Dependencycheck: OWASP dependency check failing due to v6.1.2 not existing on bintray

Created on 8 Mar 2021 · 3Comments · Source: jeremylong/DependencyCheck

Describe the bug
The output from current.txt lists 6.1.2, whilst there is no downloadable zip for 6.1.2: https://dl.bintray.com/jeremy-long/owasp/

Version of dependency-check used
Latest

Expected behavior
The version listed in current.txt is available at https://dl.bintray.com/jeremy-long/owasp/.

question

Source

Mvbraathen

Most helpful comment

Due to the fact that bintray is going away we documented in the 6.0.2 release notes that we migrated to releasing to the github releases instead of bintray. With the 6.1.2 release we have completely stopped publishing to bintray.

jeremylong on 9 Mar 2021

👍2

All 3 comments

jeremylong on 9 Mar 2021

👍2

Ah, that explains it.. thanks!

Mvbraathen on 9 Mar 2021

How to resolve this issue?
mvn dependency-check:aggregate
gives

ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.1.2:aggregate (default-cli) on project d11-jenkins-lib: Execution default-cli of goal org.owasp:dependency-check-maven:6.1.2:aggregate failed: Plugin org.owasp:dependency-check-maven:6.1.2 or one of its dependencies could not be resolved: Failed to collect dependencies at org.owasp:dependency-check-maven:jar:6.1.2 -> org.owasp:dependency-check-core:jar:6.1.2 -> org.sonatype.ossindex:ossindex-service-client:jar:1.7.0 -> org.sonatype.ossindex:ossindex-service-api:jar:1.7.0 -> com.google.guava:guava:jar:24.1.1.jre-redhat-00001 -> com.google.code.findbugs:jsr305:jar:1.3.9-redhat-2: Failed to read artifact descriptor for com.google.code.findbugs:jsr305:jar:1.3.9-redhat-2: Failure to find org.jboss.component.management:jboss-component-version-master:pom:6.0.1-redhat-1 in https://repo.jenkins-ci.org/public/ was cached in the local repository, resolution will not be reattempted until the update interval of repo.jenkins-ci.org has elapsed or updates are forced -> [Help 1]