Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot invoke "org.eclipse.aether.artifact.Artifact.getClassifier()" because the return value of "org.eclipse.aether.graph.DependencyNode.getArtifact()" is null

See original GitHub issue

Hi,

I just bumped dependency-check-maven from 6.3.1 to 6.3.2 but I am getting the following error when executing:

mvn dependency-check:check

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.3.2:check (default-cli) on project mn-aut: Execution default-cli of goal org.owasp:dependency-check-maven:6.3.2:check failed: Cannot invoke “org.eclipse.aether.artifact.Artifact.getClassifier()” because the return value of “org.eclipse.aether.graph.DependencyNode.getArtifact()” is null -> [Help 1]

My config looks like this:

<plugin>
    <groupId>org.owasp</groupId>
    <artifactId>dependency-check-maven</artifactId>
    <version>${owasp-check-plugin.version}</version>
    <configuration>
    <formats>XML,HTML</formats>
    <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
    <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
    <suppressionFiles>
        <suppressionFile>${owasp.suppression.file}</suppressionFile>
    </suppressionFiles>
    </configuration>
    <executions>
    <execution>
        <goals>
        <goal>check</goal>
        </goals>
    </execution>
    </executions>
</plugin>

Am I missing some configuration here?

Running on OpenJDK 17 with target and source 14.

Issue Analytics

State:
Created 2 years ago
Comments:7 (1 by maintainers)

Top GitHub Comments

1reaction

aikebahcommented, Oct 7, 2021

@sanderino666 Must be your nick… when I now retrieve the component report for xstream 1.4.17 all the listed vulnerabilities contain an externalReference, nevertheless we’re better of by ensuring that even on the absence of external references we can still successfully parse the report.

1reaction

aikebahcommented, Oct 7, 2021

On second thought… I think @mprins is correct and your message is just the new improved NullPointerException feature that I’m not yet used to as I still have to code in Java 8 during my day-job.

Top Results From Across the Web

org.eclipse.aether.artifact.Artifact Java Examples

This page shows Java code examples of org.eclipse.aether.artifact. ... Set<String> existingGavs = dependencies.stream() .map(Dependency::getArtifact) ...

Java Examples for org.eclipse.aether.artifact.DefaultArtifact

getClassifier() == null) { artifact = new DefaultArtifact(GROUP_ID, ... to the rootArtifact it will return a {@value org.eclipse.aether.util.artifact.

org.eclipse.aether.artifact.Artifact.getClassifier java code ...

Sets the file of the artifact. getBaseVersion. Gets the base version of this artifact, for example "1.0-SNAPSHOT". In contrast to the #getVersion(). getProperty....

BaseDependencyCheckMojo.java

DependencyNode ;; import org.apache.maven.shared.dependency.graph.filter. ... artifacts (handles both Maven 3.0 Sonatype and Maven 3.1+ eclipse Aether

Example usage for org.apache.maven RepositoryUtils toArtifact

public static Artifact toArtifact(org.apache.maven.artifact. ... getRemotePluginRepositories(), repositorySystemSession); org.eclipse.aether.graph.