org.owasp.dependencycheck.analyzer.Analyzer: Provider org.owasp.dependencycheck.analyzer.PinnedMavenInstallAnalyzer could not be instantiated

60 views
Skip to first unread message

Marc Schoechlin

unread,
Nov 9, 2022, 3:08:17 PM11/9/22
to dependen...@googlegroups.com
Hi

i am trying to use the gradle dependency check module with a kotlin/micronaut project and i am running in a strage exception.

I suppose that this is caused by a classloading problem.
The entire build fails if a call a random target. It seems that Gradle stumbles over the problem already in the initialization phase before starting to execute tasks.

I also tried to upgrade all dependencies and plugin, but i was not successful :-)
When i remove the org.owasp.dependencycheck plugin, my build runs with any target and without problems.

Do you have any suggestions how to analyze or solve this problem?

I configured the following (build.gradle):

plugins {
    id "org.jetbrains.kotlin.jvm" version "${kotlinVersion}"
    id "org.jetbrains.kotlin.kapt" version "${kotlinVersion}"
    id "org.jetbrains.kotlin.plugin.allopen" version "${kotlinVersion}"
    id "org.jetbrains.kotlin.plugin.jpa" version "${kotlinVersion}"
    id "com.github.johnrengelman.shadow" version "7.1.2"
    id "com.github.ben-manes.versions" version "0.42.0"
    id "io.micronaut.application" version "2.0.8"
    id "jacoco"
    id "org.liquibase.gradle" version "2.1.1"
    id "com.adarshr.test-logger" version "3.2.0"
    id "com.github.jk1.dependency-license-report" version "2.0"
    id "com.diffplug.spotless" version "6.8.0"
    id "org.sonarqube" version "3.4.0.2513"
    id "org.owasp.dependencycheck" version "7.3.0"
}
...

dependencyCheck {
    format='HTML'
}
...
dependencies {
    compileOnly 'org.jetbrains:annotations:23.0.0'
    kapt("io.micronaut:micronaut-http-validation")
    implementation("io.micronaut:micronaut-http-client")
    implementation("io.micronaut:micronaut-runtime")
    implementation("io.micronaut.kotlin:micronaut-kotlin-runtime")
    implementation("io.micronaut.sql:micronaut-jdbc-hikari")
    implementation("org.jetbrains.kotlin:kotlin-reflect:${kotlinVersion}")
    implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}")
    implementation("io.micronaut:micronaut-inject")
    implementation("io.micronaut:micronaut-validation")
    implementation("io.micronaut.micrometer:micronaut-micrometer-core")
    implementation("io.micronaut.micrometer:micronaut-micrometer-registry-jmx")
    implementation("io.swagger.core.v3:swagger-annotations:2.2.0")
    implementation("io.micronaut:micronaut-management")
    implementation("io.micronaut.security:micronaut-security-jwt")
    implementation("io.micronaut.kotlin:micronaut-kotlin-extension-functions")
    implementation("io.micronaut.rabbitmq:micronaut-rabbitmq")
    implementation("io.micronaut.cache:micronaut-cache-caffeine")
    implementation("io.micronaut.nats:micronaut-nats")
    implementation("com.maginatics:jdbclint:0.5.0")

    implementation("io.micronaut.reactor:micronaut-reactor")
    implementation("io.projectreactor.addons:reactor-extra:3.4.8")
    implementation("io.projectreactor.kotlin:reactor-kotlin-extensions:1.1.6")
    implementation('io.micronaut.reactor:micronaut-reactor-http-client')

    runtimeOnly("com.fasterxml.jackson.module:jackson-module-kotlin:2.13.3")

    developmentOnly("io.micronaut:micronaut-runtime-osx")
    developmentOnly("net.java.dev.jna:jna:5.11.0")
    developmentOnly("io.methvin:directory-watcher:0.15.1")
    kapt("io.micronaut:micronaut-inject-java")
    kapt("io.micronaut:micronaut-validation")

    kapt("io.micronaut.openapi:micronaut-openapi")

    implementation("io.micronaut:micronaut-runtime")
    implementation("javax.annotation:javax.annotation-api")


    implementation("io.sentry:sentry:4.3.0")
    implementation("io.sentry:sentry-logback:4.3.0")
    implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.13.0")
    implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
    implementation("net.logstash.logback:logstash-logback-encoder:6.6")
    implementation("ch.qos.logback:logback-classic")
    runtimeOnly("org.postgresql:postgresql:$postgresVersion")
    runtimeOnly("io.micronaut.sql:micronaut-jdbc-hikari")
    runtimeOnly("io.netty:netty-transport-native-epoll:linux-x86_64")

    implementation("io.minio:minio:8.4.1")
    implementation 'xmlpull:xmlpull:1.1.3.1'  // TODO(APP-10091)
    implementation 'com.google.api-client:google-api-client-xml:1.34.1'  // TODO(APP-10091)

    implementation("io.github.microutils:kotlin-logging:2.1.21")
    implementation("org.apache.commons:commons-text:1.9")
    implementation("commons-validator:commons-validator:1.7")
    implementation("com.ibm.icu:icu4j:71.1")

    implementation("com.google.firebase:firebase-admin:7.3.0")

    implementation("org.sejda.webp-imageio:webp-imageio-sejda:0.1.0")

    implementation("net.javacrumbs.shedlock:shedlock-provider-jdbc:4.36.0")

    // unit test
    kaptTest("io.micronaut:micronaut-inject-java")
    testImplementation("org.junit.jupiter:junit-jupiter-api:5.8.2")
    testImplementation("io.micronaut.test:micronaut-test-junit5")
    testImplementation("io.projectreactor:reactor-test:3.4.18")
    testImplementation("io.kotest:kotest-assertions-core-jvm:5.2.3") // for kotest core jvm assertions
    testImplementation("io.kotest:kotest-assertions-json-jvm:5.2.3") // for kotest json jvm assertions
    testImplementation("io.kotest:kotest-property-jvm:5.2.3") // for kotest property test
    testImplementation("io.mockk:mockk:1.12.3")
    testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
    testImplementation("org.junit.jupiter:junit-jupiter-params:5.7.2")
    testImplementation("org.mock-server:mockserver-client-java:5.14.0")
    testImplementation("org.awaitility:awaitility-kotlin:4.2.0")

    // testcontainers
    testImplementation(platform("org.testcontainers:testcontainers-bom:$testcontainersVersion"))
    testImplementation("org.testcontainers:postgresql:$testcontainersVersion")
    testImplementation("com.github.dasniko:testcontainers-keycloak:1.10.0")
    testImplementation("org.testcontainers:testcontainers:$testcontainersVersion")
    testImplementation("org.testcontainers:junit-jupiter:$testcontainersVersion")
    testImplementation("org.testcontainers:rabbitmq:$testcontainersVersion")
    testImplementation("org.testcontainers:mockserver:$testcontainersVersion")

    //arch unit
    testImplementation "com.tngtech.archunit:archunit-junit5:0.23.1"

    // liquibase
    implementation("io.micronaut.liquibase:micronaut-liquibase")
    implementation("org.liquibase:liquibase-core")
    liquibaseRuntime("io.micronaut.liquibase:micronaut-liquibase")
    liquibaseRuntime("javax.xml.bind:jaxb-api:2.4.0-b180830.0359")
    liquibaseRuntime(sourceSets.main.output)
    liquibaseRuntime(sourceSets.main.resources)
    // use advisory locks instead of lock table. this releases the lock always when pod terminates
    implementation("com.github.blagerweij:liquibase-sessionlock:1.5.1")
    // add everything liquibase needs to generate a database schema from our jpa entity model
    liquibaseRuntime("org.postgresql:postgresql:$postgresVersion")
    liquibaseRuntime("javax.validation:validation-api:2.0.1.Final")
    liquibaseRuntime("org.javassist:javassist:3.28.0-GA")
    liquibaseRuntime("org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlinVersion}")

    implementation("org.slf4j:jul-to-slf4j:1.7.36")
}
.....


Gradle fails with the following exception:

 ./gradlew --console plain --parallel dependencyCheckAnalyze
> Task :buildSrc:compileKotlin UP-TO-DATE
> Task :buildSrc:compileJava NO-SOURCE
> Task :buildSrc:compileGroovy NO-SOURCE
> Task :buildSrc:pluginDescriptors UP-TO-DATE
> Task :buildSrc:processResources UP-TO-DATE
> Task :buildSrc:classes UP-TO-DATE
> Task :buildSrc:inspectClassesForKotlinIC UP-TO-DATE
> Task :buildSrc:jar UP-TO-DATE
> Task :buildSrc:assemble UP-TO-DATE
> Task :buildSrc:compileTestKotlin NO-SOURCE
> Task :buildSrc:pluginUnderTestMetadata UP-TO-DATE
> Task :buildSrc:compileTestJava NO-SOURCE
> Task :buildSrc:compileTestGroovy NO-SOURCE
> Task :buildSrc:processTestResources NO-SOURCE
> Task :buildSrc:testClasses UP-TO-DATE
> Task :buildSrc:test NO-SOURCE
> Task :buildSrc:validatePlugins UP-TO-DATE
> Task :buildSrc:check UP-TO-DATE
> Task :buildSrc:build UP-TO-DATE

> Configure project :

> Task :dependencyCheckAnalyze FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':dependencyCheckAnalyze'.
> org.owasp.dependencycheck.analyzer.Analyzer: Provider org.owasp.dependencycheck.analyzer.PinnedMavenInstallAnalyzer could not be instantiated

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/7.4.2/userguide/command_line_interface.html#sec:command_line_warnings

BUILD FAILED in 6s
8 actionable tasks: 1 executed, 7 up-to-date

Reply all
Reply to author
Forward
0 new messages