[midPoint-ci] Build failed in Jenkins: midPoint - support 4.4 - security checks #412
Jenkins
noreply at evolveum.com
Fri Nov 29 05:37:27 CET 2024
See <https://jenkins.evolveum.com/job/midpoint-support-4.4-security/412/display/redirect>
Changes:
------------------------------------------
[...truncated 43370 lines...]
[INFO] Processing Complete for NVD CVE - 2012 (9515 ms)
[INFO] Download Started for NVD CVE - 2014
[INFO] Download Complete for NVD CVE - 2014 (1609 ms)
[INFO] Processing Started for NVD CVE - 2014
[INFO] Download Started for NVD CVE - 2015
[INFO] Processing Complete for NVD CVE - 2013 (10061 ms)
[INFO] Download Complete for NVD CVE - 2015 (1523 ms)
[INFO] Processing Started for NVD CVE - 2015
[INFO] Processing Complete for NVD CVE - 2014 (8258 ms)
[INFO] Download Started for NVD CVE - 2016
[INFO] Download Complete for NVD CVE - 2016 (1689 ms)
[INFO] Processing Started for NVD CVE - 2016
[INFO] Processing Complete for NVD CVE - 2015 (6375 ms)
[INFO] Download Started for NVD CVE - 2017
[INFO] Processing Complete for NVD CVE - 2016 (6592 ms)
[INFO] Download Complete for NVD CVE - 2017 (5031 ms)
[INFO] Processing Started for NVD CVE - 2017
[INFO] Download Started for NVD CVE - 2018
[INFO] Download Complete for NVD CVE - 2018 (2024 ms)
[INFO] Processing Started for NVD CVE - 2018
[INFO] Processing Complete for NVD CVE - 2017 (8057 ms)
[INFO] Download Started for NVD CVE - 2019
[INFO] Download Complete for NVD CVE - 2019 (2063 ms)
[INFO] Processing Started for NVD CVE - 2019
[INFO] Processing Complete for NVD CVE - 2018 (7847 ms)
[INFO] Download Started for NVD CVE - 2020
[INFO] Download Complete for NVD CVE - 2020 (2339 ms)
[INFO] Processing Started for NVD CVE - 2020
[INFO] Processing Complete for NVD CVE - 2019 (7579 ms)
[INFO] Download Started for NVD CVE - 2021
[INFO] Download Complete for NVD CVE - 2021 (2527 ms)
[INFO] Processing Started for NVD CVE - 2021
[INFO] Processing Complete for NVD CVE - 2020 (9419 ms)
[INFO] Download Started for NVD CVE - 2022
[INFO] Download Complete for NVD CVE - 2022 (4040 ms)
[INFO] Processing Started for NVD CVE - 2022
[INFO] Processing Complete for NVD CVE - 2021 (10411 ms)
[INFO] Download Started for NVD CVE - 2023
[INFO] Download Complete for NVD CVE - 2023 (2789 ms)
[INFO] Processing Started for NVD CVE - 2023
[INFO] Download Started for NVD CVE - 2024
[INFO] Processing Complete for NVD CVE - 2022 (10922 ms)
[INFO] Download Complete for NVD CVE - 2024 (2423 ms)
[INFO] Processing Started for NVD CVE - 2024
[INFO] Processing Complete for NVD CVE - 2023 (11651 ms)
[INFO] Processing Complete for NVD CVE - 2024 (5832 ms)
[INFO] Download Started for NVD CVE - Modified
[INFO] Download Complete for NVD CVE - Modified (9365 ms)
[INFO] Processing Started for NVD CVE - Modified
[INFO] Processing Complete for NVD CVE - Modified (229796 ms)
[INFO] Begin database maintenance
[INFO] Updated the CPE ecosystem on 131907 NVD records
[INFO] Removed the CPE ecosystem on 4163 NVD records
[INFO] End database maintenance (16189 ms)
[WARNING] A new version of dependency-check is available. Consider updating to version 11.1.0.
[INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (5752 ms)
[INFO] Check for updates complete (417861 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (4 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (1 seconds)
[INFO] Finished Nuspec Analyzer (0 seconds)
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/110/META-INF/resources/webjars/ionicons/5.5.1/icons/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/110/META-INF/resources/webjars/ionicons/5.5.1/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/110/META-INF/resources/webjars/ionicons/5.5.1/components/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/78/META-INF/resources/webjars/respond/1.4.2/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/cli/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/sys/node/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/110/META-INF/resources/webjars/ionicons/5.5.1/dist/loader/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/dev-server/client/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/dev-server/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/mock-doc/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/screenshot/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/testing/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/internal/testing/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/compiler/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/internal/hydrate/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/internal/client/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/internal/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/233/META-INF/resources/webjars/entities/2.1.0/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/232/META-INF/resources/webjars/domelementtype/2.0.1/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/113/META-INF/resources/webjars/stencil__core/3.0.0-rc.1/internal/app-data/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/187/META-INF/resources/webjars/AdminLTE/2.4.18/package-lock.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARNING] Analyzing `/tmp/dctemp2a44e3fc-d6f1-4e7f-83c1-9bb62c3c191a/check7755387556477006402tmp/187/META-INF/resources/webjars/AdminLTE/2.4.18/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[INFO] Finished Node.js Package Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (6 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Node Audit Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (30 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (4 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (2 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-31692,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-23913,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0217,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0401,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0464,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0216,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-3996,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-4450,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-0286,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-24729,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-42004,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-42003,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-41881,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-3171,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-3509,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-3510,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-20860,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-40152,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2017-15719,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2018-1325,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-28391,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2022-30065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2016-10735,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2018-20676,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2019-8331,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2018-20677,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{cve={CVE-2023-20873,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (53 seconds)
[INFO] Writing report to: /home/jenkins/agent/workspace/midpoint-support-4.4-security/target/dependency-check-report.xml
[INFO] Writing report to: /home/jenkins/agent/workspace/midpoint-support-4.4-security/target/dependency-check-report.html
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for midPoint Project 4.4.11-SNAPSHOT:
[INFO]
[INFO] midPoint Project ................................... FAILURE [10:15 min]
[INFO] midPoint Infrastructure ............................ SKIPPED
[INFO] midPoint Infrastructure - schema ................... SKIPPED
[INFO] midPoint Repository ................................ SKIPPED
[INFO] midPoint Repository - api .......................... SKIPPED
[INFO] midPoint Task Manager - api ........................ SKIPPED
[INFO] midPoint Infrastructure - testing utils (lvl 2) .... SKIPPED
[INFO] midPoint Infrastructure - common ................... SKIPPED
[INFO] midPoint Audit - api ............................... SKIPPED
[INFO] midPoint Security - api ............................ SKIPPED
[INFO] midPoint Repository - SQL common support ........... SKIPPED
[INFO] midPoint Repository - sql repository ............... SKIPPED
[INFO] midPoint System Initialization ..................... SKIPPED
[INFO] midPoint Repository - new SQL repository ........... SKIPPED
[INFO] midPoint Repository - sql repository test .......... SKIPPED
[INFO] midPoint Repository Cache .......................... SKIPPED
[INFO] midPoint Icf Connectors ............................ SKIPPED
[INFO] Dummy Resource ..................................... SKIPPED
[INFO] midPoint Repository - test utils ................... SKIPPED
[INFO] midPoint Audit - logging impl ...................... SKIPPED
[INFO] midPoint Security Enforcer - api ................... SKIPPED
[INFO] midPoint Model ..................................... SKIPPED
[INFO] midPoint Model - api ............................... SKIPPED
[INFO] midPoint Security - impl ........................... SKIPPED
[INFO] midPoint Task Manager - Quartz impl ................ SKIPPED
[INFO] midPoint Tools ..................................... SKIPPED
[INFO] midPoint Tools - Ninja ............................. SKIPPED
[INFO] midPoint Tools - custom Spring Boot WAR/JAR layout . SKIPPED
[INFO] midPoint Infrastructure - pure JAXB schema ......... SKIPPED
[INFO] midPoint Repo Commons .............................. SKIPPED
[INFO] midPoint Security Enforcer - impl .................. SKIPPED
[INFO] midPoint Provisioning .............................. SKIPPED
[INFO] midPoint Provisioning - api ........................ SKIPPED
[INFO] Unified Connector Framework - api .................. SKIPPED
[INFO] Dummy Connector .................................... SKIPPED
[INFO] Unified Connector Framework - ConnId impl .......... SKIPPED
[INFO] Unified Connector Framework - Built-in impl ........ SKIPPED
[INFO] midPoint Provisioning - impl ....................... SKIPPED
[INFO] midPoint Model - common ............................ SKIPPED
[INFO] midPoint Notifications - api ....................... SKIPPED
[INFO] Dummy Connector Fake ............................... SKIPPED
[INFO] midPoint Model - test .............................. SKIPPED
[INFO] midPoint Report - api .............................. SKIPPED
[INFO] midPoint Workflow - api ............................ SKIPPED
[INFO] midPoint Access Certification - api ................ SKIPPED
[INFO] midPoint Model - impl .............................. SKIPPED
[INFO] midPoint Notifications - impl ...................... SKIPPED
[INFO] midPoint Model - integration tests ................. SKIPPED
[INFO] midPoint Report - impl ............................. SKIPPED
[INFO] midPoint Workflow - impl ........................... SKIPPED
[INFO] midPoint Access Certification - impl ............... SKIPPED
[INFO] midPoint REST-ish service implementation ........... SKIPPED
[INFO] midPoint Customizations ............................ SKIPPED
[INFO] midPoint User Interface ............................ SKIPPED
[INFO] midPoint User Interface - admin web gui ............ SKIPPED
[INFO] midPoint Testing Infrastructure .................... SKIPPED
[INFO] midPoint Testing - Resource Connection Tests ....... SKIPPED
[INFO] midPoint Testing - Long Tests ...................... SKIPPED
[INFO] midPoint Testing - Story Tests ..................... SKIPPED
[INFO] midPoint Testing - REST API ........................ SKIPPED
[INFO] midPoint Distribution .............................. SKIPPED
[INFO] midPoint API Distribution .......................... SKIPPED
[INFO] midPoint JavaDoc ................................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10:18 min
[INFO] Finished at: 2024-11-29T04:37:26Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.2.1:aggregate (default-cli) on project midpoint: Execution default-cli of goal org.owasp:dependency-check-maven:8.2.1:aggregate failed: Invocation of method 'getHighestSeverityText' in class org.owasp.dependencycheck.dependency.Vulnerability threw exception java.lang.NullPointerException: Cannot invoke "String.toUpperCase()" because the return value of "org.owasp.dependencycheck.utils.SeverityUtil.unscoredToSeveritytext(String)" is null at templates/htmlReport.vsl[line 795, column 43] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // stage
[Pipeline] error
[Pipeline] step
More information about the midPoint-ci
mailing list