Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[2.1.1/Maven plugin] Build failure due to connection error - Unable to connect to 'https://api.nodesecurity.io/check'

See original GitHub issue

While switching from 1.4.5 to 2.1.1 the analysis fails due a connection error at https://api.nodesecurity.io/check (the page does not seem to exist right now)

Is this value somehow hard-coded or can it be disabled to prevent this error from happening?

The Jenkins log contains

...
16:35:08 [INFO] Skipping NVD check since last check was within 4 hours.
16:35:08 [INFO] Check for updates complete (1 ms)
16:35:08 [INFO] Analysis Started
16:35:09 [INFO] Finished Archive Analyzer (0 seconds)
16:35:09 [INFO] Launching: [bundle-audit, check, --verbose] from /tmp/dctemp70811fe0-91d5-464f-b26d-a6cc9cf61ff6
16:35:09 [ERROR] Exception occurred initializing Ruby Bundle Audit Analyzer.
16:35:09 [INFO] Finished File Name Analyzer (0 seconds)
16:35:11 [INFO] Finished Jar Analyzer (2 seconds)
16:35:22 [INFO] Finished Central Analyzer (11 seconds)

and fails with

16:35:26 [ERROR] Failed to execute goal org.owasp:dependency-check-maven:2.1.1:check (default) on project 365FarmNet: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during dependency-check analysis
16:35:26 [ERROR] Exception from bundle-audit process: java.io.IOException: Cannot run program "bundle-audit" (in directory "/tmp/dctemp70811fe0-91d5-464f-b26d-a6cc9cf61ff6"): error=2, No such file or directory. Disabling Ruby Bundle Audit Analyzer
16:35:26 [ERROR] Unable to connect to 'https://api.nodesecurity.io/check' - the Java trust store does not contain a trusted root for the cert.  Please see https://github.com/jeremylong/InstallCert for one method of updating the trusted certificates.
16:35:26 [ERROR] -> [Help 1]

Since the problem is related to a broken link it has nothing to do with any certs.

Here’s my Maven config:

<profile>
			<id>owasp</id>
			<build>
				<defaultGoal>dependency-check:check</defaultGoal>
				<plugins>
					<plugin>
						<groupId>org.owasp</groupId>
						<artifactId>dependency-check-maven</artifactId>
						<version>2.1.1</version>
						<executions>
							<execution>
								<goals>
									<goal>check</goal>
								</goals>
							</execution>
						</executions>
					</plugin>
					<plugin>
						<groupId>org.apache.maven.plugins</groupId>
						<artifactId>maven-surefire-plugin</artifactId>
						<configuration>
							<skipTests>true</skipTests>
						</configuration>
					</plugin>
				</plugins>
			</build>
		</profile>

Issue Analytics

State:
Created 6 years ago
Comments:12 (11 by maintainers)

Top GitHub Comments

1reaction

ottlingercommented, Sep 17, 2017

Thanks for your hints - it made the builds go green again 😃

Would it make sense to file a PR to print the current configuration concerning the analyzers when the build starts? Without your help I wouldn’t have known which analyzers to disable.

WDYT?

Thanks again for your help.

1reaction

jeremylongcommented, Sep 16, 2017

You likely want to do the following:

<configuration>
    <nspAnalyzerEnabled>false</nspAnalyzerEnabled>
    <nodeAnalyzerEnabled>false</nodeAnalyzerEnabled>
    <rubygemsAnalyzerEnabled>false</rubygemsAnalyzerEnabled>
    <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
    <bundleAuditAnalyzerEnabled>false</bundleAuditAnalyzerEnabled>
</configuration>

Top Results From Across the Web

frontend-maven-plugin failing in npm install with error "npm ...

I am trying to use frontend-maven-plugin to build springboot + react project,I am successfully able to run the build in local machine but ......

Connection failed to node at - how to solve related issues

How to troubleshoot Elasticsearch/OpenSearch log "Connection failed to node at" a detailed guide including background on ES concepts: node and plugin.

Disabling nodeJS check doesn't seem to work - Google Groups

Hi all. I'm having an issue with using version 2.1.0 and was wondering if anyone else is having it. The maven command run...

Nodejs : Security vulnerabilities - CVE Details

# CVE ID CWE ID Vulnerability Type(s) Publish Date Update Date Score Gaine... 1 CVE‑2022‑43548 78 Bypass 2022‑12‑05 2022‑12‑08 0.0 None 2 CVE‑2022‑35949 918 2022‑08‑12...

Top 10 Node.js Security Best Practices - Risks & Prevention

Like any application, those built with Node.js come with security risks. ... Require strong user passwords; Restrict the number of failed login attempts ......