Dependencycheck: Unable to connect to the Dependency-Check database

Created on 5 Mar 2019 · 11Comments · Source: jeremylong/DependencyCheck

With a job in Jenkins we're trying to update the Dependencies.
Considering that this update job fail, every deploy on Sonarqube is blocked (before sonar:sonar we made the dependency check).

OWASP Dependency-Check Plugin v4.0.2

I've followed the suggest of Steve in the others issues and I've created the log file.
You can see attached the log file with ALL and ERROR.

This is the job result:
Building in workspace /data/jenkins/workspace/QA-update NVID
[DependencyCheck] OWASP Dependency-Check Plugin v4.0.2
[DependencyCheck] Executing Dependency-Check with the following options:
[DependencyCheck] -name = QA-update NVID
[DependencyCheck] -outputDirectory = /data/jenkins/workspace/QA-update NVID
[DependencyCheck] -dataDirectory = /data/jenkins/nvid
[DependencyCheck] -dataMirroringType = none
[DependencyCheck] -isQuickQueryTimestampEnabled = true
[DependencyCheck] -jarAnalyzerEnabled = false
[DependencyCheck] -nodePackageAnalyzerEnabled = false
[DependencyCheck] -nodeAuditAnalyzerEnabled = false
[DependencyCheck] -retireJsAnalyzerEnabled = true
[DependencyCheck] -composerLockAnalyzerEnabled = false
[DependencyCheck] -pythonDistributionAnalyzerEnabled = false
[DependencyCheck] -pythonPackageAnalyzerEnabled = false
[DependencyCheck] -rubyBundlerAuditAnalyzerEnabled = false
[DependencyCheck] -rubyGemAnalyzerEnabled = false
[DependencyCheck] -cocoaPodsAnalyzerEnabled = false
[DependencyCheck] -swiftPackageManagerAnalyzerEnabled = false
[DependencyCheck] -archiveAnalyzerEnabled = false
[DependencyCheck] -assemblyAnalyzerEnabled = false
[DependencyCheck] -msBuildProjectAnalyzerEnabled = false
[DependencyCheck] -nuGetConfigAnalyzerEnabled = false
[DependencyCheck] -nuspecAnalyzerEnabled = false
[DependencyCheck] -centralAnalyzerEnabled = false
[DependencyCheck] -nexusAnalyzerEnabled = false
[DependencyCheck] -artifactoryAnalyzerEnabled = false
[DependencyCheck] -autoconfAnalyzerEnabled = false
[DependencyCheck] -cmakeAnalyzerEnabled = false
[DependencyCheck] -opensslAnalyzerEnabled = false
[DependencyCheck] -showEvidence = true
[DependencyCheck] -formats = XML
[DependencyCheck] -autoUpdate = true
[DependencyCheck] -updateOnly = true
[DependencyCheck] Performing update only
[DependencyCheck] Unable to connect to the Dependency-Check database
[DependencyCheck] org.h2.jdbc.JdbcSQLException: Column "CPE" not found; SQL statement:
[DependencyCheck] INSERT INTO cpeEntry (cpe, vendor, product) VALUES (?, ?, ?) [42122-196]
Build step 'Invoke Dependency-Check update only' changed build result to FAILURE
[QA-update NVID] $ /bin/sh -xe /data/jenkins/tmp/jenkins8240182815168663722.sh

cd /data/jenkins/nvid/
'[' -e jsrepository.json ']'
rm jsrepository.json
wget https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json
--2019-03-05 12:30:07-- https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.120.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.120.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 49988 (49K) [text/plain]
Saving to: ‘jsrepository.json’

 0K .......... .......... .......... .......... ........  100% 2.43M=0.02s

2019-03-05 12:30:08 (2.43 MB/s) - ‘jsrepository.json’ saved [49988/49988]

wget -U mozilla https://repo1.maven.org/maven2/org/owasp/dependency-check-maven/4.0.2/
--2019-03-05 12:30:08-- https://repo1.maven.org/maven2/org/owasp/dependency-check-maven/4.0.2/
Resolving repo1.maven.org (repo1.maven.org)... 151.101.120.209
Connecting to repo1.maven.org (repo1.maven.org)|151.101.120.209|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4948 (4.8K) [text/html]
Saving to: ‘index.html.13’

0K .... 100% 61.2M=0s

2019-03-05 12:30:12 (61.2 MB/s) - ‘index.html.13’ saved [4948/4948]

ls /data/jenkins/nvid/
dc.h2.db
dc.lock.db
dc.trace.db
index.html
index.html.1
index.html.10
index.html.11
index.html.12
index.html.13
index.html.2
index.html.3
index.html.4
index.html.5
index.html.6
index.html.7
index.html.8
index.html.9
jsrepository.json
Finished: FAILURE

Expected behavior
The Dependencies are updated.
ERROR.txt
ALL.txt

bug

Source

BruGit

Most helpful comment

You get the same error when you point your --data parameter to a readonly folder.

valentijnscholten on 3 Feb 2020

👍3

All 11 comments

Something is happening that caused the lock file to not be removed. Try deleting the files:

dc.h2.db
dc.lock.db
dc.trace.db

from the /data/jenkins/nvid/ directory and then running the update again.

jeremylong on 12 Mar 2019

Hi Jeremy,
seems work, many thanks.
Maybe it was corrupted.

You can close it.

BruGit on 14 Mar 2019

I think this warrants further investigation. We have seen the same issues. Deleted the local cache, and the problem reoccurred within a few hours.

mewalsh on 14 Mar 2019

I think this warrants further investigation. We have seen the same issues. Deleted the local cache, and the problem reoccurred within a few hours.

I agree. Seeing the same problems. Same configuration but when the Jenkins job is rebuilt. Using clean docker containers currently and so there is always a new local database every time.

I've noticed that when I change the temp folder name it works once and then proceeds to fail afterwards

MJoeWatson on 5 Jun 2019

Same issue for us.
Setup is GitLab CI\CD -> TestKitche -> Vagrant -> VirtualBox
VM is recreated for each commit.

bronislavs on 28 Jun 2019

While I agree there is an issue - I almost question if in these cases one should be using a centralized database instead of re-creating the database.

jeremylong on 28 Jun 2019

I have got the same error.
I reproduced almost every time with the following procedure

clean the temporary data directory
then I launch manually the build command

Please find attached the logs:
dependency-check.log

sbahloul on 29 Aug 2019

👍1

In my case, I just figure out that it was the lake of disk space that generates this error. That's maybe something to check because the error printed is not self-explanatory.

sbahloul on 29 Aug 2019

You get the same error when you point your --data parameter to a readonly folder.

valentijnscholten on 3 Feb 2020

👍3

As @valentijnscholten mentioned

For me it was setting the permissions of dependency-check folders to non-root or allowed to the current user.

sudo chown -R youruser:youruser path-to-dependency-check

secf00tprint on 10 Jun 2020

👍1

You get the same error when you point your --data parameter to a readonly folder.

And if you're not using the --data parameter, but you've installed this into a directory that needs Admin permissions, you'll see this failure as well. Once I moved dependency-check this resolved for me. Not likely helpful for this thread, but rather for people searching on this error.