Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Oodles of "[WARNING] No analyzer could be found for..."

See original GitHub issue

Describe the bug

I get oodles of warnings like this

[WARNING] No analyzer could be found for 'org.apache.servicemix.bundles:org.apache.servicemix.bundles.spring-beans:jar:4.3.30.RELEASE_1:compile' in project com.XYZ

But the report seems normal.

Version of dependency-check used

The problem occurs using version 6.2.0 of the depdendency-check-maven plugin.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
jeremylongcommented, Jun 5, 2021

I’ve figured out what is causing the warnings. They can be safely ignored and a patch will be included in the next release.

0reactions
wilxcommented, Jun 4, 2021

There is a component of the product which uses osgilibs:org.springframework.core dependency (our nearly empty artifact which contains Require-Bundle: org.apache.servicemix.bundles.spring-core;bundle-version="${version.servicemix}";visibility:=reexport). The osgilibs:org.springframework.core POM has the ServiceMix dependency as provided:

	<dependencies>
		<dependency>
			<groupId>org.apache.servicemix.bundles</groupId>
			<artifactId>org.apache.servicemix.bundles.spring-core</artifactId>
			<version>${version.servicemix}</version>
			<scope>provided</scope>
		</dependency>
	</dependencies>
Read more comments on GitHub >

github_iconTop Results From Across the Web

DependencyCheck/BaseDependencyCheckMojo.java at main
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Read more >
Suppress Maven Dependency Plugin's "Unused declared ...
Any dependency on this list will be excluded from the "declared but ... by the official Exclude dependencies from dependency analysis.
Read more >
A Guide to Using VBScript in SecureCRT - VanDyke Software
A few options are available for generating a script that may save you oodles of time in the long run: • Starting from...
Read more >
Failing the build on dependency analysis warnings
A project's dependencies can be analyzed as part of the build process by binding the dependency:analyze-only goal to the lifecycle. By default, the...
Read more >
State v. Lanier :: 1990 :: South Dakota Supreme Court Decisions ...
No. 16592. Supreme Court of South Dakota. Considered on Briefs October 16, ... Valid previous convictions should/would be determined in a court of...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Error accessing NVD meta data

Next page

Exception is displayed when checking MySQL connector