Dependencycheck: NPE when running dependency check analysis
OWASP Dependency Check Jenkins Plugin version: 3.1.0
Jenkins version: 2.102
Plugin options:
Not sure when it started to fail but probably it was after upgrading Jenkins to the latest version.
Building remotely on dev_slave in workspace /var/lib/jenkins/workspace/DEV-develop-OWASP-Dependency-Check
[DependencyCheck] OWASP Dependency-Check Plugin v3.1.0
[DependencyCheck] Executing Dependency-Check with the following options:
[DependencyCheck] -name = DEV-develop-OWASP-Dependency-Check
[DependencyCheck] -scanPath = /var/lib/jenkins/workspace/DEV-develop-Build-Lyncs
[DependencyCheck] -outputDirectory = /var/lib/jenkins/workspace/DEV-develop-OWASP-Dependency-Check
[DependencyCheck] -dataDirectory = /var/lib/jenkins/workspace/DEV-develop-OWASP-Dependency-Check/dependency-check-data
[DependencyCheck] -dataMirroringType = none
[DependencyCheck] -isQuickQueryTimestampEnabled = true
[DependencyCheck] -jarAnalyzerEnabled = true
[DependencyCheck] -nspAnalyzerEnabled = true
[DependencyCheck] -composerLockAnalyzerEnabled = true
[DependencyCheck] -pythonDistributionAnalyzerEnabled = true
[DependencyCheck] -pythonPackageAnalyzerEnabled = true
[DependencyCheck] -rubyBundlerAuditAnalyzerEnabled = true
[DependencyCheck] -rubyGemAnalyzerEnabled = true
[DependencyCheck] -cocoaPodsAnalyzerEnabled = true
[DependencyCheck] -swiftPackageManagerAnalyzerEnabled = true
[DependencyCheck] -archiveAnalyzerEnabled = true
[DependencyCheck] -assemblyAnalyzerEnabled = true
[DependencyCheck] -centralAnalyzerEnabled = true
[DependencyCheck] -nuspecAnalyzerEnabled = true
[DependencyCheck] -nexusAnalyzerEnabled = false
[DependencyCheck] -autoconfAnalyzerEnabled = true
[DependencyCheck] -cmakeAnalyzerEnabled = true
[DependencyCheck] -opensslAnalyzerEnabled = true
[DependencyCheck] -showEvidence = true
[DependencyCheck] -formats = XML HTML
[DependencyCheck] -autoUpdate = true
[DependencyCheck] -updateOnly = false
[DependencyCheck] Scanning: /var/lib/jenkins/workspace/DEV-develop-Build-Lyncs
[DependencyCheck] Analyzing Dependencies
[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: java.lang.NullPointerException
[DependencyCheck] Message: null
[DependencyCheck] java.lang.NullPointerException
[DependencyCheck] at com.vdurmont.semver4j.Semver.<init>(Semver.java:26)
[DependencyCheck] at com.vdurmont.semver4j.Requirement.hyphenRequirement(Requirement.java:461)
[DependencyCheck] at com.vdurmont.semver4j.Requirement.evaluateReversePolishNotation(Requirement.java:328)
[DependencyCheck] at com.vdurmont.semver4j.Requirement.buildWithTokenizer(Requirement.java:129)
[DependencyCheck] at com.vdurmont.semver4j.Requirement.buildNPM(Requirement.java:103)
[DependencyCheck] at com.vdurmont.semver4j.Semver.satisfies(Semver.java:167)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer.npmVersionsMatch(DependencyBundlingAnalyzer.java:538)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.AbstractNpmAnalyzer.findDependency(AbstractNpmAnalyzer.java:230)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.NodePackageAnalyzer.processDependencies(NodePackageAnalyzer.java:256)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.NodePackageAnalyzer.processDependencies(NodePackageAnalyzer.java:225)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.NodePackageAnalyzer.analyzeDependency(NodePackageAnalyzer.java:192)
[DependencyCheck] at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:136)
[DependencyCheck] at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
[DependencyCheck] at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
[DependencyCheck] at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[DependencyCheck] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[DependencyCheck] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[DependencyCheck] at java.lang.Thread.run(Thread.java:745)
[DependencyCheck]
Build step 'Invoke Dependency-Check analysis' changed build result to FAILURE
[DependencyCheck] Skipping publisher since build result is FAILURE
Finished: FAILURE
bug
tediroca
All 4 comments
Looking at the code for both dependency-check and SemVer - it looks like you may have a package.json with an invalid NPM version number. I will put in some additional checks and debugging statements to resolve the issue
In the meantime, if you don't actually use Node you could consider turning off the NSP and Node.js analyzers.
jeremylong
on 22 Jan 2018
👍1
I can confirm that the plugin is working again for me after updating to the latest release (3.1.1). Thanks.
tediroca
on 30 Jan 2018
Glad it is working again!
jeremylong
on 30 Jan 2018
👍1
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 27 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
gwsu2008
路
3Comments
rruizt
路
3Comments
amandel
路
3Comments
RaghunathE
路
3Comments
aravindparappil46
路
4Comments