Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error was: Input length = 1 while publishing bom.xml in Jenkins pipeline for node.js applications

See original GitHub issue

Current Behavior

After an upgrade from 4.5.0 to 4.6.2 all Jenkins nodejs pipelines started to fail with the same error code. Error was: Input length = 1

[Pipeline] sh
+ case $- in
+ return
+ npx @cyclonedx/bom@3.10.6 --include-dev -o bom.xml
npx: installed 76 in 9.844s
[Pipeline] dependencyTrackPublisher
[DependencyTrack] Publishing artifact to Dependency-Track 
[DependencyTrack] An error occurred processing artifact "/home/jenkins/workspace/i-project_minimal-project_master/bom.xml". Error was: Input length = 1
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: Uploading artifact failed
[Bitbucket] Notifying commit build result
[Bitbucket] Build result notified
Finished: FAILURE

So far my troubleshooting included:

  1. Downgrading OWASP Dependency Track Jenkins plugin from 4.2.0 to 4.0.0 since it was upgraded in the same time as pipelines started to fail.
  2. Checked project files for UTF-8 Encoding
  3. Changed npx @cyclonedx/cyclonedx-npm to npx @cyclonedx/bom@3.10.6

Steps to Reproduce

  1. Upgrade Dependency Track from 4.5.0 to 4.6.2
  2. Upgrade OWASP Dependency Track Plugin from 4.0.0 to 4.2.0
  3. Nothing else, nodejs pipelines just breaks on publishing to D-Track from now.

Expected Behavior

Publish bom.xml to Dependency Track

Dependency-Track Version


Dependency-Track Distribution

Container Image

Database Server


Database Server Version

No response


Mozilla Firefox


Issue Analytics

  • State:open
  • Created 10 months ago
  • Comments:11 (6 by maintainers)

github_iconTop GitHub Comments

pattkrajnikcommented, Dec 12, 2022

Here’s bom. bom.xml.gz

pattkrajnikcommented, Dec 5, 2022

OWASP Plugin has been downgraded as well from 4.2.0 to 4.0.0 (It has been updated in the same time as D-Track) I’ll see what I can do about providing SBOM here.

Read more comments on GitHub >

github_iconTop Results From Across the Web

OWASP Dependency Tracker - Jenkins build error
I am Getting 403 Forbidden error while testing OWASP Dependency Tracker integration with Jenkins build. [DependencyTrack] Publishing ...
Read more >
Error while configuring this pligin - Jenkins Jira
I was tried to enter all the details like in authenticaton and session properties and when i click save it throws a error....
Read more >
Pipeline Steps Reference - Jenkins
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software.
Read more >
NullPointerException on parsing Cobertura XML - Jenkins Jira
JENKINS -34160Getting ERROR: Failed to parse POMs while trying to build · Bug. JENKINS-32573Cobertura misconfiguration destroys 'publishers' node.
Read more >
Changelog Archive - Jenkins
Installers, native packages, and jenkins.war were not published. Jenkins 2.352 was not placed in the artifact repository or on the download site. What's...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found