RetireJS failing in Jenkins plugin

[javixeneize]

This is related to issue #1394

I am using the latest DC plugin for Jenkins (3.3.1) and the tool is still failing when i have initialised RetireJS plugin. Note that this is happening when executing this in a Jenkins slave

Looks like the issue is that it tries to access to a file that doesnt exist (i dont know if it needs to be initialised in advance) If it helps, i am running it against a java application (.jar) so there is no reason to trigger the retirejs analyser

Here is the log:

[DependencyCheck] Analyzing Dependencies
[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.InitializationException
[DependencyCheck] Cause: /tmp/jsrepository.json (No such file or directory)
[DependencyCheck] Message: Failed to initialize the RetireJS repo
[DependencyCheck] org.owasp.dependencycheck.exception.InitializationException: Failed to initialize the RetireJS repo
[DependencyCheck] at org.owasp.dependencycheck.analyzer.RetireJsAnalyzer.prepareFileTypeAnalyzer(RetireJsAnalyzer.java:178)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer.prepareAnalyzer(AbstractFileTypeAnalyzer.java:83)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare(AbstractAnalyzer.java:107)
[DependencyCheck] at org.owasp.dependencycheck.Engine.initializeAnalyzer(Engine.java:825)
[DependencyCheck] at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:662)
[DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:172)
[DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:103)
[DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:46)
[DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:153)
[DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:50)
[DependencyCheck] at hudson.remoting.Request$2.run(Request.java:336)
[DependencyCheck] at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
[DependencyCheck] at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[DependencyCheck] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[DependencyCheck] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[DependencyCheck] at hudson.remoting.Engine$1$1.run(Engine.java:94)
[DependencyCheck] at java.lang.Thread.run(Thread.java:745)
[DependencyCheck] Caused by: java.io.FileNotFoundException: /tmp/jsrepository.json (No such file or directory)
[DependencyCheck] at java.io.FileInputStream.open0(Native Method)
[DependencyCheck] at java.io.FileInputStream.open(FileInputStream.java:195)
[DependencyCheck] at java.io.FileInputStream.(FileInputStream.java:138)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.RetireJsAnalyzer.prepareFileTypeAnalyzer(RetireJsAnalyzer.java:173)
[DependencyCheck] ... 16 more
[DependencyCheck]

[jeremylong]

Can you increase the logging on Jenkins and provide a more complete log so we can try and track down what is going on?

[javixeneize]

Hi. I have increased log level to the maximum and still no extra information. The error is the same i was having in local when using the previous version if i didnt disable the retireJS repo, if it helps

[pachulo]

Same problem here in a Jenkins slave:

22:40:39-[DependencyCheck] Analyzing Dependencies
22:41:14-[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
22:41:14-[DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.InitializationException
22:41:14-[DependencyCheck] Cause: /opt/jenkins-slave/workspace/ld-albert_release_555.555.0-247XLZLFQM4SVCZ2BYNJCZ75Z4OL6UBQSQEYAGAUKK4SO5RPTIOA/dependency-check-data/jsrepository.json (No such file or directory)
22:41:14-[DependencyCheck] Message: Failed to initialize the RetireJS repo
22:41:14-[DependencyCheck] org.owasp.dependencycheck.exception.InitializationException: Failed to initialize the RetireJS repo

[keysher]

Same issue (and logs) with the 3.3.1 version of the plugin. With the version 3.2.1 works fine.

[stevespringett]

Please enable Jenkins debug logging for 'org.owasp' and attach the resulting log containing the errors.

[Dev-Ops-2]

I believe I have the same issue with the 3.3.4 version of the plugin. Here is the output plus I added org.owasp logs (First time so hopefully I got what you suggested on Sep 6).

[DependencyCheck] Analyzing Dependencies
[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.InitializationException
[DependencyCheck] Cause: /opt/jenkins/workspace/ATP/ATP-dev-depend-checker/dependency-check-data/jsrepository.json (No such file or directory)
[DependencyCheck] Message: Failed to initialize the RetireJS repo
[DependencyCheck] org.owasp.dependencycheck.exception.InitializationException: Failed to initialize the RetireJS repo
org.owasp.txt

[FrancescoBorzi]

same issue here

[jeremylong]

We still need a full debug log from someone experiencing this issue. What has been provided is the end of the log; there should be a section near the start of the dependency-check run where the NVD data is initialized - this is also where the RetireJS data is downloaded and cached locally.

Please enable Jenkins debug logging for 'org.owasp' and attach the resulting log containing the full output of dependency-check.

[FrancescoBorzi]

@jeremylong here you go:

[Pipeline] dependencyCheckAnalyzer
[DependencyCheck] OWASP Dependency-Check Plugin v3.3.2
[DependencyCheck] Executing Dependency-Check with the following options:
[DependencyCheck]  -name = master
[DependencyCheck]  -scanPath = /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA
[DependencyCheck]  -outputDirectory = /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA
[DependencyCheck]  -dataDirectory = /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/dependency-check-data
[DependencyCheck]  -dataMirroringType = none
[DependencyCheck]  -isQuickQueryTimestampEnabled = true
[DependencyCheck]  -jarAnalyzerEnabled = true
[DependencyCheck]  -nodePackageAnalyzerEnabled = true
[DependencyCheck]  -nspAnalyzerEnabled = true
[DependencyCheck]  -retireJsAnalyzerEnabled = true
[DependencyCheck]  -composerLockAnalyzerEnabled = true
[DependencyCheck]  -pythonDistributionAnalyzerEnabled = true
[DependencyCheck]  -pythonPackageAnalyzerEnabled = true
[DependencyCheck]  -rubyBundlerAuditAnalyzerEnabled = false
[DependencyCheck]  -rubyGemAnalyzerEnabled = true
[DependencyCheck]  -cocoaPodsAnalyzerEnabled = true
[DependencyCheck]  -swiftPackageManagerAnalyzerEnabled = true
[DependencyCheck]  -archiveAnalyzerEnabled = true
[DependencyCheck]  -assemblyAnalyzerEnabled = true
[DependencyCheck]  -msBuildProjectAnalyzerEnabled = true
[DependencyCheck]  -nuGetConfigAnalyzerEnabled = true
[DependencyCheck]  -nuspecAnalyzerEnabled = true
[DependencyCheck]  -centralAnalyzerEnabled = true
[DependencyCheck]  -nexusAnalyzerEnabled = false
[DependencyCheck]  -artifactoryAnalyzerEnabled = false
[DependencyCheck]  -autoconfAnalyzerEnabled = true
[DependencyCheck]  -cmakeAnalyzerEnabled = true
[DependencyCheck]  -opensslAnalyzerEnabled = true
[DependencyCheck]  -showEvidence = true
[DependencyCheck]  -formats = XML 
[DependencyCheck]  -autoUpdate = true
[DependencyCheck]  -updateOnly = false
[DependencyCheck] Scanning: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA
[DependencyCheck] Analyzing Dependencies
[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.data.update.exception.UpdateException
[DependencyCheck] Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[DependencyCheck] Message: Failed to initialize the RetireJS repo
[DependencyCheck] org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo
[DependencyCheck] 	at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:171)
[DependencyCheck] 	at org.owasp.dependencycheck.data.update.RetireJSDataSource.update(RetireJSDataSource.java:99)
[DependencyCheck] 	at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:899)
[DependencyCheck] 	at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:716)
[DependencyCheck] 	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:642)
[DependencyCheck] 	at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:172)
[DependencyCheck] 	at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:103)
[DependencyCheck] 	at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:46)
[DependencyCheck] 	at hudson.remoting.UserRequest.perform(UserRequest.java:212)
[DependencyCheck] 	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
[DependencyCheck] 	at hudson.remoting.Request$2.run(Request.java:369)
[DependencyCheck] 	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
[DependencyCheck] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[DependencyCheck] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[DependencyCheck] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[DependencyCheck] 	at java.lang.Thread.run(Thread.java:745)
[DependencyCheck] Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[DependencyCheck] 	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
[DependencyCheck] 	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
[DependencyCheck] 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
[DependencyCheck] 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
[DependencyCheck] 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
[DependencyCheck] 	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
[DependencyCheck] 	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
[DependencyCheck] 	at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
[DependencyCheck] 	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
[DependencyCheck] 	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
[DependencyCheck] 	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
[DependencyCheck] 	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
[DependencyCheck] 	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
[DependencyCheck] 	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
[DependencyCheck] 	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
[DependencyCheck] 	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
[DependencyCheck] 	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
[DependencyCheck] 	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
[DependencyCheck] 	at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:157)
[DependencyCheck] 	... 15 more
[DependencyCheck] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[DependencyCheck] 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
[DependencyCheck] 	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
[DependencyCheck] 	at sun.security.validator.Validator.validate(Validator.java:260)
[DependencyCheck] 	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
[DependencyCheck] 	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
[DependencyCheck] 	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
[DependencyCheck] 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
[DependencyCheck] 	... 29 more
[DependencyCheck] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[DependencyCheck] 	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
[DependencyCheck] 	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
[DependencyCheck] 	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
[DependencyCheck] 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
[DependencyCheck] 	... 35 more
[DependencyCheck] 
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.InitializationException
[DependencyCheck] Cause: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/dependency-check-data/jsrepository.json (No such file or directory)
[DependencyCheck] Message: Failed to initialize the RetireJS repo
[DependencyCheck] org.owasp.dependencycheck.exception.InitializationException: Failed to initialize the RetireJS repo
[DependencyCheck] 	at org.owasp.dependencycheck.analyzer.RetireJsAnalyzer.prepareFileTypeAnalyzer(RetireJsAnalyzer.java:178)
[DependencyCheck] 	at org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer.prepareAnalyzer(AbstractFileTypeAnalyzer.java:83)
[DependencyCheck] 	at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare(AbstractAnalyzer.java:107)
[DependencyCheck] 	at org.owasp.dependencycheck.Engine.initializeAnalyzer(Engine.java:825)
[DependencyCheck] 	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:662)
[DependencyCheck] 	at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:172)
[DependencyCheck] 	at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:103)
[DependencyCheck] 	at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:46)
[DependencyCheck] 	at hudson.remoting.UserRequest.perform(UserRequest.java:212)
[DependencyCheck] 	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
[DependencyCheck] 	at hudson.remoting.Request$2.run(Request.java:369)
[DependencyCheck] 	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
[DependencyCheck] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[DependencyCheck] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[DependencyCheck] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[DependencyCheck] 	at java.lang.Thread.run(Thread.java:745)
[DependencyCheck] Caused by: java.io.FileNotFoundException: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/dependency-check-data/jsrepository.json (No such file or directory)
[DependencyCheck] 	at java.io.FileInputStream.open0(Native Method)
[DependencyCheck] 	at java.io.FileInputStream.open(FileInputStream.java:195)
[DependencyCheck] 	at java.io.FileInputStream.<init>(FileInputStream.java:138)
[DependencyCheck] 	at org.owasp.dependencycheck.analyzer.RetireJsAnalyzer.prepareFileTypeAnalyzer(RetireJsAnalyzer.java:173)
[DependencyCheck] 	... 15 more
[DependencyCheck] 
[Pipeline] dependencyCheckPublisher
[DependencyCheck] Skipping publisher since build result is FAILURE
[Pipeline] stage
[Pipeline] { (SonarQube Analysis)
[Pipeline] gitlabCommitStatus
[Pipeline] {
[Pipeline] tool
[Pipeline] withSonarQubeEnv
Injecting SonarQube environment variables using the configuration: IMS SonarQube
[Pipeline] {
[Pipeline] sh
[IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA] Running shell script
+ ./node_modules/sonarqube-scanner/dist/bin/sonar-scanner -Dsonar.projectKey=ims:frontend:master -Dsonar.sources=src -Dsonar.projectName=IMS Frontend -Dsonar.branch=master -Dsonar.projectVersion=3.2.0-00473-96e991e -Dsonar.typescript.lcov.reportPaths=coverage/lcov.info -Dsonar.coverage.exclusions=**/*spec*,**/*mock*,**/scss/old/**/* -Dsonar.exclusions=**/scss/old/**/*
[17:23:14] Starting SonarQube analysis...
[17:23:14] Getting info from "package.json" file
[17:23:14] Checking if executable exists: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/.sonar/native-sonar-scanner/sonar-scanner-3.2.0.1227-linux/bin/sonar-scanner
[17:23:14] Could not find executable in "/home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/.sonar/native-sonar-scanner".
[17:23:14] Proceed with download of the platform binaries for SonarQube Scanner...
[17:23:14] Creating /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/.sonar/native-sonar-scanner
[17:23:14] Downloading from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip
[17:23:14] (executable will be saved in cache folder: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/.sonar/native-sonar-scanner)

INFO: Scanner configuration file: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/.sonar/native-sonar-scanner/sonar-scanner-3.2.0.1227-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner 3.2.0.1227
INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
INFO: Linux 4.15.0-38-generic amd64
INFO: User cache: ?/.sonar/cache
INFO: SonarQube server 7.1.0
INFO: Default locale: "en_US", source code encoding: "US-ASCII" (analysis is platform dependent)
INFO: Publish mode
INFO: Load global settings
INFO: Load global settings (done) | time=86ms
INFO: Server id: AWRklxV5tisjeyBo4BTW
INFO: User cache: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/?/.sonar/cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=43ms
INFO: Load/download plugins
INFO: Load/download plugins (done) | time=381ms
INFO: Process project properties
INFO: Load project repositories
INFO: Load project repositories (done) | time=93ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=39ms
INFO: Load active rules
INFO: Load active rules (done) | time=241ms
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=25ms
WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
INFO: Project key: ims:frontend:master
INFO: Project base dir: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA
INFO: Branch key: master
WARN: The use of "sonar.branch" is deprecated and replaced by "sonar.branch.name". See https://redirect.sonarsource.com/doc/branches.html.
INFO: -------------  Scan IMS Frontend
INFO: Load server rules
INFO: Load server rules (done) | time=42ms
INFO: Base dir: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA
INFO: Working dir: /home/ims/jenkins/workspace/IMS-New-Frontend_master-ZEG2FKUL4URKGMGNTPLGIQQF2FTPIRL5EQ6HCBZL77KGIWWVLAHA/.scannerwork
INFO: Source paths: src
INFO: Source encoding: US-ASCII, default locale: en_US
INFO: Index files
INFO: Excluded sources: 
INFO:   **/scss/old/**/*
INFO: 486 files indexed
INFO: 0 files ignored because of inclusion/exclusion patterns
INFO: Quality profile for css: IMS_SCSS
INFO: Quality profile for ts: IMS_TS_Project
INFO: Excluded sources for coverage: 
INFO:   **/*spec*
INFO:   **/*mock*
INFO:   **/scss/old/**/*
INFO: Sensor SonarJavaXmlFileSensor [java]
INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=10ms
INFO: Sensor SonarCSS Metrics [cssfamily]
INFO: Sensor SonarCSS Metrics [cssfamily] (done) | time=165ms
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=1798ms
INFO: Sensor License Check [licensecheck]
ERROR: Error adding dependency net
java.lang.ClassCastException: org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl cannot be cast to javax.json.JsonString
	at org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl.getJsonString(JsonObjectBuilderImpl.java:191)
	at org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl.getString(JsonObjectBuilderImpl.java:196)
	at at.porscheinformatik.sonarqube.licensecheck.npm.PackageJsonDependencyScanner.moduleCheck(PackageJsonDependencyScanner.java:85)
	at at.porscheinformatik.sonarqube.licensecheck.npm.PackageJsonDependencyScanner.dependencyParser(PackageJsonDependencyScanner.java:62)
	at at.porscheinformatik.sonarqube.licensecheck.npm.PackageJsonDependencyScanner.scan(PackageJsonDependencyScanner.java:41)
	at at.porscheinformatik.sonarqube.licensecheck.LicenseCheckSensor.execute(LicenseCheckSensor.java:85)
	at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
	at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68)
	at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:180)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:302)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:297)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:271)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
	at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
	at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:171)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:128)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:111)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)

WARN: Error reading file
java.lang.IllegalStateException: Maven application directory was not specified, and ${maven.home} is not provided in the system properties. Please specify at least on of these.
	at org.apache.maven.shared.invoker.MavenCommandLineBuilder.checkRequiredState(MavenCommandLineBuilder.java:124)
	at org.apache.maven.shared.invoker.MavenCommandLineBuilder.build(MavenCommandLineBuilder.java:59)
	at org.apache.maven.shared.invoker.DefaultInvoker.execute(DefaultInvoker.java:101)
	at at.porscheinformatik.sonarqube.licensecheck.maven.MavenDependencyScanner.readDependecyList(MavenDependencyScanner.java:114)
	at at.porscheinformatik.sonarqube.licensecheck.maven.MavenDependencyScanner.scan(MavenDependencyScanner.java:73)
	at at.porscheinformatik.sonarqube.licensecheck.LicenseCheckSensor.execute(LicenseCheckSensor.java:85)
	at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
	at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68)
	at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:180)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:302)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:297)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:271)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
	at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
	at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:171)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:128)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:111)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)```

[ayeks]

Looks like a connectivity issue instead of a DependencyCheck issue because of:

[DependencyCheck] Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

[jeremylong]

Correct - the RetireJS Analyzer does download the RetireJS repository: https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json

If you are mirroring the NVD you should probably mirror the Retire JS repository. However, we just added the configuration options to allow using a mirror. The options will be included in 5.0.0 (or possibly 5.0.0-m3 - we are still deciding if we are going to do one more milestone release before the final release of 5.0.0).