Dependencycheck: Go Analyzer stucks since v6.0.2
Describe the bug
The scanner gets stuck when analyzing Go modules with large number of indirect dependencies.
Version of dependency-check used
The problem occurs using version 6.0.2 of the cli, either on windows and on linux. It does not happen when using 6.0.1.
Log file
https://gist.github.com/qmuntal/3f7ff07957d8b3f020b46d7c0842624f
To Reproduce
// go.mod
module test
go 1.12
require (
github.com/goreleaser/goreleaser v0.146.0
golang.org/x/tools v0.0.0-20200818005847-188abfa75333 // indirect
)
// main.go
package main
import (
"fmt"
_ "github.com/goreleaser/goreleaser"
)
func main() {
fmt.Println("Failed")
}
Running dependency-check.bat" --scan . --enableExperimental on the previous program makes dependency-check to stuck for 30min, and then it just fails.
Expected behavior
The Scan finishes in a reasonable amount of time (10sec)
qmuntal
All 7 comments
It can also be reproduced with v6.0.3
qmuntal
on 3 Nov 2020
Be reproduced with v6.0.3 too.
[INFO] Launching: [/path/xxx/path/bin/go, list, -json, -m, all] from /path/xxx/path
[ERROR] Analysis task was cancelled.
[WARN] An error occurred while analyzing '/path/xxx/path/go.mod' (Golang Mod Analyzer).
[ERROR] One or more fatal errors occurred
[ERROR] go process interrupted
layneYoo
on 5 Nov 2020
Same issue reported under #2894.
jeremylong
on 12 Nov 2020
I believe this is fixed in the latest. Can anyone confirm?
jeremylong
on 17 Apr 2021
sure going to check this now
relyt0925
on 22 Apr 2021
I cannot longer reproduce this issue using v6.1.5. Thanks for fixing it!
qmuntal
on 23 Apr 2021
I also checked and it works thank you!!!
relyt0925
on 26 Apr 2021
Related issues
javixeneize
路
14Comments
albuch
路
16Comments
gregory-lyons
路
21Comments
Vampire
路
15Comments
alexanderkjall
路
21Comments
Most helpful comment
It can also be reproduced with v6.0.3