Cause: java.util.concurrent.ExecutionException: org.owasp.dependencycheck.utils.DownloadFailedException: Error making HTTP GET request.

[Kish-Jadhav]

Hi,

When I run Jenkins job on Linux machine to run dependency checker I am getting following error.

This behavior is limited to Linux flavored machines only (meaning - When I configure a slave which is Windows OS then it works fine).

Note:

• Both Linux and Windows have Internet access.
• Though, Jenkins job automatically changes the request method from HTTP HEAD to HTTP GET, I am getting same error.

Configuration: Jenkins version: LTS Jenkins ver. 2.89.2 OWASP Dependency-Check Plugin ver. 3.0.2 Linux flavor: Distributor ID: CentOS Description: CentOS Linux release 7.2.1511 (Core) Release: 7.2.1511 Codename: Core

Stacktrace: [DependencyCheck] Scanning: /home/builder/test/Dependency-Checker/TestYourJars [DependencyCheck] Analyzing Dependencies [DependencyCheck] One or more exceptions were thrown while executing Dependency-Check [DependencyCheck] Exception Caught: org.owasp.dependencycheck.data.update.exception.UpdateException [DependencyCheck] Cause: java.util.concurrent.ExecutionException: org.owasp.dependencycheck.utils.DownloadFailedException: Error making HTTP GET request. [DependencyCheck] Message: Unable to download the NVD CVE data. [DependencyCheck] org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download the NVD CVE data. [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:130) [DependencyCheck] at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:889) [DependencyCheck] at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:716) [DependencyCheck] at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:642) [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:172) [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:103) [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:46) [DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:207) [DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:53) [DependencyCheck] at hudson.remoting.Request$2.run(Request.java:358) [DependencyCheck] at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) [DependencyCheck] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [DependencyCheck] at java.lang.Thread.run(Thread.java:748) [DependencyCheck] Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: java.util.concurrent.ExecutionException: org.owasp.dependencycheck.utils.DownloadFailedException: Error making HTTP GET request. [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater.retrieveLastModifiedDates(NvdCveUpdater.java:460) [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater.retrieveCurrentTimestampsFromWeb(NvdCveUpdater.java:402) [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded(NvdCveUpdater.java:319) [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:117) [DependencyCheck] ... 14 more [DependencyCheck] Caused by: java.util.concurrent.ExecutionException: org.owasp.dependencycheck.utils.DownloadFailedException: Error making HTTP GET request. [DependencyCheck] at java.util.concurrent.FutureTask.report(FutureTask.java:122) [DependencyCheck] at java.util.concurrent.FutureTask.get(FutureTask.java:206) [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater.retrieveLastModifiedDates(NvdCveUpdater.java:455) [DependencyCheck] ... 17 more [DependencyCheck] Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error making HTTP GET request. [DependencyCheck] at org.owasp.dependencycheck.utils.Downloader.getLastModified(Downloader.java:293) [DependencyCheck] at org.owasp.dependencycheck.utils.Downloader.getLastModified(Downloader.java:288) [DependencyCheck] at org.owasp.dependencycheck.utils.Downloader.getLastModified(Downloader.java:235) [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater$TimestampRetriever.call(NvdCveUpdater.java:507) [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater$TimestampRetriever.call(NvdCveUpdater.java:480) [DependencyCheck] ... 4 more [DependencyCheck] Caused by: java.net.SocketTimeoutException: connect timed out [DependencyCheck] at java.net.PlainSocketImpl.socketConnect(Native Method) [DependencyCheck] at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) [DependencyCheck] at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) [DependencyCheck] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) [DependencyCheck] at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) [DependencyCheck] at java.net.Socket.connect(Socket.java:589) [DependencyCheck] at sun.net.NetworkClient.doConnect(NetworkClient.java:175) [DependencyCheck] at sun.net.www.http.HttpClient.openServer(HttpClient.java:463) [DependencyCheck] at sun.net.www.http.HttpClient.openServer(HttpClient.java:558) [DependencyCheck] at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:264) [DependencyCheck] at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367) [DependencyCheck] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) [DependencyCheck] at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138) [DependencyCheck] at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032) [DependencyCheck] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) [DependencyCheck] at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) [DependencyCheck] at org.owasp.dependencycheck.utils.Downloader.getLastModified(Downloader.java:268) [DependencyCheck] ... 8 more [DependencyCheck] [DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.NoDataException [DependencyCheck] Message: No documents exist [DependencyCheck] org.owasp.dependencycheck.exception.NoDataException: No documents exist [DependencyCheck] at org.owasp.dependencycheck.Engine.ensureDataExists(Engine.java:1059) [DependencyCheck] at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:646) [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:172) [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:103) [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:46) [DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:207) [DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:53) [DependencyCheck] at hudson.remoting.Request$2.run(Request.java:358) [DependencyCheck] at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) [DependencyCheck] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [DependencyCheck] at java.lang.Thread.run(Thread.java:748) [DependencyCheck] Build step 'Invoke OWASP Dependency-Check analysis' changed build result to FAILURE [DependencyCheck] Skipping publisher since build result is FAILURE

[stevespringett]

Does your org have firewall/proxy authentication? Does it use NTLM?

[Kish-Jadhav]

No, we do not have any proxy authentication to access any internet resources. And firewall is already configured to allow internet resources(specifically, https://nvd.nist.gov).

FYI. To run Jenkins we have configured a Linux user(ex. builder) who schedules and triggers job..I don't think this would be the problem

[jeremylong]

I'm unsure what is going on in your environment. Would you have another way to test if a GET request can be successfully made from the Jenkins server to retrieve:

https://nvd.nist.gov/download/nvdcve-Modified.xml.gz

[stephanerenou]

I recall some time ago seeing some issue related to certificates. The final reason was that I was using a JDK that was too old to accept the certificates and upgrading my JDK fixed the issue. This may explain as well the difference between windows and linux?

[jeremylong]

Glad you were able to resolve this. Can this issue be closed?

[Kish-Jadhav]

Hi Jeremylong,

As of now, I couldn't resolve this issue. I am not able to reach to the root cause of the issue. I can make GET requests to other URLs(used in the orgration) from Jenkins.

Beside this, I am trying to setup Master-Slave architecture where, salve will trigger this particular job. In this case, my Master is in the US and the slave is in India. But, my bad luck, here I am receiving different error:[though, this should be different issue posted, I want to mention it here] 00:48:38 [DependencyCheck] Analyzing Dependencies 01:05:38 [DependencyCheck] One or more exceptions were thrown while executing Dependency-Check 01:05:38 [DependencyCheck] Exception Caught: java.util.concurrent.CancellationException 01:05:38 [DependencyCheck] Message: null 01:05:38 [DependencyCheck] java.util.concurrent.CancellationException 01:05:38 [DependencyCheck] at java.util.concurrent.FutureTask.report(FutureTask.java:121) 01:05:38 [DependencyCheck] at java.util.concurrent.FutureTask.get(FutureTask.java:192) 01:05:38 [DependencyCheck] at org.owasp.dependencycheck.Engine.executeAnalysisTasks(Engine.java:759) 01:05:38 [DependencyCheck] at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:671) 01:05:38 [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:172) 01:05:38 [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:103) 01:05:38 [DependencyCheck] at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:46) 01:05:38 [DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:207) 01:05:38 [DependencyCheck] at hudson.remoting.UserRequest.perform(UserRequest.java:53) 01:05:38 [DependencyCheck] at hudson.remoting.Request$2.run(Request.java:358) 01:05:38 [DependencyCheck] at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) 01:05:38 [DependencyCheck] at java.util.concurrent.FutureTask.run(FutureTask.java:266) 01:05:38 [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 01:05:38 [DependencyCheck] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 01:05:38 [DependencyCheck] at java.lang.Thread.run(Thread.java:745) 01:05:38 [DependencyCheck] 01:05:45 Build step 'Invoke OWASP Dependency-Check analysis' changed build result to FAILURE

[Kish-Jadhav]

Hi Jere,

As I mentioned in my previous reply, i could make http request for other URLs using scripts. But when i used "HTTP Request Plugin" and made HTTP GET/HEAD request to https://nvd.nist.gov/download/nvdcve-Modified.xml.gz then I am getting following SSL error:

Building on master in workspace /var/lib/jenkins/jobs/[view-name]/jobs/test-HTTP-Request/workspace HttpMethod: HEAD URL: https://nvd.nist.gov/download/nvdcve-Modified.xml.gz Sending request to url: https://nvd.nist.gov/download/nvdcve-Modified.xml.gz ERROR: Build step failed with exception java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:209) at java.net.SocketInputStream.read(SocketInputStream.java:141) at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) at sun.security.ssl.InputRecord.read(InputRecord.java:503) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at jenkins.plugins.http_request.util.HttpClientUtil.execute(HttpClientUtil.java:132) at jenkins.plugins.http_request.HttpRequestExecution.executeRequest(HttpRequestExecution.java:284) at jenkins.plugins.http_request.HttpRequestExecution.authAndRequest(HttpRequestExecution.java:231) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:195) Caused: java.lang.IllegalStateException at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:198) at jenkins.plugins.http_request.HttpRequestExecution.call(HttpRequestExecution.java:67) at hudson.remoting.LocalChannel.call(LocalChannel.java:45) at jenkins.plugins.http_request.HttpRequest.perform(HttpRequest.java:328) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744) at hudson.model.Build$BuildExecution.build(Build.java:206) at hudson.model.Build$BuildExecution.doRun(Build.java:163) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504) at hudson.model.Run.execute(Run.java:1724) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:421) Build step 'HTTP Request' marked build as failure Finished: FAILURE

[Kish-Jadhav]

Hi, The issue to make HTTP GET/HEAD requests from that machine has been resolved with the guidlines:https://jeremylong.github.io/DependencyCheck/data/tlsfailure.html

Now, I could run Dependency check utility using Jenkins plugin. Thank you for your attention and the replies.

[jeremylong]

Glad you got this working - can this issue be closed?

[moop-moop]

I am now seeing the same symptoms without any recognizable TLS errors. Environment: Jenkins on windows using Oracle Java 1.8.0_161-b12 The project build is using Zulu OpenJDK 1.8 151

The project previously built fine, and this plugin has not changed recently. Using the HTTP Request Plugin on https://nvd.nist.gov/download/nvdcve-Modified.xml.gz is a success. No Connection or TLS errors.

The server has been under a proxy the whole time (even when everything worked previously).

Any other ideas?

[moop-moop]

Hmmm, seems to be a change in the https://nvd.nist.gov site's certificate or possible HTTPS settings. They installed a new certificate on March 6, 2018. Using WGET on windows: >wget https://nvd.nist.gov/ --2018-04-02 10:56:49-- https://nvd.nist.gov/ Resolving nvd.nist.gov (nvd.nist.gov)... 129.6.13.177 Connecting to nvd.nist.gov (nvd.nist.gov)|129.6.13.177|:443... connected. ERROR: cannot verify nvd.nist.gov's certificate, issued by 'CN=DigiCert SHA2 Sec ure Server CA,O=DigiCert Inc,C=US': Unable to locally verify the issuer's authority. To connect to nvd.nist.gov insecurely, use `--no-check-certificate'.

Odd that the DigiCert chain not trusted.

[moop-moop]

We disabled the proxy and rebooted the server. The plugin still fails, put all other connections succeed.

[julian-berks]

Getting the same issue with Jenkins/Maven. Was fine until 30-Mar 00:00 - now fails. Presumably they've changed something? The cert looks ok to me and is accepted by my JDK - just getting [DependencyCheck] One or more exceptions were thrown while executing Dependency-Check [DependencyCheck] Exception Caught: org.owasp.dependencycheck.data.update.exception.UpdateException [DependencyCheck] Cause: java.util.concurrent.ExecutionException: org.owasp.dependencycheck.utils.DownloadFailedException: Error making HTTP HEAD request. [DependencyCheck] Message: Unable to download the NVD CVE data. [DependencyCheck] org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download the NVD CVE data. [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:130) [DependencyCheck] at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:889) [DependencyCheck] at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:716) ...

[Kish-Jadhav]

Yes Moop-Moop and Julian-berks,

Me too is facing same issue again! One or more exceptions were thrown while executing Dependency-Check 20:16:33 [DependencyCheck] Exception Caught: org.owasp.dependencycheck.data.update.exception.UpdateException 20:16:33 [DependencyCheck] Cause: java.util.concurrent.ExecutionException: org.owasp.dependencycheck.utils.DownloadFailedException: Error making HTTP HEAD request. 20:16:33 [DependencyCheck] Message: Unable to download the NVD CVE data. 20:16:33 [DependencyCheck] org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download the NVD CVE data. 20:16:33 [DependencyCheck] at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:130) 20:16:33 [DependencyCheck] at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:889)

Can anyone help us to know the cause? has anyone changed anything either with NVD DB or Plugin itself?

[Antarion]

Same error here worked until 27/03 then started to fail. I updated our jdk and added BouncyCastle in the security provider.

[julian-berks]

I tried BouncyCastle too - had no effect, then discussed with the developer and on looking at the code, found we were running an old version of the module. The developer updated the module and it's now working. Haven't checked yet whether BouncyCastle (enabling EC) is also a factor but certainly the update was critical.

[Kish-Jadhav]

Hi Julian-berks, do you mean that you have upgraded the version of plugin and it started working? if yes, from which version to which version you have upgraded it?

[julian-berks]

We went from 1.4 something I believe (just glanced at it on the way out last night) to 3.1.2 which seems to have resolved it for us. I have yet to try removing BouncyCastle so whether it also need to use EC style encryption as well I am unsure but we're up and running with the 2 changes.

[Antarion]

Yeah i did update the plugin to 3.1.2 but it didn't fix the problem. bummer :(

edit : our nightlies finally worked. I guess the new urls weren't accessible yet and now they are ?

[emartinez-usgs]

I first experienced this problem last week and the error referenced a failed HEAD request. I updated my Jenkins plugin to 3.1.2 and the problems initially went away. This week our builds started failing again, seems related, but here is the output:

[Scan Dependencies] [DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[Scan Dependencies] [DependencyCheck] Exception Caught: org.owasp.dependencycheck.data.update.exception.UpdateException
[Scan Dependencies] [DependencyCheck] Message: The download was interrupted; unable to complete the update
[Scan Dependencies] [DependencyCheck] org.owasp.dependencycheck.data.update.exception.UpdateException: The download was interrupted; unable to complete the update

I have not found a resolution to this yet.

[jeremylong]

@emartinez-usgs are you still experiencing the problem?

[emartinez-usgs]

Yes, this plugin is still failing my Jenkins builds. This morning the error is slightly different but the result is the same. Here is the latest stack trace:

[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: org.owasp.dependencycheck.exception.NoDataException
[DependencyCheck] Message: No documents exist
[DependencyCheck] org.owasp.dependencycheck.exception.NoDataException: No documents exist
[DependencyCheck]   at org.owasp.dependencycheck.Engine.ensureDataExists(Engine.java:1070)
[DependencyCheck]   at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:646)
[DependencyCheck]   at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.executeDependencyCheck(DependencyCheckExecutor.java:172)
[DependencyCheck]   at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:103)
[DependencyCheck]   at org.jenkinsci.plugins.DependencyCheck.DependencyCheckExecutor.call(DependencyCheckExecutor.java:46)
[DependencyCheck]   at hudson.remoting.LocalChannel.call(LocalChannel.java:45)
[DependencyCheck]   at org.jenkinsci.plugins.DependencyCheck.AbstractDependencyCheckBuilder.perform(AbstractDependencyCheckBuilder.java:85)
[DependencyCheck]   at org.jenkinsci.plugins.DependencyCheck.DependencyCheckBuilder.perform(DependencyCheckBuilder.java:206)
[DependencyCheck]   at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:80)
[DependencyCheck]   at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:67)
[DependencyCheck]   at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution$1$1.call(SynchronousNonBlockingStepExecution.java:49)
[DependencyCheck]   at hudson.security.ACL.impersonate(ACL.java:260)
[DependencyCheck]   at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution$1.run(SynchronousNonBlockingStepExecution.java:46)
[DependencyCheck]   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[DependencyCheck]   at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[DependencyCheck]   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[DependencyCheck]   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[DependencyCheck]   at java.lang.Thread.run(Thread.java:748)

I'm also wondering if there is a way to have exceptions like these halt the build? Currently this quietly sets the build status to failed but the remainder of my steps complete and (potentially vulnerable) images get published.

[stevespringett]

Jenkins/Hudson defines 5 states a build can be placed in:

• Aborted
• Failure
• Not Built
• Success
• Unstable

http://javadoc.jenkins-ci.org/hudson/model/Result.html

The Jenkins plugin uses only Success and Failure, and if the publisher step is used, Unstable is supported as well.

I'd recommend taking a look at a few of the conditional plugins that exist as well as looking into pipeline syntax. What you're looking for is very much achievable through the use of additional plugins or some conditional pipeline code.

[emartinez-usgs]

@stevespringett Thanks, that's helpful.

On another note, my builds have started working again this afternoon. I didn't do anything specific so I'm cautiously optimistic the problem has resolved itself.

[atbtm]

The problem fixed itself for me also. We are on version 3.1.1

[lock[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.