Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Maven31DependencyResolverException for aggregate dependency check
See original GitHub issueDescribe the bug
When running an aggregate check for a project we have we get a Maven31DependencyResolverException. This project has worked fine to check with previous versions of the plugin.
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.4.1:aggregate (default-cli) on project odc-example: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
[ERROR] Maven31DependencyResolverException: org.eclipse.aether.resolution.DependencyResolutionException: Could not find artifact com.example:security:jar:master-SNAPSHOT
[ERROR] caused by DependencyResolutionException: Could not find artifact com.example:security:jar:master-SNAPSHOT
[ERROR] caused by ArtifactResolutionException: Could not find artifact com.example:security:jar:master-SNAPSHOT
[ERROR] caused by ArtifactNotFoundException: Could not find artifact com.example:security:jar:master-SNAPSHOT
[ERROR] Maven31DependencyResolverException: org.eclipse.aether.resolution.DependencyResolutionException: Could not find artifact com.example:security:jar:master-SNAPSHOT
[ERROR] caused by DependencyResolutionException: Could not find artifact com.example:security:jar:master-SNAPSHOT
[ERROR] caused by ArtifactResolutionException: Could not find artifact com.example:security:jar:master-SNAPSHOT
[ERROR] caused by ArtifactNotFoundException: Could not find artifact com.example:security:jar:master-SNAPSHOT
One strange this is that the dependency check actually seems to run correctly as it finds dependency issues, but it is very slow. On one project it now runs for ~4:30 min where it on 6.2.2 only takes ~0:30 min to complete.
Version of dependency-check used The problem occurs using version 6.4.0 and 6.4.1 of the maven plugin.
Log file https://gist.github.com/viktor-thell-seal/c5c91f6b0ab12fb97f074ec442861ed6
To Reproduce I have created a minimal project where this can be seen:https://github.com/viktor-thell-seal/odc-example
Run mvn dependency-check:aggregate on the project to reproduce.
Expected behavior The aggregate dependency check should succeed.
Additional context I have tested this with a couple versions of ODC:
6.2.2 - Works! 6.3.1 - NPE (#3679) 6.4.0 - Maven31DependencyResolverException 6.4.1 - Maven31DependencyResolverException
Issue Analytics
- State:
- Created 2 years ago
- Comments:13 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Yes, likely you have multiple projects with the classifier-artifacts in your analysis tree. Which, for every submodule triggers a full round of ‘all dependencies’ dependency-resolving.
Hope to spend some time in the coming weeks if other activities allow to take a look at the overall logic and see if we can restructure it to do a single resolution round now that I’ve found (in debugging for this issue) that on a resolution exception we have all the successfully resolved artifacts hidden inside the exception.
But such a case would be almost a full rewrite of the class, so for now I focussed on getting it back to working.
@viktor-thell-seal Can you check whether my branch now successfully covers all cases in your project?