[midPoint-ci] Build failed in Jenkins: midPoint - support-4.8 - security checks #117

Jenkins noreply at evolveum.com
Wed Jun 12 05:52:19 CEST 2024


See <https://jenkins.evolveum.com/job/midpoint-support-4-8-security/117/display/redirect>

Changes:


------------------------------------------
[...truncated 111600 lines...]
[INFO] Download Complete for NVD CVE - 2018  (2221 ms)
[INFO] Processing Started for NVD CVE - 2018
[INFO] Processing Complete for NVD CVE - 2017  (7450 ms)
[INFO] Download Started for NVD CVE - 2019
[INFO] Download Complete for NVD CVE - 2019  (2423 ms)
[INFO] Processing Started for NVD CVE - 2019
[INFO] Processing Complete for NVD CVE - 2018  (7153 ms)
[INFO] Download Started for NVD CVE - 2020
[INFO] Download Complete for NVD CVE - 2020  (2698 ms)
[INFO] Processing Started for NVD CVE - 2020
[INFO] Processing Complete for NVD CVE - 2019  (6931 ms)
[INFO] Download Started for NVD CVE - 2021
[INFO] Download Complete for NVD CVE - 2021  (2956 ms)
[INFO] Processing Started for NVD CVE - 2021
[INFO] Processing Complete for NVD CVE - 2020  (8782 ms)
[INFO] Download Started for NVD CVE - 2022
[INFO] Download Complete for NVD CVE - 2022  (2851 ms)
[INFO] Processing Started for NVD CVE - 2022
[INFO] Processing Complete for NVD CVE - 2021  (9666 ms)
[INFO] Download Started for NVD CVE - 2023
[INFO] Download Complete for NVD CVE - 2023  (2946 ms)
[INFO] Processing Started for NVD CVE - 2023
[INFO] Processing Complete for NVD CVE - 2022  (10405 ms)
[INFO] Download Started for NVD CVE - 2024
[INFO] Download Complete for NVD CVE - 2024  (1880 ms)
[INFO] Processing Started for NVD CVE - 2024
[INFO] Processing Complete for NVD CVE - 2024  (1314 ms)
[INFO] Processing Complete for NVD CVE - 2023  (10796 ms)
[INFO] Download Started for NVD CVE - Modified
[INFO] Download Complete for NVD CVE - Modified  (988 ms)
[INFO] Processing Started for NVD CVE - Modified
[INFO] Processing Complete for NVD CVE - Modified  (604 ms)
[INFO] Begin database maintenance
[INFO] Updated the CPE ecosystem on 139338 NVD records
[INFO] Removed the CPE ecosystem on 4059 NVD records
[INFO] End database maintenance (14944 ms)
[WARNING] A new version of dependency-check is available. Consider updating to version 9.2.0.
[INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (3780 ms)
[INFO] Check for updates complete (165697 ms)
[INFO] 

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.


   About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
   False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html

💖 Sponsor: https://github.com/sponsors/jeremylong


[INFO] Analysis Started
[INFO] Finished Archive Analyzer (1 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (1 seconds)
[WARNING] Analyzing `/home/jenkins/agent/workspace/midpoint-support-4-8-security/gui/admin-gui/package-lock.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctempf8a1eaaf-1d65-4084-9c74-fa2f71cd2f2b/check16996074919215857533tmp/276/META-INF/resources/webjars/chartjs/4.1.2/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctempf8a1eaaf-1d65-4084-9c74-fa2f71cd2f2b/check16996074919215857533tmp/276/META-INF/resources/webjars/chartjs/4.1.2/auto/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] Analyzing `/tmp/dctempf8a1eaaf-1d65-4084-9c74-fa2f71cd2f2b/check16996074919215857533tmp/276/META-INF/resources/webjars/chartjs/4.1.2/helpers/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[INFO] Finished Node.js Package Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (6 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[WARNING] Unsupported CVSS vector format in NPM Audit results, please file a feature request at https://github.com/jeremylong/DependencyCheck/issues/new/choose to support vector format 'null' 
[INFO] Finished Node Audit Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (2 seconds)
[WARNING] An error occurred while analyzing '/root/.m2/repository/com/evolveum/prism/prism-api/4.8.4-SNAPSHOT/prism-api-4.8.4-SNAPSHOT.jar' (Sonatype OSS Index Analyzer).
[WARNING] An error occurred while analyzing '/root/.m2/repository/xerces/xercesImpl/2.12.2/xercesImpl-2.12.2.jar' (Sonatype OSS Index Analyzer).
[WARNING] An error occurred while analyzing '/root/.m2/repository/com/evolveum/commons/util/4.8.4-SNAPSHOT/util-4.8.4-SNAPSHOT.jar' (Sonatype OSS Index Analyzer).
[WARNING] An error occurred while analyzing '/root/.m2/repository/org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar' (Sonatype OSS Index Analyzer).
[INFO] Finished Sonatype OSS Index Analyzer (3 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2021-23334,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-46161,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-34034,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-31692,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-23913,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0217,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0401,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0464,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0216,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-3996,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-4450,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0286,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-24729,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-42004,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-42003,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-31129,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-24785,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-41881,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-3171,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-3509,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-3510,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-26520,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-20860,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2017-15719,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2018-1325,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2021-23937,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-28391,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-30065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2016-10735,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2018-20676,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2019-8331,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2018-20677,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2020-11023,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (17 seconds)
[INFO] Writing report to: /home/jenkins/agent/workspace/midpoint-support-4-8-security/target/dependency-check-report.xml
[INFO] Writing report to: /home/jenkins/agent/workspace/midpoint-support-4-8-security/target/dependency-check-report.html
[INFO] Writing report to: /home/jenkins/agent/workspace/midpoint-support-4-8-security/target/dependency-check-report.json
[INFO] Writing report to: /home/jenkins/agent/workspace/midpoint-support-4-8-security/target/dependency-check-jenkins.html
[WARNING] 

One or more dependencies were identified with known vulnerabilities in midPoint Project:

amqp-client-5.16.1.jar (pkg:maven/com.rabbitmq/amqp-client at 5.16.1, cpe:2.3:a:vmware:rabbitmq:5.16.1:*:*:*:*:*:*:*, cpe:2.3:a:vmware:rabbitmq_java_client:5.16.1:*:*:*:*:*:*:*) : CVE-2023-46120
bcpkix-jdk15on-1.70.jar (pkg:maven/org.bouncycastle/bcpkix-jdk15on at 1.70, cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*) : CVE-2023-33202
bcprov-jdk15on-1.70.jar (pkg:maven/org.bouncycastle/bcprov-jdk15on at 1.70, cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.70:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.70:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.70:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.70:*:*:*:*:*:*:*) : CVE-2023-33202
bcutil-jdk15on-1.70.jar (pkg:maven/org.bouncycastle/bcutil-jdk15on at 1.70, cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.70:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.70:*:*:*:*:*:*:*) : CVE-2023-33202
package-lock.json?braces (pkg:npm/braces at 3.0.2) : GHSA-grv7-fg5c-xmjg
commons-compress-1.21.jar (pkg:maven/org.apache.commons/commons-compress at 1.21, cpe:2.3:a:apache:commons_compress:1.21:*:*:*:*:*:*:*) : CVE-2024-25710, CVE-2024-26308
derby-10.16.1.1.jar (pkg:maven/org.apache.derby/derby at 10.16.1.1, cpe:2.3:a:apache:derby:10.16.1.1:*:*:*:*:*:*:*) : CVE-2022-46337
derbyclient-10.16.1.1.jar (pkg:maven/org.apache.derby/derbyclient at 10.16.1.1, cpe:2.3:a:apache:derby:10.16.1.1:*:*:*:*:*:*:*) : CVE-2022-46337
derbynet-10.16.1.1.jar (pkg:maven/org.apache.derby/derbynet at 10.16.1.1, cpe:2.3:a:apache:derby:10.16.1.1:*:*:*:*:*:*:*) : CVE-2022-46337
derbyshared-10.16.1.1.jar (pkg:maven/org.apache.derby/derbyshared at 10.16.1.1, cpe:2.3:a:apache:derby:10.16.1.1:*:*:*:*:*:*:*) : CVE-2022-46337
derbytools-10.16.1.1.jar (pkg:maven/org.apache.derby/derbytools at 10.16.1.1, cpe:2.3:a:apache:derby:10.16.1.1:*:*:*:*:*:*:*) : CVE-2022-46337
ivy-2.5.1.jar (pkg:maven/org.apache.ivy/ivy at 2.5.1, cpe:2.3:a:apache:ivy:2.5.1:*:*:*:*:*:*:*) : CVE-2022-46751
jackson-databind-2.14.3.jar (pkg:maven/com.fasterxml.jackson.core/jackson-databind at 2.14.3, cpe:2.3:a:fasterxml:jackson-databind:2.14.3:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.14.3:*:*:*:*:*:*:*) : CVE-2023-35116
janino-3.1.4.jar (pkg:maven/org.codehaus.janino/janino at 3.1.4, cpe:2.3:a:janino_project:janino:3.1.4:*:*:*:*:*:*:*) : CVE-2023-33546
logback-core-1.4.11.jar (pkg:maven/ch.qos.logback/logback-core at 1.4.11, cpe:2.3:a:qos:logback:1.4.11:*:*:*:*:*:*:*) : CVE-2023-6378
nimbus-jose-jwt-9.15.2.jar/META-INF/maven/net.minidev/json-smart/pom.xml (pkg:maven/net.minidev/json-smart at 2.4.7, cpe:2.3:a:json-smart_project:json-smart:2.4.7:*:*:*:*:*:*:*, cpe:2.3:a:json-smart_project:json-smart-v2:2.4.7:*:*:*:*:*:*:*) : CVE-2023-1370
okio-jvm-3.0.0.jar (pkg:maven/com.squareup.okio/okio-jvm at 3.0.0, cpe:2.3:a:squareup:okio:3.0.0:*:*:*:*:*:*:*) : CVE-2023-3635
postgresql-42.5.4.jar (pkg:maven/org.postgresql/postgresql at 42.5.4, cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.5.4:*:*:*:*:*:*:*) : CVE-2024-1597
package-lock.json?sweetalert2 (pkg:npm/sweetalert2 at 11.10.7) : GHSA-mrr8-v49w-3333
xmlsec-2.2.4.jar (pkg:maven/org.apache.santuario/xmlsec at 2.2.4, cpe:2.3:a:apache:santuario_xml_security_for_java:2.2.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:xml_security_for_java:2.2.4:*:*:*:*:*:*:*) : CVE-2023-44483


See the dependency-check report for more details.


[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for midPoint Project 4.8.4-SNAPSHOT:
[INFO] 
[INFO] midPoint Project ................................... FAILURE [04:36 min]
[INFO] midPoint Infrastructure ............................ SKIPPED
[INFO] midPoint Infrastructure - schema ................... SKIPPED
[INFO] midPoint Repository ................................ SKIPPED
[INFO] midPoint Repository - api .......................... SKIPPED
[INFO] midPoint Task Manager - api ........................ SKIPPED
[INFO] midPoint Infrastructure - testing utils (lvl 2) .... SKIPPED
[INFO] midPoint Infrastructure - common ................... SKIPPED
[INFO] midPoint Audit - api ............................... SKIPPED
[INFO] midPoint Security - api ............................ SKIPPED
[INFO] midPoint Repository - SQL common support ........... SKIPPED
[INFO] midPoint Repository - sql repository ............... SKIPPED
[INFO] midPoint System Initialization ..................... SKIPPED
[INFO] midPoint Repository - new SQL repository ........... SKIPPED
[INFO] midPoint Repository - sql repository test .......... SKIPPED
[INFO] midPoint Repository Cache .......................... SKIPPED
[INFO] midPoint Audit - logging impl ...................... SKIPPED
[INFO] midPoint Icf Connectors ............................ SKIPPED
[INFO] Dummy Resource ..................................... SKIPPED
[INFO] midPoint Repository - test utils ................... SKIPPED
[INFO] midPoint Security - impl ........................... SKIPPED
[INFO] midPoint Task Manager - Quartz impl ................ SKIPPED
[INFO] midPoint Tools ..................................... SKIPPED
[INFO] midPoint Tools - Ninja ............................. SKIPPED
[INFO] midPoint Tools - custom Spring Boot JAR layout ..... SKIPPED
[INFO] midPoint Infrastructure - pure JAXB schema ......... SKIPPED
[INFO] midPoint Repo Commons .............................. SKIPPED
[INFO] midPoint Security Enforcer - api ................... SKIPPED
[INFO] midPoint Security Enforcer - impl .................. SKIPPED
[INFO] midPoint Provisioning .............................. SKIPPED
[INFO] midPoint Provisioning - api ........................ SKIPPED
[INFO] Unified Connector Framework - api .................. SKIPPED
[INFO] Dummy Connector .................................... SKIPPED
[INFO] Unified Connector Framework - ConnId impl .......... SKIPPED
[INFO] Unified Connector Framework - Built-in impl ........ SKIPPED
[INFO] midPoint Provisioning - impl ....................... SKIPPED
[INFO] midPoint Model ..................................... SKIPPED
[INFO] midPoint Model - api ............................... SKIPPED
[INFO] midPoint Model - common ............................ SKIPPED
[INFO] midPoint Notifications - api ....................... SKIPPED
[INFO] Dummy Connector Fake ............................... SKIPPED
[INFO] midPoint Authentication - api ...................... SKIPPED
[INFO] midPoint Model - test .............................. SKIPPED
[INFO] midPoint Report - api .............................. SKIPPED
[INFO] midPoint Cases - api ............................... SKIPPED
[INFO] midPoint Access Certification - api ................ SKIPPED
[INFO] midPoint Model - impl .............................. SKIPPED
[INFO] midPoint Notifications - impl ...................... SKIPPED
[INFO] midPoint Report - impl ............................. SKIPPED
[INFO] midPoint Model - integration tests ................. SKIPPED
[INFO] midPoint Workflow - api ............................ SKIPPED
[INFO] midPoint Cases - impl .............................. SKIPPED
[INFO] midPoint Workflow - impl ........................... SKIPPED
[INFO] midPoint Access Certification - impl ............... SKIPPED
[INFO] midPoint Authentication - impl ..................... SKIPPED
[INFO] midPoint REST-ish service implementation ........... SKIPPED
[INFO] midPoint Customizations ............................ SKIPPED
[INFO] midPoint User Interface ............................ SKIPPED
[INFO] midPoint User Interface - admin web gui ............ SKIPPED
[INFO] midPoint Spring Boot JAR ........................... SKIPPED
[INFO] midPoint Testing Infrastructure .................... SKIPPED
[INFO] midPoint Testing - Resource Connection Tests ....... SKIPPED
[INFO] midPoint Testing - Long Tests ...................... SKIPPED
[INFO] midPoint Testing - Story Tests ..................... SKIPPED
[INFO] midPoint Testing - REST API ........................ SKIPPED
[INFO] midPoint Distribution .............................. SKIPPED
[INFO] midPoint API Distribution .......................... SKIPPED
[INFO] midPoint JavaDoc ................................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  04:39 min
[INFO] Finished at: 2024-06-12T03:52:18Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.2.1:aggregate (default-cli) on project midpoint: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
[ERROR] 	AnalysisException: Failed to request component-reports
[ERROR] 		caused by TransportException: Unexpected response; status: 500
[ERROR] 	AnalysisException: Failed to request component-reports
[ERROR] 		caused by TransportException: Unexpected response; status: 500
[ERROR] 	AnalysisException: Failed to request component-reports
[ERROR] 		caused by TransportException: Unexpected response; status: 500
[ERROR] 	AnalysisException: Failed to request component-reports
[ERROR] 		caused by TransportException: Unexpected response; status: 500
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // stage
[Pipeline] error
[Pipeline] step


More information about the midPoint-ci mailing list