Last active
June 18, 2024 20:46
-
-
Save francisATgwn/ece673ba589b75110a3aeecc9354708e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ /usr/share/dependency-check/bin/dependency-check.sh --project $CI_PROJECT_NAME --out . --scan . --enableExperimental --format JUNIT --junitFailOnCVSS 4 --format HTML --failOnCVSS 4 --nodeAuditSkipDevDependencies --data dependency-check-data $( [[ -e dependency-check-suppression.xml ]] && echo '--suppression dependency-check-suppression.xml' || echo '' ) | |
[INFO] Instance is null, returning unconfigured instance | |
[INFO] Using system property [[jcs.logSystem] [slf4j]] | |
[INFO] Setting default auxiliaries to "ODC" | |
[INFO] setting defaultCompositeCacheAttributes to [ useLateral = true, useRemote = true, useDisk = true, maxObjs = 0, maxSpoolPerRun = -1, diskUsagePattern = UPDATE, spoolChunkSize = 2 ] | |
[INFO] setting defaultElementAttributes to [ IS_LATERAL = false, IS_SPOOL = true, IS_REMOTE = false, IS_ETERNAL = false, MaxLifeSeconds = 86400, IdleTime = 1800, CreateTime = 1718742401177, LastAccessTime = 1718742401177, getTimeToLiveSeconds() = 86399, createTime = 1718742401177 ] | |
[INFO] initialized MemoryCache for CENTRAL | |
[INFO] Constructed cache with name [CENTRAL] and cache attributes [ useLateral = true, useRemote = true, useDisk = true, maxObjs = 0, maxSpoolPerRun = -1, diskUsagePattern = UPDATE, spoolChunkSize = 2 ] | |
[INFO] No cache event logger defined for auxiliary [jcs.auxiliary.ODC] | |
[INFO] Using standard serializer [org.apache.commons.jcs3.utils.serialization.StandardSerializer@53d102a2] for auxiliary [jcs.auxiliary.ODC] | |
[INFO] Region [CENTRAL] : Set maxKeySize to: "1,000,000" | |
[INFO] Region [CENTRAL] : Cache file root directory: /builds/lambda/MobileRemoteServices/dependency-check-data/cache | |
[INFO] Region [CENTRAL] : Indexed Disk Cache is alive. | |
[INFO] initialized MemoryCache for POM | |
[INFO] Constructed cache with name [POM] and cache attributes [ useLateral = true, useRemote = true, useDisk = true, maxObjs = 0, maxSpoolPerRun = -1, diskUsagePattern = UPDATE, spoolChunkSize = 2 ] | |
[INFO] No cache event logger defined for auxiliary [jcs.auxiliary.ODC] | |
[INFO] Using standard serializer [org.apache.commons.jcs3.utils.serialization.StandardSerializer@dfddc9a] for auxiliary [jcs.auxiliary.ODC] | |
[INFO] Region [POM] : Set maxKeySize to: "1,000,000" | |
[INFO] Region [POM] : Cache file root directory: /builds/lambda/MobileRemoteServices/dependency-check-data/cache | |
[INFO] Region [POM] : Indexed Disk Cache is alive. | |
[INFO] initialized MemoryCache for NODEAUDIT | |
[INFO] Constructed cache with name [NODEAUDIT] and cache attributes [ useLateral = true, useRemote = true, useDisk = true, maxObjs = 0, maxSpoolPerRun = -1, diskUsagePattern = UPDATE, spoolChunkSize = 2 ] | |
[INFO] No cache event logger defined for auxiliary [jcs.auxiliary.ODC] | |
[INFO] Using standard serializer [org.apache.commons.jcs3.utils.serialization.StandardSerializer@4b9df8a] for auxiliary [jcs.auxiliary.ODC] | |
[INFO] Region [NODEAUDIT] : Set maxKeySize to: "1,000,000" | |
[INFO] Region [NODEAUDIT] : Cache file root directory: /builds/lambda/MobileRemoteServices/dependency-check-data/cache | |
[INFO] Region [NODEAUDIT] : Indexed Disk Cache is alive. | |
[INFO] Parsed regions [CENTRAL, POM, NODEAUDIT] | |
[INFO] Finished configuration in 132 ms. | |
[INFO] Checking for updates | |
[INFO] Skipping NVD check since last check was within 4 hours. | |
[INFO] Skipping RetireJS update since last update was within 24 hours. | |
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours. | |
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. | |
[INFO] Check for updates complete (62 ms) | |
[INFO] | |
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. | |
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html | |
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html | |
💖 Sponsor: https://github.com/sponsors/jeremylong | |
[INFO] Analysis Started | |
[INFO] Finished Archive Analyzer (0 seconds) | |
[INFO] Finished File Name Analyzer (0 seconds) | |
[INFO] Finished Python Package Analyzer (0 seconds) | |
[INFO] Finished pip Analyzer (0 seconds) | |
[INFO] Finished Poetry Analyzer (0 seconds) | |
[INFO] Finished Dependency Merging Analyzer (0 seconds) | |
[INFO] Finished Hint Analyzer (0 seconds) | |
[INFO] Finished Version Filter Analyzer (0 seconds) | |
[INFO] Created CPE Index (4 seconds) | |
[INFO] Finished NPM CPE Analyzer (4 seconds) | |
[INFO] Created CPE Index (5 seconds) | |
[INFO] Finished CPE Analyzer (6 seconds) | |
[INFO] Finished False Positive Analyzer (0 seconds) | |
[INFO] Finished NVD CVE Analyzer (0 seconds) | |
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds) | |
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds) | |
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) | |
[INFO] Finished Dependency Bundling Analyzer (0 seconds) | |
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds) | |
[INFO] Analysis Complete (11 seconds) | |
[INFO] Writing report to: /builds/lambda/MobileRemoteServices/./dependency-check-junit.xml | |
[INFO] Writing report to: /builds/lambda/MobileRemoteServices/./dependency-check-report.html | |
[ERROR] | |
One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '4.0': | |
requirements.txt: CVE-2023-38325(7.5), CVE-2023-49083(7.5), CVE-2023-4807(7.8), CVE-2024-26130(7.5), CVE-2023-50782(7.5) | |
requirements.txt: CVE-2023-29483(5.9) | |
requirements.txt: CVE-2024-3651(6.2) | |
requirements.txt: CVE-2024-21506(5.2), CVE-2024-5629(4.7) | |
requirements.txt: CVE-2023-45803(4.2), CVE-2023-43804(8.1) | |
See the dependency-check report for more details. | |
[INFO] Element event queue destroyed: org.apache.commons.jcs3.engine.control.event.ElementEventQueue@22bac7bc | |
[INFO] In DISPOSE, [NODEAUDIT] fromRemote [false] | |
[INFO] In DISPOSE, [NODEAUDIT] auxiliary [NODEAUDIT] | |
[INFO] In DISPOSE, [NODEAUDIT] put 0 into auxiliary [NODEAUDIT] | |
[INFO] In dispose, destroying event queue. | |
[INFO] Cache event queue destroyed: CacheEventQueue [listenerId=755450076, cacheName=NODEAUDIT] | |
[INFO] Region [NODEAUDIT] : Saving keys to: NODEAUDIT, key count: 0 | |
[INFO] Region [NODEAUDIT] : Finished saving keys. | |
[INFO] Region [NODEAUDIT] : Shutdown complete. | |
[INFO] In DISPOSE, [NODEAUDIT] disposing of memory cache. | |
[INFO] Memory Cache dispose called. | |
[INFO] In DISPOSE, [CENTRAL] fromRemote [false] | |
[INFO] In DISPOSE, [CENTRAL] auxiliary [CENTRAL] | |
[INFO] In DISPOSE, [CENTRAL] put 0 into auxiliary [CENTRAL] | |
[INFO] In dispose, destroying event queue. | |
[INFO] Cache event queue destroyed: CacheEventQueue [listenerId=755450076, cacheName=CENTRAL] | |
[INFO] Region [CENTRAL] : Saving keys to: CENTRAL, key count: 0 | |
[INFO] Region [CENTRAL] : Finished saving keys. | |
[INFO] Region [CENTRAL] : Shutdown complete. | |
[INFO] In DISPOSE, [CENTRAL] disposing of memory cache. | |
[INFO] Memory Cache dispose called. | |
[INFO] In DISPOSE, [POM] fromRemote [false] | |
[INFO] In DISPOSE, [POM] auxiliary [POM] | |
[INFO] In DISPOSE, [POM] put 0 into auxiliary [POM] | |
[INFO] In dispose, destroying event queue. | |
[INFO] Cache event queue destroyed: CacheEventQueue [listenerId=755450076, cacheName=POM] | |
[INFO] Region [POM] : Saving keys to: POM, key count: 0 | |
[INFO] Region [POM] : Finished saving keys. | |
[INFO] Region [POM] : Shutdown complete. | |
[INFO] In DISPOSE, [POM] disposing of memory cache. | |
[INFO] Memory Cache dispose called. | |
[INFO] In dispose, destroying event queue. | |
[ERROR] Region [NODEAUDIT] : Not alive and dispose was called, filename: NODEAUDIT | |
[INFO] In dispose, destroying event queue. | |
[ERROR] Region [CENTRAL] : Not alive and dispose was called, filename: CENTRAL | |
[INFO] In dispose, destroying event queue. | |
[ERROR] Region [POM] : Not alive and dispose was called, filename: POM | |
Saving cache for failed job | |
00:14 | |
Creating cache default-1-non_protected... | |
dependency-check-data: found 107 matching artifact files and directories | |
Uploading cache.zip to https://gitlab-runner-distributed-cache-788845836002.s3.dualstack.us-east-1.amazonaws.com/project/582/default-1-non_protected | |
Created cache | |
Uploading artifacts for failed job | |
00:01 | |
Uploading artifacts... | |
dependency-check-report.html: found 1 matching artifact files and directories | |
Uploading artifacts as "archive" to coordinator... 201 Created id=921132 responseStatus=201 Created token=glcbt-64 | |
Uploading artifacts... | |
dependency-check-junit.xml: found 1 matching artifact files and directories | |
Uploading artifacts as "junit" to coordinator... 201 Created id=921132 responseStatus=201 Created token=glcbt-64 | |
Cleaning up project directory and file based variables | |
00:01 | |
ERROR: Job failed: exit code 15 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ /usr/share/dependency-check/bin/dependency-check.sh --dbDriverName org.postgresql.Driver --connectionString "$DEPENDENCY_CHECK_CONNECTION" --dbUser "$DEPENDENCY_CHECK_USER" --dbPassword "$DEPENDENCY_CHECK_PASSWORD" --nvdApiKey "$NIST_NVD_API_KEY" --project $CI_PROJECT_NAME --out . --scan . --enableExperimental --format JUNIT --junitFailOnCVSS 4 --format HTML --failOnCVSS 4 --nodeAuditSkipDevDependencies $( [[ -e dependency-check-suppression.xml ]] && echo '--suppression dependency-check-suppression.xml' || echo '' ) | |
[WARN] dbPassword used on the command line, consider moving the password to a properties file using the key `data.password` and using the --propertyfile argument instead | |
[INFO] Checking for updates | |
[INFO] Skipping the NVD API Update as it was completed within the last 240 minutes | |
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. | |
[INFO] Check for updates complete (454 ms) | |
[INFO] | |
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. | |
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html | |
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html | |
💖 Sponsor: https://github.com/sponsors/jeremylong | |
[INFO] Analysis Started | |
[INFO] Finished File Name Analyzer (0 seconds) | |
[INFO] Finished Python Package Analyzer (0 seconds) | |
[INFO] Finished pip Analyzer (0 seconds) | |
[INFO] Finished Poetry Analyzer (0 seconds) | |
[INFO] Finished Dependency Merging Analyzer (0 seconds) | |
[INFO] Finished Hint Analyzer (0 seconds) | |
[INFO] Finished Version Filter Analyzer (0 seconds) | |
[INFO] Created CPE Index (1 seconds) | |
[INFO] Finished NPM CPE Analyzer (1 seconds) | |
[INFO] Created CPE Index (3 seconds) | |
[INFO] Finished CPE Analyzer (3 seconds) | |
[INFO] Finished False Positive Analyzer (0 seconds) | |
[INFO] Finished NVD CVE Analyzer (0 seconds) | |
[WARN] An error occurred while analyzing '/builds/lambda/MobileRemoteServices/src/mobilepairing/__init__.py' (Sonatype OSS Index Analyzer). | |
[WARN] An error occurred while analyzing '/builds/lambda/MobileRemoteServices/requirements.txt' (Sonatype OSS Index Analyzer). | |
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds) | |
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds) | |
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) | |
[INFO] Finished Dependency Bundling Analyzer (0 seconds) | |
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds) | |
[INFO] Analysis Complete (6 seconds) | |
[INFO] Writing JUNIT report to: /builds/lambda/MobileRemoteServices/./dependency-check-junit.xml | |
[INFO] Writing HTML report to: /builds/lambda/MobileRemoteServices/./dependency-check-report.html | |
[ERROR] Failed to request component-reports | |
[ERROR] Failed to request component-reports | |
Uploading artifacts for failed job | |
00:01 | |
Uploading artifacts... | |
dependency-check-report.html: found 1 matching artifact files and directories | |
Uploading artifacts as "archive" to coordinator... 201 Created id=921114 responseStatus=201 Created token=glcbt-64 | |
Uploading artifacts... | |
dependency-check-junit.xml: found 1 matching artifact files and directories | |
Uploading artifacts as "junit" to coordinator... 201 Created id=921114 responseStatus=201 Created token=glcbt-64 | |
Cleaning up project directory and file based variables | |
00:00 | |
ERROR: Job failed: exit code 14 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment