Dependencycheck: Jenkins plugin V3.0.0 connects to mavencentral?

Actually, the connection was always attempted - in previous versions it silently failed (even when no proxy was involved if Central returned a 500). 3.0.0 corrected this behavior - so if you do not wish to include the central analyzer you need to disable it; if you do want to use it (which I would highly recommend as it improves accuracy) you need to configure a proxy - alternatively, if you had Nexus Pro you could use that instead of Central. We are planning on including an Artifactory analyzer in the future as well.

Makes sense... If i am using a local nexus repository, could i reference to it, or it needs to be the official nexus?

Regarding maven central, is it connecting to https://search.maven.org/?

Thanks

@jeremylong Do you have any alternative when running nexus pro v.3.x - the nexus alternative only works for v2.x

@davidkarlsen Unfortunately I don't have a Nexus Pro instance to test against. The Nexus analyzer was contributed. PRs are welcome...

@javixeneize apparently, if you have a local Nexus Pro v2.x you can configure the url and enable the NexusAnalyzer; at the same time you should likely disable the central analyzer.

Hi

Which is the expected url for nexus analyser?

Imagine i have

https://nexus.mylocal.com/repository/maven-releases/com/whatever/project/....

What is the url the analyser expects? Its continuously giving me errors

Thanks

Hi

What is the exact nexus url i should configure in jenkins?

Thanks

Checking the documentation - it looks like you need to configure the url to point to the Nexus Server's REST API Endpoint "http://domain/nexus/service/local".

@jeremylong I am using automated process to create and configure jenkins server. I am installing this plugin using scripts, I am facing same issue, how can i configure or disable maaven central analyzer option to false, I am using groovy.

@ashishnm I am going to push a new release this week (today/tomorrow). Without actually seeing your scripts I wouldn't have a clue how to assist you.

Hi

I think the main problem here is that it needs to pro version of nexus and
it doesnt work with the standard version

Thanks

On Mon, Nov 13, 2017 at 11:50 AM, Jeremy Long notifications@github.com
wrote:

@ashishnm https://github.com/ashishnm I am going to push a new release
this week (today/tomorrow). Without actually seeing your scripts I wouldn't
have a clue how to assist you.

—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
https://github.com/jeremylong/DependencyCheck/issues/932#issuecomment-343896431,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AMK55pcmj_B5RVXlTuR5AJZ6qZvyrN6rks5s2C0GgaJpZM4P74Hu
.

@jeremylong when you are going to publish version 3.0.2 in jenkins repo? I have updated to 3.0.1.
My pipeline code is like
dependencyCheckAnalyzer datadir: '', hintsFile: '', includeCsvReports: false, includeHtmlReports: false, includeJsonReports: false, includeVulnReports: false, isAutoupdateDisabled: false, outdir: '', scanpath: 'facebook-connector/target/facebook-connector-1.0.1.jar', skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: '', zipExtensions: ''

dependencyCheckPublisher canComputeNew: false, canRunOnFailed: true, defaultEncoding: '', healthy: '0', pattern: '', unHealthy: '1000'

also I am trying to scan python files and getting with 0 unique warnings and 0 duplicates. Does this plugin scanning for python working fine. It is also pipeline syntax.

dependencyCheckAnalyzer datadir: '', hintsFile: '', includeCsvReports: false, includeHtmlReports: false, includeJsonReports: false, includeVulnReports: false, isAutoupdateDisabled: false, outdir: '', scanpath: 'bottle/src/bottle/*/.py', skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: '', zipExtensions: ''
dependencyCheckPublisher canComputeNew: false, defaultEncoding: '', healthy: '0', pattern: '', unHealthy: '1000'

3.0.2 should already be released for Jenkins.

Jeremy

On Nov 16, 2017 2:29 PM, "Ashish Mishra" notifications@github.com wrote:

@jeremylong https://github.com/jeremylong when you are going to publish
version 3.0.2 in jenkins repo? I have updated to 3.0.1.
My pipeline code is like
dependencyCheckAnalyzer datadir: '', hintsFile: '', includeCsvReports:
false, includeHtmlReports: false, includeJsonReports: false,
includeVulnReports: false, isAutoupdateDisabled: false, outdir: '',
scanpath: 'facebook-connector/target/facebook-connector-1.0.1.jar',
skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: '',
zipExtensions: ''

dependencyCheckPublisher canComputeNew: false, canRunOnFailed: true,
defaultEncoding: '', healthy: '0', pattern: '', unHealthy: '1000'

also I am trying to scan python files and getting with 0 unique warnings
and 0 duplicates. Does this plugin scanning for python working fine. It is
also pipeline syntax.

dependencyCheckAnalyzer datadir: '', hintsFile: '', includeCsvReports:
false, includeHtmlReports: false, includeJsonReports: false,
includeVulnReports: false, isAutoupdateDisabled: false, outdir: '',
scanpath: 'bottle/src/bottle/*/.py', skipOnScmChange: false,
skipOnUpstreamChange: false, suppressionFile: '', zipExtensions: ''
dependencyCheckPublisher canComputeNew: false, defaultEncoding: '',
healthy: '0', pattern: '', unHealthy: '1000'

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/jeremylong/DependencyCheck/issues/932#issuecomment-345036526,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AA0qwhTEEUeXMAcX9ZN4RHZgSrZzGUPCks5s3I0zgaJpZM4P74Hu
.

Yes, it is released. I’m already using it

There is another bug. When you analyze a models package it gives an error
in the ruby analyser (...?)

Disabling ruby analyser it works fine

El El jue, 16 nov 2017 a las 19:38, Jeremy Long notifications@github.com
escribió:

3.0.2 should already be released for Jenkins.

Jeremy

On Nov 16, 2017 2:29 PM, "Ashish Mishra" notifications@github.com wrote:

@jeremylong https://github.com/jeremylong when you are going to
publish
version 3.0.2 in jenkins repo? I have updated to 3.0.1.
My pipeline code is like
dependencyCheckAnalyzer datadir: '', hintsFile: '', includeCsvReports:
false, includeHtmlReports: false, includeJsonReports: false,
includeVulnReports: false, isAutoupdateDisabled: false, outdir: '',
scanpath: 'facebook-connector/target/facebook-connector-1.0.1.jar',
skipOnScmChange: false, skipOnUpstreamChange: false, suppressionFile: '',
zipExtensions: ''

dependencyCheckPublisher canComputeNew: false, canRunOnFailed: true,
defaultEncoding: '', healthy: '0', pattern: '', unHealthy: '1000'

also I am trying to scan python files and getting with 0 unique warnings
and 0 duplicates. Does this plugin scanning for python working fine. It
is
also pipeline syntax.

dependencyCheckAnalyzer datadir: '', hintsFile: '', includeCsvReports:
false, includeHtmlReports: false, includeJsonReports: false,
includeVulnReports: false, isAutoupdateDisabled: false, outdir: '',
scanpath: 'bottle/src/bottle/*/.py', skipOnScmChange: false,
skipOnUpstreamChange: false, suppressionFile: '', zipExtensions: ''
dependencyCheckPublisher canComputeNew: false, defaultEncoding: '',
healthy: '0', pattern: '', unHealthy: '1000'

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<
https://github.com/jeremylong/DependencyCheck/issues/932#issuecomment-345036526
,
or mute the thread
<
https://github.com/notifications/unsubscribe-auth/AA0qwhTEEUeXMAcX9ZN4RHZgSrZzGUPCks5s3I0zgaJpZM4P74Hu

.

—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
https://github.com/jeremylong/DependencyCheck/issues/932#issuecomment-345038620,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AMK55lpyqTFRoXVEa_JM_iQH2UpLqXwPks5s3I8ogaJpZM4P74Hu
.

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.