Internet access (Maven central) required since v3
See original GitHub issueSince v3, an internet connection is required to access on Maven central (search.maven.org) This use case is very contraignant when you are behind a corporate proxy. CI platform could have not proxy configuration and using a Maven corporate repository (like Artifactory, Nexus, Archiva, …).
This need can’t be covered by the Maven repository defined in settings.xml ?
Detailed error:
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[ERROR] Could not connect to Central search. Analysis failed.
java.io.IOException: Finally failed connecting to Central search. Giving up after 5 tries.
at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:288)
at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:198)
at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:137)
[...]
Caused by: java.net.UnknownHostException: search.maven.org
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
[...]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.owasp.dependencycheck.data.central.CentralSearch.searchSha1(CentralSearch.java:127)
at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:266)
... 8 more
[WARNING] An error occurred while analyzing '[...]\.m2\repository\commons-collections\commons-collections\3.2\commons-collections-3.2.jar' (Central Analyzer).
[ERROR] Could not connect to Central search. Analysis failed.
Issue Analytics
- State:
- Created 6 years ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
How to configure maven without internet access - Stack Overflow
Maven is a dependency management system which downloads the required dependencies from the internet or a mirror of the central maven repository.
Read more >Introduction to Repositories - Apache Maven
A repository in Maven holds build artifacts and dependencies of varying types. There are exactly two types of repositories: local and remote:.
Read more >Remote repository access through authenticated HTTPS
This document describes how to configure Maven to access a remote repository that sits behind an HTTPS server which requires client authentication with ......
Read more >Settings Reference - Maven
This element is useful for build servers which cannot connect to a remote repository, either because of network setup or security reasons. Plugin...
Read more >Guide to Configuring Maven
Maven configuration occurs at 3 levels: ... Which settings are required will depend on the type of repository you are deploying to. As...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
In reality - ODC has always reached out to Maven Central. In the 3.x version the failure was raised in severity. However, if one is using the Maven plugin you can disable the central analyzer without any adverse affects.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.