Dependencycheck: Failed to initialize the RetireJS repo

Created on 23 Jul 2018  路  10Comments  路  Source: jeremylong/DependencyCheck

When the data directory is in a different path than the temporary directory, the retirejs analyzer fails with "Failed to initialize the RetireJS repo" exception. See https://gist.github.com/bcartolo/d737e07be45a9eb3bfaa4bfcc6cdbdd0

bug
Source
picture ghost
👍4

Most helpful comment

Also been hitting this problem, breaking my builds. I've rolled back to 3.2.1.

EDIT: Clarifying my setup: running Jenkins master in a docker container, on a CentOS7 host. Various build nodes around it, I've seen this problem occur on linux (CentOS7) based builds using the DependencyCheck.

picture jortkoopmans on 26 Jul 2018
👍2

All 10 comments

One possible workaround is to disable the RetireJS analyzer for now, e.g. in the Maven plugin config:

<configuration>
    <retireJsAnalyzerEnabled>false</retireJsAnalyzerEnabled>
</configuration>
waded picture waded on 25 Jul 2018

Another one is to change the location of the data directory to the same drive of the temporary directory (Or the other way around).

ghost picture ghost on 25 Jul 2018

I also believe we need to remove the check to see if the analyzer is enabled or not prior to downloading. This behavior is inconsistent with other analyzers (like the NVD) which doesn't have this check. I had to 'enable' the retireJs analyzer in order to perform an updateOnly. Without the analyzer enabled, I received the same "Failed to initialize the RetireJS repo" exception.

stevespringett picture stevespringett on 25 Jul 2018
👍1

Also been hitting this problem, breaking my builds. I've rolled back to 3.2.1.

EDIT: Clarifying my setup: running Jenkins master in a docker container, on a CentOS7 host. Various build nodes around it, I've seen this problem occur on linux (CentOS7) based builds using the DependencyCheck.

jortkoopmans picture jortkoopmans on 26 Jul 2018
👍2

https://issues.jenkins-ci.org/browse/JENKINS-52792

stevespringett picture stevespringett on 31 Jul 2018

Hi. Is a Jenkins plugin version going to be released for this as well?

Thanks

javixeneize picture javixeneize on 17 Aug 2018

@javixeneize jenkins plugin 3.3.1 is already released and has this functionality.

stevespringett picture stevespringett on 17 Aug 2018

Hi. It is still failing for me on that version

[DependencyCheck] OWASP Dependency-Check Plugin v3.3.1

[DependencyCheck] Analyzing Dependencies
[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.InitializationException
[DependencyCheck] Cause: jsrepository.json (No such file or directory)
[DependencyCheck] Message: Failed to initialize the RetireJS repo
[DependencyCheck] org.owasp.dependencycheck.exception.InitializationException: Failed to initialize the RetireJS repo

javixeneize picture javixeneize on 17 Aug 2018

You would need to provide the debug log - and I might recommend opening a new issue.

jeremylong picture jeremylong on 21 Aug 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 27 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Stephan202 picture Stephan202  路  3Comments
mikehalmamoj picture mikehalmamoj  路  4Comments
aravindparappil46 picture aravindparappil46  路  4Comments
amandel picture amandel  路  3Comments
gwsu2008 picture gwsu2008  路  3Comments