter:junit-jupiter-params:5.7.2")
testImplementation("org.mock-server:mockserver-client-java:5.14.0")
testImplementation("org.awaitility:awaitility-kotlin:4.2.0")
// testcontainers
testImplementation(platform("org.testcontainers:testcontainers-bom:$testcontainersVersion"))
testImplementation("org.testcontainers:postgresql:$testcontainersVersion")
testImplementation("com.github.dasniko:testcontainers-keycloak:1.10.0")
testImplementation("org.testcontainers:testcontainers:$testcontainersVersion")
testImplementation("org.testcontainers:junit-jupiter:$testcontainersVersion")
testImplementation("org.testcontainers:rabbitmq:$testcontainersVersion")
testImplementation("org.testcontainers:mockserver:$testcontainersVersion")
//arch unit
testImplementation "com.tngtech.archunit:archunit-junit5:0.23.1"
// liquibase
implementation("io.micronaut.liquibase:micronaut-liquibase")
implementation("org.liquibase:liquibase-core")
liquibaseRuntime("io.micronaut.liquibase:micronaut-liquibase")
liquibaseRuntime("javax.xml.bind:jaxb-api:2.4.0-b180830.0359")
liquibaseRuntime(sourceSets.main.output)
liquibaseRuntime(sourceSets.main.resources)
// use advisory locks instead of lock table. this releases the lock always when pod terminates
implementation("com.github.blagerweij:liquibase-sessionlock:1.5.1")
// add everything liquibase needs to generate a database schema from our jpa entity model
liquibaseRuntime("org.postgresql:postgresql:$postgresVersion")
liquibaseRuntime("javax.validation:validation-api:2.0.1.Final")
liquibaseRuntime("org.javassist:javassist:3.28.0-GA")
liquibaseRuntime("org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}")
implementation("org.slf4j:jul-to-slf4j:1.7.36")
}
.....
Gradle fails with the following exception:
./gradlew --console plain --parallel dependencyCheckAnalyze
> Task :buildSrc:compileKotlin UP-TO-DATE
> Task :buildSrc:compileJava NO-SOURCE
> Task :buildSrc:compileGroovy NO-SOURCE
> Task :buildSrc:pluginDescriptors UP-TO-DATE
> Task :buildSrc:processResources UP-TO-DATE
> Task :buildSrc:classes UP-TO-DATE
> Task :buildSrc:inspectClassesForKotlinIC UP-TO-DATE
> Task :buildSrc:jar UP-TO-DATE
> Task :buildSrc:assemble UP-TO-DATE
> Task :buildSrc:compileTestKotlin NO-SOURCE
> Task :buildSrc:pluginUnderTestMetadata UP-TO-DATE
> Task :buildSrc:compileTestJava NO-SOURCE
> Task :buildSrc:compileTestGroovy NO-SOURCE
> Task :buildSrc:processTestResources NO-SOURCE
> Task :buildSrc:testClasses UP-TO-DATE
> Task :buildSrc:test NO-SOURCE
> Task :buildSrc:validatePlugins UP-TO-DATE
> Task :buildSrc:check UP-TO-DATE
> Task :buildSrc:build UP-TO-DATE
> Configure project :
> Task :dependencyCheckAnalyze FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':dependencyCheckAnalyze'.
> org.owasp.dependencycheck.analyzer.Analyzer: Provider org.owasp.dependencycheck.analyzer.PinnedMavenInstallAnalyzer could not be instantiated
* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
See https://docs.gradle.org/7.4.2/userguide/command_line_interface.html#sec:command_line_warnings
BUILD FAILED in 6s
8 actionable tasks: 1 executed, 7 up-to-date