Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Failed to initialize the RetireJS repo

See original GitHub issue

We have a scheduler job setup which will run the dependency-check scan on a set of projects. Recently we have come across a new issue where it fails to initialize RetireJS repo. DependencyCheck only fails for the first project when the scheduler starts, the scan runs successfully for the remaining projects in a batch.

failed with error [INFO] Checking for updates
[INFO] NVD CVE requires several updates; this could take a couple of minutes.
[INFO] Download Started for NVD CVE - 2002
[INFO] Download Started for NVD CVE - 2003
[INFO] Download Complete for NVD CVE - 2003  (361 ms)
[INFO] Download Started for NVD CVE - 2004
[INFO] Processing Started for NVD CVE - 2003
[INFO] Download Complete for NVD CVE - 2002  (420 ms)
[INFO] Download Started for NVD CVE - 2005
[INFO] Download Complete for NVD CVE - 2004  (405 ms)
[INFO] Download Started for NVD CVE - 2006
[INFO] Download Complete for NVD CVE - 2005  (417 ms)
[INFO] Download Started for NVD CVE - 2007
[INFO] Download Complete for NVD CVE - 2006  (510 ms)
[INFO] Download Started for NVD CVE - 2008
[INFO] Download Complete for NVD CVE - 2007  (521 ms)
[INFO] Download Started for NVD CVE - 2009
[INFO] Download Complete for NVD CVE - 2008  (446 ms)
[INFO] Download Started for NVD CVE - 2010
[INFO] Download Complete for NVD CVE - 2009  (486 ms)
[INFO] Download Started for NVD CVE - 2011
[INFO] Download Complete for NVD CVE - 2010  (466 ms)
[INFO] Download Started for NVD CVE - 2012
[INFO] Download Complete for NVD CVE - 2011  (526 ms)
[INFO] Download Started for NVD CVE - 2013
[INFO] Download Complete for NVD CVE - 2012  (474 ms)
[INFO] Download Started for NVD CVE - 2014
[INFO] Download Complete for NVD CVE - 2013  (518 ms)
[INFO] Download Started for NVD CVE - 2015
[INFO] Download Complete for NVD CVE - 2014  (576 ms)
[INFO] Download Started for NVD CVE - 2016
[INFO] Download Complete for NVD CVE - 2015  (516 ms)
[INFO] Download Started for NVD CVE - 2017
[INFO] Download Complete for NVD CVE - 2016  (490 ms)
[INFO] Download Started for NVD CVE - 2018
[INFO] Processing Complete for NVD CVE - 2003  (3402 ms)
[INFO] Processing Started for NVD CVE - 2002
[INFO] Download Complete for NVD CVE - 2017  (547 ms)
[INFO] Download Started for NVD CVE - 2019
[INFO] Download Complete for NVD CVE - 2018  (564 ms)
[INFO] Download Started for NVD CVE - 2020
[INFO] Download Complete for NVD CVE - 2019  (540 ms)
[INFO] Download Complete for NVD CVE - 2020  (398 ms)
[INFO] Processing Complete for NVD CVE - 2002  (6403 ms)
[INFO] Processing Started for NVD CVE - 2004
[INFO] Processing Complete for NVD CVE - 2004  (3325 ms)
[INFO] Processing Started for NVD CVE - 2005
[INFO] Processing Complete for NVD CVE - 2005  (4782 ms)
[INFO] Processing Started for NVD CVE - 2006
[INFO] Processing Complete for NVD CVE - 2006  (6925 ms)
[INFO] Processing Started for NVD CVE - 2007
[INFO] Processing Complete for NVD CVE - 2007  (6365 ms)
[INFO] Processing Started for NVD CVE - 2008
[INFO] Processing Complete for NVD CVE - 2008  (7978 ms)
[INFO] Processing Started for NVD CVE - 2009
[INFO] Processing Complete for NVD CVE - 2009  (7971 ms)
[INFO] Processing Started for NVD CVE - 2010
[INFO] Processing Complete for NVD CVE - 2010  (12939 ms)
[INFO] Processing Started for NVD CVE - 2011
[INFO] Processing Complete for NVD CVE - 2011  (53170 ms)
[INFO] Processing Started for NVD CVE - 2012
[INFO] Processing Complete for NVD CVE - 2012  (13753 ms)
[INFO] Processing Started for NVD CVE - 2013
[INFO] Processing Complete for NVD CVE - 2013  (12758 ms)
[INFO] Processing Started for NVD CVE - 2014
[INFO] Processing Complete for NVD CVE - 2014  (11918 ms)
[INFO] Processing Started for NVD CVE - 2015
[INFO] Processing Complete for NVD CVE - 2015  (8532 ms)
[INFO] Processing Started for NVD CVE - 2016
[INFO] Processing Complete for NVD CVE - 2016  (9072 ms)
[INFO] Processing Started for NVD CVE - 2017
[INFO] Processing Complete for NVD CVE - 2017  (10691 ms)
[INFO] Processing Started for NVD CVE - 2018
[INFO] Processing Complete for NVD CVE - 2018  (10594 ms)
[INFO] Processing Started for NVD CVE - 2019
[INFO] Processing Complete for NVD CVE - 2019  (8534 ms)
[INFO] Processing Started for NVD CVE - 2020
[INFO] Processing Complete for NVD CVE - 2020  (1967 ms)
[INFO] Download Started for NVD CVE - Modified
[INFO] Download Complete for NVD CVE - Modified  (331 ms)
[INFO] Processing Started for NVD CVE - Modified
[INFO] Processing Complete for NVD CVE - Modified  (1029 ms)
[INFO] Begin database maintenance
[INFO] Updated the CPE ecosystem on 51517 NVD records
[INFO] Removed the CPE ecosystem on 5580 NVD records
[INFO] End database maintenance (81766 ms)
[ERROR] Failed to initialize the RetireJS repo
org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo
	at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:139)
	at org.owasp.dependencycheck.data.update.RetireJSDataSource.update(RetireJSDataSource.java:88)
	at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:936)
	at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:737)
	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:667)
	at org.owasp.dependencycheck.App.runScan(App.java:254)
	at org.owasp.dependencycheck.App.run(App.java:186)
	at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json' to '/opt/app/dependency-check/data/jsrepository.json'
	at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:98)
	at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:74)
	at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:137)
	... 7 common frames omitted
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json; unable to connect.
	at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:238)
	at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:138)
	at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:94)
	... 9 common frames omitted
Caused by: java.net.SocketTimeoutException: connect timed out
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:607)
	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
	at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
	at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1162)
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167)
	at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:178)
	... 11 common frames omitted
[INFO] Begin database defrag
[INFO] End database defrag (19382 ms)
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Failed to initialize the RetireJS repo
[ERROR] No documents exist

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:6 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
tedinGHcommented, Apr 20, 2020

/opt/app/dependency-check/data/jsrepository.json In my case, the file jsrepository.json in my maven local repository is empty. I added an empty json body {} into it, that solved my problem.

0reactions
ghostcommented, Apr 22, 2020

Not entirely sure what is going on - especially if it is just one region. This doesn’t sound liker a dependency-check issue, rather a networking/connectivity issue. Can you simply add a step to transfer the https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json locally and then use the --retireJsUrl argument to reference the locally hosted JS file? You can use file:///path/to/rsrepository.json.

This resolved the issue. Thank you

Read more comments on GitHub >

github_iconTop Results From Across the Web

Jenkinsfile pipeline with DependenceCheck fail with RetireJS ...
... Unable to initialize the Retire JS respository [ERROR] caused by UpdateException: Failed to initialize the RetireJS repo [ERROR] caused ...
Read more >
Check fails if job directory not on the same partition as the tmp ...
Message: Failed to initialize the RetireJS repo org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo
Read more >
Failed to initialize the RetireJS repo - Bountysource
When the data directory is in a different path than the temporary directory, the retirejs analyzer fails with "Failed to initialize the ......
Read more >
RetireJsAnalyzer xref
setEnabled(false); 238 throw new InitializationException("Failed to initialize the RetireJS repo: `" + repoFile 239 + "` appears to be malformed.
Read more >
org.owasp.dependencycheck.data.update ... - Java2s.com
@param repo the retire JS repository. ... catch (IOException e) { throw new UpdateException("Failed to initialize the RetireJS repo", e); } } } ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

RetireJS checks frequently fail due to corrupt jsrepository.json file

Next page

False Positive on activemq-all-5.15.11.jar