search

dependency-check / dependency-check-gradle

The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.
http://jeremylong.github.io/DependencyCheck/
Apache License 2.0
361 stars 93 forks source link

Plugin make project build fail #391

Closed ShadowNinjaHunter closed 4 months ago

ShadowNinjaHunter commented 5 months ago

I have a multi module build and I have added the owasp plgin to my root gradle build file.

When I run build I get this error. Removing the owasp plugin and the error goes away.

The module that fails has this compile config: compileJava { dependsOn('openApiGenerate') options.compilerArgs += '-Amapstruct.defaultComponentModel=spring' options.compilerArgs += '-Amapstruct.unmappedTargetPolicy=ERROR' }

Gradle 8.5 owasp plugin 9.1.0 java 8

10:00:45 > Task :api-v7:openApiGenerate 10:00:45 Error snake-parsing yaml content 10:00:45 java.lang.NoSuchMethodError: org.yaml.snakeyaml.constructor.SafeConstructor: method <init>()V not found 10:00:45 at io.swagger.v3.parser.util.DeserializationUtils$CustomSnakeYamlConstructor.<init>(DeserializationUtils.java:393) 10:00:45 at io.swagger.v3.parser.util.DeserializationUtils.readYamlTree(DeserializationUtils.java:207) 10:00:45 at io.swagger.v3.parser.util.DeserializationUtils.deserializeIntoTree(DeserializationUtils.java:143) 10:00:45 at io.swagger.v3.parser.OpenAPIV3Parser.readContents(OpenAPIV3Parser.java:165) 10:00:45 at io.swagger.v3.parser.OpenAPIV3Parser.readLocation(OpenAPIV3Parser.java:94) 10:00:45 at io.swagger.parser.OpenAPIParser.readLocation(OpenAPIParser.java:16) 10:00:45 at org.openapitools.codegen.config.CodegenConfigurator.toContext(CodegenConfigurator.java:589) 10:00:45 at org.openapitools.codegen.config.CodegenConfigurator.toClientOptInput(CodegenConfigurator.java:647) 10:00:45 at org.openapitools.generator.gradle.plugin.tasks.GenerateTask.doWork(GenerateTask.kt:825) 10:00:45 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 10:00:45 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 10:00:45 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 10:00:45 at java.lang.reflect.Method.invoke(Method.java:498) 10:00:45 at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:125) 10:00:45 at org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58) 10:00:45 at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:51) 10:00:45 at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:29) 10:00:45 at org.gradle.api.internal.tasks.execution.TaskExecution$3.run(TaskExecution.java:248) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:47) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:68) 10:00:45 at org.gradle.api.internal.tasks.execution.TaskExecution.executeAction(TaskExecution.java:233) 10:00:45 at org.gradle.api.internal.tasks.execution.TaskExecution.executeActions(TaskExecution.java:216) 10:00:45 at org.gradle.api.internal.tasks.execution.TaskExecution.executeWithPreviousOutputFiles(TaskExecution.java:199) 10:00:45 at org.gradle.api.internal.tasks.execution.TaskExecution.execute(TaskExecution.java:166) 10:00:45 at org.gradle.internal.execution.steps.ExecuteStep.executeInternal(ExecuteStep.java:105) 10:00:45 at org.gradle.internal.execution.steps.ExecuteStep.access$000(ExecuteStep.java:44) 10:00:45 at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:59) 10:00:45 at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:56) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) 10:00:45 at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:56) 10:00:45 at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:44) 10:00:45 at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:67) 10:00:45 at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:37) 10:00:45 at org.gradle.internal.execution.steps.CancelExecutionStep.execute(CancelExecutionStep.java:41) 10:00:45 at org.gradle.internal.execution.steps.TimeoutStep.executeWithoutTimeout(TimeoutStep.java:74) 10:00:45 at org.gradle.internal.execution.steps.TimeoutStep.execute(TimeoutStep.java:55) 10:00:45 at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:50) 10:00:45 at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:28) 10:00:45 at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.executeDelegateBroadcastingChanges(CaptureStateAfterExecutionStep.java:100) 10:00:45 at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:72) 10:00:45 at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:50) 10:00:45 at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:40) 10:00:45 at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:29) 10:00:45 at org.gradle.internal.execution.steps.BuildCacheStep.executeWithoutCache(BuildCacheStep.java:179) 10:00:45 at org.gradle.internal.execution.steps.BuildCacheStep.executeAndStoreInCache(BuildCacheStep.java:139) 10:00:45 at org.gradle.internal.execution.steps.BuildCacheStep.lambda$executeWithCache$4(BuildCacheStep.java:106) 10:00:45 at java.util.Optional.orElseGet(Optional.java:267) 10:00:45 at org.gradle.internal.execution.steps.BuildCacheStep.lambda$executeWithCache$5(BuildCacheStep.java:106) 10:00:45 at org.gradle.internal.Try$Success.map(Try.java:164) 10:00:45 at org.gradle.internal.execution.steps.BuildCacheStep.executeWithCache(BuildCacheStep.java:80) 10:00:45 at org.gradle.internal.execution.steps.BuildCacheStep.lambda$execute$0(BuildCacheStep.java:69) 10:00:45 at org.gradle.internal.Either$Left.fold(Either.java:115) 10:00:45 at org.gradle.internal.execution.caching.CachingState.fold(CachingState.java:59) 10:00:45 at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:68) 10:00:45 at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:46) 10:00:45 at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:36) 10:00:45 at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:25) 10:00:45 at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:36) 10:00:45 at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:22) 10:00:45 at org.gradle.internal.execution.steps.SkipUpToDateStep.executeBecause(SkipUpToDateStep.java:91) 10:00:45 at org.gradle.internal.execution.steps.SkipUpToDateStep.lambda$execute$2(SkipUpToDateStep.java:55) 10:00:45 at java.util.Optional.orElseGet(Optional.java:267) 10:00:45 at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:55) 10:00:45 at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:37) 10:00:45 at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:65) 10:00:45 at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:36) 10:00:45 at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:37) 10:00:45 at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:27) 10:00:45 at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:76) 10:00:45 at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:37) 10:00:45 at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:108) 10:00:45 at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:55) 10:00:45 at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:71) 10:00:45 at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:45) 10:00:45 at org.gradle.internal.execution.steps.SkipEmptyWorkStep.executeWithNonEmptySources(SkipEmptyWorkStep.java:177) 10:00:45 at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:81) 10:00:45 at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:53) 10:00:45 at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:32) 10:00:45 at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:21) 10:00:45 at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsStartedStep.execute(MarkSnapshottingInputsStartedStep.java:38) 10:00:45 at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:36) 10:00:45 at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:23) 10:00:45 at org.gradle.internal.execution.steps.CleanupStaleOutputsStep.execute(CleanupStaleOutputsStep.java:75) 10:00:45 at org.gradle.internal.execution.steps.CleanupStaleOutputsStep.execute(CleanupStaleOutputsStep.java:41) 10:00:45 at org.gradle.internal.execution.steps.ExecuteWorkBuildOperationFiringStep.lambda$execute$2(ExecuteWorkBuildOperationFiringStep.java:66) 10:00:45 at java.util.Optional.orElseGet(Optional.java:267) 10:00:45 at org.gradle.internal.execution.steps.ExecuteWorkBuildOperationFiringStep.execute(ExecuteWorkBuildOperationFiringStep.java:66) 10:00:45 at org.gradle.internal.execution.steps.ExecuteWorkBuildOperationFiringStep.execute(ExecuteWorkBuildOperationFiringStep.java:38) 10:00:45 at org.gradle.internal.execution.steps.AssignWorkspaceStep.lambda$execute$0(AssignWorkspaceStep.java:32) 10:00:45 at org.gradle.api.internal.tasks.execution.TaskExecution$4.withWorkspace(TaskExecution.java:293) 10:00:45 at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:30) 10:00:45 at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:21) 10:00:45 at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:37) 10:00:45 at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:27) 10:00:45 at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:47) 10:00:45 at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:34) 10:00:45 at org.gradle.internal.execution.impl.DefaultExecutionEngine$1.execute(DefaultExecutionEngine.java:64) 10:00:45 at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:145) 10:00:45 at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:134) 10:00:45 at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46) 10:00:45 at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:51) 10:00:45 at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57) 10:00:45 at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:74) 10:00:45 at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36) 10:00:45 at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77) 10:00:45 at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55) 10:00:45 at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) 10:00:45 at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) 10:00:45 at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52) 10:00:45 at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:42) 10:00:45 at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:331) 10:00:45 at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:318) 10:00:45 at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.lambda$execute$0(DefaultTaskExecutionGraph.java:314) 10:00:45 at org.gradle.internal.operations.CurrentBuildOperationRef.with(CurrentBuildOperationRef.java:80) 10:00:45 at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:314) 10:00:45 at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:303) 10:00:45 at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:463) 10:00:45 at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:380) 10:00:45 at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64) 10:00:45 at org.gradle.internal.concurrent.AbstractManagedExecutor$1.run(AbstractManagedExecutor.java:47) 10:00:45 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) 10:00:45 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) 10:00:45 at java.lang.Thread.run(Thread.java:750)

jeremylong commented 5 months ago

looks like a dependency version conflict. You'll need to figure out which version you need to add the constraint for. As an example see https://github.com/dependency-check/dependency-check-gradle?tab=readme-ov-file#gradle-build-environment

ShadowNinjaHunter commented 5 months ago

This might be a stupid question, but why does the dependencies of the plugin affect the compile classpath?

jeremylong commented 5 months ago

There is a difference between the build env and the compile time dependencies. Plugins and tasks can have dependencies that do not affect the dependencies of the build itself - but they can interfere with other plugin dependencies.

ShadowNinjaHunter commented 4 months ago

I just tried with version id("org.owasp.dependencycheck") version "8.4.3" and I get the same error. So it is not new to version 9.0

jeremylong commented 4 months ago

you can find the conflict by running ./gradlew buildEnv