search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.48k stars 1.29k forks source link

unable connect to database and no document exit error #1264

Closed mahzad closed 6 years ago

mahzad commented 6 years ago

I have a test maven project with a dependency (log4j). no document error is shown. How to specify question this dependency?

jeremylong commented 6 years ago

If this is the first time you've run dependency-check you need to allow the update - or run it yourself manually. The easiest way would be to simply set true. Alternatively, run mvn org.owasp:dependency-check-maven:3.1.2:update-only whenever you download the NVD CVE files from NIST.

mahzad commented 6 years ago

I used the Nist-Data-Mirror project for creating local NVD files in another system. If I allow the update, where does new file is stored? Beside that ,Below error message is shown.

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.1.2:update-only (default-cli) on project com.test: An exception occurred while downloading updates. Please see the log file for more details. Unable to connect to the database: General error: "java.lang.RuntimeException: rowcount remaining=2 SYS" [50000-196] -> [Help 1] 1

mahzad commented 6 years ago

@jeremylong Can you publish a video tutorial for running owasp dependency check in intellij idea? I dont know how my log4j dependency ( a sample in test project)is scanned in intellij idea. 2

jeremylong commented 6 years ago

The issue might lie in the server config hosting the mirrored NVD data. I believe some users have indicated that the some web servers used do not, by default, send the Last-Modified header. Depedency-check uses this to know if it should perform an update.

Alternatively, add -X to the build and post the log file.

mahzad commented 6 years ago

@jeremylong thanks for your attention: the last-modified file is attached. 5

console output:

"C:\Program Files\Java\jdk1.8.0_74\bin\java" -Dmaven.multiModuleProjectDirectory=C:\Users\Administrator\Desktop\TestMaven\TestMaven "-Dmaven.home=C:\Program Files\JetBrains\IntelliJ IDEA 2017.2.6\plugins\maven\lib\maven3" "-Dclassworlds.conf=C:\Program Files\JetBrains\IntelliJ IDEA 2017.2.6\plugins\maven\lib\maven3\bin\m2.conf" "-javaagent:C:\Program Files\JetBrains\IntelliJ IDEA 2017.2.6\lib\idea_rt.jar=50073:C:\Program Files\JetBrains\IntelliJ IDEA 2017.2.6\bin" -Dfile.encoding=UTF-8 -classpath "C:\Program Files\JetBrains\IntelliJ IDEA 2017.2.6\plugins\maven\lib\maven3\boot\plexus-classworlds-2.5.2.jar" org.codehaus.classworlds.Launcher -Didea.version=2017.2.6 dependency-check:check -X Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T20:11:47+03:30) Maven home: C:\Program Files\JetBrains\IntelliJ IDEA 2017.2.6\plugins\maven\lib\maven3 Java version: 1.8.0_74, vendor: Oracle Corporation Java home: C:\Program Files\Java\jdk1.8.0_74\jre Default locale: en_US, platform encoding: UTF-8 OS name: "windows 10", version: "10.0", arch: "amd64", family: "dos" [DEBUG] Created new class realm maven.api [DEBUG] Importing foreign packages into class realm maven.api [DEBUG] Imported: javax.enterprise.inject. < plexus.core [DEBUG] Imported: javax.enterprise.util. < plexus.core [DEBUG] Imported: javax.inject. < plexus.core [DEBUG] Imported: org.apache.maven. < plexus.core [DEBUG] Imported: org.apache.maven.artifact < plexus.core [DEBUG] Imported: org.apache.maven.classrealm < plexus.core [DEBUG] Imported: org.apache.maven.cli < plexus.core [DEBUG] Imported: org.apache.maven.configuration < plexus.core [DEBUG] Imported: org.apache.maven.exception < plexus.core [DEBUG] Imported: org.apache.maven.execution < plexus.core [DEBUG] Imported: org.apache.maven.execution.scope < plexus.core [DEBUG] Imported: org.apache.maven.lifecycle < plexus.core [DEBUG] Imported: org.apache.maven.model < plexus.core [DEBUG] Imported: org.apache.maven.monitor < plexus.core [DEBUG] Imported: org.apache.maven.plugin < plexus.core [DEBUG] Imported: org.apache.maven.profiles < plexus.core [DEBUG] Imported: org.apache.maven.project < plexus.core [DEBUG] Imported: org.apache.maven.reporting < plexus.core [DEBUG] Imported: org.apache.maven.repository < plexus.core [DEBUG] Imported: org.apache.maven.rtinfo < plexus.core [DEBUG] Imported: org.apache.maven.settings < plexus.core [DEBUG] Imported: org.apache.maven.toolchain < plexus.core [DEBUG] Imported: org.apache.maven.usability < plexus.core [DEBUG] Imported: org.apache.maven.wagon. < plexus.core [DEBUG] Imported: org.apache.maven.wagon.authentication < plexus.core [DEBUG] Imported: org.apache.maven.wagon.authorization < plexus.core [DEBUG] Imported: org.apache.maven.wagon.events < plexus.core [DEBUG] Imported: org.apache.maven.wagon.observers < plexus.core [DEBUG] Imported: org.apache.maven.wagon.proxy < plexus.core [DEBUG] Imported: org.apache.maven.wagon.repository < plexus.core [DEBUG] Imported: org.apache.maven.wagon.resource < plexus.core [DEBUG] Imported: org.codehaus.classworlds < plexus.core [DEBUG] Imported: org.codehaus.plexus. < plexus.core [DEBUG] Imported: org.codehaus.plexus.classworlds < plexus.core [DEBUG] Imported: org.codehaus.plexus.component < plexus.core [DEBUG] Imported: org.codehaus.plexus.configuration < plexus.core [DEBUG] Imported: org.codehaus.plexus.container < plexus.core [DEBUG] Imported: org.codehaus.plexus.context < plexus.core [DEBUG] Imported: org.codehaus.plexus.lifecycle < plexus.core [DEBUG] Imported: org.codehaus.plexus.logging < plexus.core [DEBUG] Imported: org.codehaus.plexus.personality < plexus.core [DEBUG] Imported: org.codehaus.plexus.util.xml.Xpp3Dom < plexus.core [DEBUG] Imported: org.codehaus.plexus.util.xml.pull.XmlPullParser < plexus.core [DEBUG] Imported: org.codehaus.plexus.util.xml.pull.XmlPullParserException < plexus.core [DEBUG] Imported: org.codehaus.plexus.util.xml.pull.XmlSerializer < plexus.core [DEBUG] Imported: org.eclipse.aether. < plexus.core [DEBUG] Imported: org.eclipse.aether.artifact < plexus.core [DEBUG] Imported: org.eclipse.aether.collection < plexus.core [DEBUG] Imported: org.eclipse.aether.deployment < plexus.core [DEBUG] Imported: org.eclipse.aether.graph < plexus.core [DEBUG] Imported: org.eclipse.aether.impl < plexus.core [DEBUG] Imported: org.eclipse.aether.installation < plexus.core [DEBUG] Imported: org.eclipse.aether.internal.impl < plexus.core [DEBUG] Imported: org.eclipse.aether.metadata < plexus.core [DEBUG] Imported: org.eclipse.aether.repository < plexus.core [DEBUG] Imported: org.eclipse.aether.resolution < plexus.core [DEBUG] Imported: org.eclipse.aether.spi < plexus.core [DEBUG] Imported: org.eclipse.aether.transfer < plexus.core [DEBUG] Imported: org.eclipse.aether.version < plexus.core [DEBUG] Imported: org.slf4j. < plexus.core [DEBUG] Imported: org.slf4j.helpers. < plexus.core [DEBUG] Imported: org.slf4j.spi. < plexus.core [DEBUG] Populating class realm maven.api [INFO] Error stacktraces are turned on. [DEBUG] Reading global settings from C:\Program Files\JetBrains\IntelliJ IDEA 2017.2.6\plugins\maven\lib\maven3\conf\settings.xml [DEBUG] Reading user settings from C:\Users\Administrator.m2\settings.xml [DEBUG] Reading global toolchains from C:\Program Files\JetBrains\IntelliJ IDEA 2017.2.6\plugins\maven\lib\maven3\conf\toolchains.xml [DEBUG] Reading user toolchains from C:\Users\Administrator.m2\toolchains.xml [DEBUG] Using local repository at C:\Users\Administrator.m2\repository [DEBUG] Using manager EnhancedLocalRepositoryManager with priority 10.0 for C:\Users\Administrator.m2\repository [INFO] Scanning for projects... [DEBUG] Extension realms for project com.test:com.test:jar:1.0-SNAPSHOT: (none) [DEBUG] Looking up lifecyle mappings for packaging jar from ClassRealm[plexus.core, parent: null] [DEBUG] Resolving plugin prefix dependency-check from [org.apache.maven.plugins, org.codehaus.mojo] [DEBUG] Resolved plugin prefix dependency-check to org.owasp:dependency-check-maven from POM com.test:com.test:jar:1.0-SNAPSHOT [DEBUG] === REACTOR BUILD PLAN ================================================ [DEBUG] Project: com.test:com.test:jar:1.0-SNAPSHOT [DEBUG] Tasks: [dependency-check:check] [DEBUG] Style: Regular [DEBUG] ======================================================================= [INFO]
[INFO] ------------------------------------------------------------------------ [INFO] Building com.test 1.0-SNAPSHOT [INFO] ------------------------------------------------------------------------ [DEBUG] Resolving plugin prefix dependency-check from [org.apache.maven.plugins, org.codehaus.mojo] [DEBUG] Resolved plugin prefix dependency-check to org.owasp:dependency-check-maven from POM com.test:com.test:jar:1.0-SNAPSHOT [DEBUG] Lifecycle default -> [validate, initialize, generate-sources, process-sources, generate-resources, process-resources, compile, process-classes, generate-test-sources, process-test-sources, generate-test-resources, process-test-resources, test-compile, process-test-classes, test, prepare-package, package, pre-integration-test, integration-test, post-integration-test, verify, install, deploy] [DEBUG] Lifecycle clean -> [pre-clean, clean, post-clean] [DEBUG] Lifecycle site -> [pre-site, site, post-site, site-deploy] [DEBUG] === PROJECT BUILD PLAN ================================================ [DEBUG] Project: com.test:com.test:1.0-SNAPSHOT [DEBUG] Dependencies (collect): [] [DEBUG] Dependencies (resolve): [compile+runtime] [DEBUG] Repositories (dependencies): [central (https://repo.maven.apache.org/maven2, default, releases)] [DEBUG] Repositories (plugins) : [central (https://repo.maven.apache.org/maven2, default, releases)] [DEBUG] ----------------------------------------------------------------------- [DEBUG] Goal: org.owasp:dependency-check-maven:3.1.2:check (default-cli) [DEBUG] Style: Regular [DEBUG] Configuration: <?xml version="1.0" encoding="UTF-8"?>

${aggregate} ${archiveAnalyzerEnabled} ${assemblyAnalyzerEnabled} ${autoUpdate} ${autoconfAnalyzerEnabled} ${bundleAuditAnalyzerEnabled} ${bundleAuditPath} ${centralAnalyzerEnabled} ${cmakeAnalyzerEnabled} ${cocoapodsAnalyzerEnabled} ${composerAnalyzerEnabled} ${connectionString} ${connectionTimeout} http://192.168.100.108/mirror-dir/nvdcve-%d.xml http://192.168.100.108/mirror-dir/nvdcve-Modified.xml.gz http://192.168.100.108/mirror-dir/nvdcve-2.0-%d.xml http://192.168.100.108/mirror-dir/nvdcve-2.0-Modified.xml.gz ${cveValidForHours} ${dataDirectory} ${metaFileName} ${databaseDriverName} ${databaseDriverPath} ${databasePassword} ${databaseUser} ${enableExperimental} ${enableRetired} ${externalReport} ${failBuildOnAnyVulnerability} ${failBuildOnCVSS} ${failOnError} ${format} ${hintsFile} ${jarAnalyzerEnabled} ${mavenSettings} ${mavenSettingsProxyId} ${name} ${nexusAnalyzerEnabled} ${nexusUrl} ${nexusUsesProxy} ${nodeAnalyzerEnabled} ${nspAnalyzerEnabled} ${nuspecAnalyzerEnabled} ${opensslAnalyzerEnabled} ${pathToMono} ${project} ${proxyUrl} ${pyDistributionAnalyzerEnabled} ${pyPackageAnalyzerEnabled} ${reactorProjects} ${project.reporting.outputDirectory} ${rubygemsAnalyzerEnabled} ${scanSet} ${serverId} ${showSummary} ${dependency-check.skip} ${skipArtifactType} ${skipProvidedScope} ${skipRuntimeScope} ${skipSystemScope} ${skipTestScope} ${suppressionFile} ${suppressionFiles} ${swiftPackageManagerAnalyzerEnabled} ${versionCheckEnabled} ${zipExtensions}

[DEBUG] ======================================================================= [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=0, ConflictMarker.markTime=0, ConflictMarker.nodeCount=4, ConflictIdSorter.graphTime=0, ConflictIdSorter.topsortTime=0, ConflictIdSorter.conflictIdCount=2, ConflictIdSorter.conflictIdCycleCount=0, ConflictResolver.totalTime=16, ConflictResolver.conflictItemCount=3, DefaultDependencyCollector.collectTime=109, DefaultDependencyCollector.transformTime=16} [DEBUG] com.test:com.test:jar:1.0-SNAPSHOT [DEBUG] org.apache.logging.log4j:log4j-api:jar:2.11.0:compile [DEBUG] org.apache.logging.log4j:log4j-core:jar:2.11.0:compile [INFO] [INFO] --- dependency-check-maven:3.1.2:check (default-cli) @ com.test --- [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=16, ConflictMarker.markTime=0, ConflictMarker.nodeCount=224, ConflictIdSorter.graphTime=0, ConflictIdSorter.topsortTime=0, ConflictIdSorter.conflictIdCount=67, ConflictIdSorter.conflictIdCycleCount=0, ConflictResolver.totalTime=16, ConflictResolver.conflictItemCount=141, DefaultDependencyCollector.collectTime=1062, DefaultDependencyCollector.transformTime=32} [DEBUG] org.owasp:dependency-check-maven:jar:3.1.2: [DEBUG] org.owasp:dependency-check-core:jar:3.1.2:compile [DEBUG] com.vdurmont:semver4j:jar:2.1.0:compile [DEBUG] joda-time:joda-time:jar:1.6:compile [DEBUG] org.slf4j:slf4j-api:jar:1.7.25:compile [DEBUG] org.apache.commons:commons-compress:jar:1.16.1:compile [DEBUG] org.objenesis:objenesis:jar:2.6:compile [DEBUG] commons-io:commons-io:jar:2.6:compile [DEBUG] org.apache.commons:commons-lang3:jar:3.4:compile [DEBUG] org.apache.lucene:lucene-core:jar:5.5.5:compile [DEBUG] org.apache.lucene:lucene-analyzers-common:jar:5.5.5:compile [DEBUG] org.apache.lucene:lucene-queryparser:jar:5.5.5:compile [DEBUG] org.apache.lucene:lucene-queries:jar:5.5.5:compile [DEBUG] org.apache.lucene:lucene-sandbox:jar:5.5.5:compile [DEBUG] org.apache.velocity:velocity:jar:1.7:compile [DEBUG] commons-collections:commons-collections:jar:3.2.2:compile [DEBUG] commons-lang:commons-lang:jar:2.4:compile [DEBUG] com.h2database:h2:jar:1.4.196:runtime [DEBUG] org.glassfish:javax.json:jar:1.0.4:compile [DEBUG] org.jsoup:jsoup:jar:1.11.2:compile [DEBUG] com.sun.mail:mailapi:jar:1.6.1:compile [DEBUG] javax.activation:activation:jar:1.1:compile [DEBUG] com.google.code.gson:gson:jar:2.8.2:compile [DEBUG] org.owasp:dependency-check-utils:jar:3.1.2:compile [DEBUG] org.apache.maven.shared:file-management:jar:3.0.0:compile [DEBUG] org.apache.maven:maven-plugin-api:jar:3.1.0:compile [DEBUG] org.apache.maven:maven-model:jar:3.1.0:compile [DEBUG] org.eclipse.sisu:org.eclipse.sisu.plexus:jar:0.0.0.M2a:compile [DEBUG] javax.enterprise:cdi-api:jar:1.0:compile [DEBUG] javax.annotation:jsr250-api:jar:1.0:compile [DEBUG] javax.inject:javax.inject:jar:1:compile [DEBUG] com.google.guava:guava:jar:10.0.1:compile [DEBUG] org.sonatype.sisu:sisu-guice:jar:no_aop:3.1.0:compile [DEBUG] aopalliance:aopalliance:jar:1.0:compile [DEBUG] org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.0.0.M2a:compile [DEBUG] asm:asm:jar:3.3.1:compile [DEBUG] org.apache.maven.shared:maven-shared-io:jar:3.0.0:compile [DEBUG] org.apache.maven:maven-compat:jar:3.0:compile [DEBUG] org.apache.maven.wagon:wagon-provider-api:jar:2.10:compile [DEBUG] org.apache.maven.shared:maven-shared-utils:jar:3.0.0:compile [DEBUG] com.google.code.findbugs:jsr305:jar:2.0.1:compile [DEBUG] org.codehaus.plexus:plexus-utils:jar:3.0.22:compile [DEBUG] org.apache.maven.reporting:maven-reporting-api:jar:3.0:compile [DEBUG] org.apache.maven.doxia:doxia-sink-api:jar:1.0:compile [DEBUG] org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4:compile [DEBUG] org.sonatype.plexus:plexus-cipher:jar:1.4:compile [DEBUG] org.apache.maven.shared:maven-dependency-tree:jar:2.2:compile [DEBUG] org.codehaus.plexus:plexus-component-annotations:jar:1.5.5:compile [DEBUG] org.eclipse.aether:aether-util:jar:0.9.0.M2:compile [DEBUG] org.apache.maven.shared:maven-artifact-transfer:jar:0.9.1:compile [DEBUG] org.apache.maven:maven-core:jar:3.1.0:compile [DEBUG] org.apache.maven:maven-settings:jar:3.1.0:compile [DEBUG] org.apache.maven:maven-settings-builder:jar:3.1.0:compile [DEBUG] org.apache.maven:maven-repository-metadata:jar:3.1.0:compile [DEBUG] org.apache.maven:maven-model-builder:jar:3.1.0:compile [DEBUG] org.apache.maven:maven-aether-provider:jar:3.1.0:compile [DEBUG] org.eclipse.aether:aether-spi:jar:0.9.0.M2:compile [DEBUG] org.eclipse.aether:aether-impl:jar:0.9.0.M2:compile [DEBUG] org.eclipse.aether:aether-api:jar:0.9.0.M2:compile [DEBUG] org.codehaus.plexus:plexus-interpolation:jar:1.16:compile [DEBUG] org.codehaus.plexus:plexus-classworlds:jar:2.4.2:compile [DEBUG] org.apache.maven:maven-artifact:jar:3.0:compile [DEBUG] org.apache.maven.shared:maven-common-artifact-filters:jar:3.0.1:compile [DEBUG] org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile [DEBUG] org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile [DEBUG] org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile [DEBUG] commons-codec:commons-codec:jar:1.6:compile [DEBUG] Created new class realm plugin>org.owasp:dependency-check-maven:3.1.2 [DEBUG] Importing foreign packages into class realm plugin>org.owasp:dependency-check-maven:3.1.2 [DEBUG] Imported: < maven.api [DEBUG] Populating class realm plugin>org.owasp:dependency-check-maven:3.1.2 [DEBUG] Included: org.owasp:dependency-check-maven:jar:3.1.2 [DEBUG] Included: org.owasp:dependency-check-core:jar:3.1.2 [DEBUG] Included: com.vdurmont:semver4j:jar:2.1.0 [DEBUG] Included: joda-time:joda-time:jar:1.6 [DEBUG] Included: org.apache.commons:commons-compress:jar:1.16.1 [DEBUG] Included: org.objenesis:objenesis:jar:2.6 [DEBUG] Included: commons-io:commons-io:jar:2.6 [DEBUG] Included: org.apache.commons:commons-lang3:jar:3.4 [DEBUG] Included: org.apache.lucene:lucene-core:jar:5.5.5 [DEBUG] Included: org.apache.lucene:lucene-analyzers-common:jar:5.5.5 [DEBUG] Included: org.apache.lucene:lucene-queryparser:jar:5.5.5 [DEBUG] Included: org.apache.lucene:lucene-queries:jar:5.5.5 [DEBUG] Included: org.apache.lucene:lucene-sandbox:jar:5.5.5 [DEBUG] Included: org.apache.velocity:velocity:jar:1.7 [DEBUG] Included: commons-collections:commons-collections:jar:3.2.2 [DEBUG] Included: commons-lang:commons-lang:jar:2.4 [DEBUG] Included: com.h2database:h2:jar:1.4.196 [DEBUG] Included: org.glassfish:javax.json:jar:1.0.4 [DEBUG] Included: org.jsoup:jsoup:jar:1.11.2 [DEBUG] Included: com.sun.mail:mailapi:jar:1.6.1 [DEBUG] Included: javax.activation:activation:jar:1.1 [DEBUG] Included: com.google.code.gson:gson:jar:2.8.2 [DEBUG] Included: org.owasp:dependency-check-utils:jar:3.1.2 [DEBUG] Included: org.apache.maven.shared:file-management:jar:3.0.0 [DEBUG] Included: javax.enterprise:cdi-api:jar:1.0 [DEBUG] Included: javax.annotation:jsr250-api:jar:1.0 [DEBUG] Included: com.google.guava:guava:jar:10.0.1 [DEBUG] Included: org.sonatype.sisu:sisu-guice:jar:no_aop:3.1.0 [DEBUG] Included: aopalliance:aopalliance:jar:1.0 [DEBUG] Included: org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.0.0.M2a [DEBUG] Included: asm:asm:jar:3.3.1 [DEBUG] Included: org.apache.maven.shared:maven-shared-io:jar:3.0.0 [DEBUG] Included: org.apache.maven.shared:maven-shared-utils:jar:3.0.0 [DEBUG] Included: com.google.code.findbugs:jsr305:jar:2.0.1 [DEBUG] Included: org.codehaus.plexus:plexus-utils:jar:3.0.22 [DEBUG] Included: org.apache.maven.reporting:maven-reporting-api:jar:3.0 [DEBUG] Included: org.apache.maven.doxia:doxia-sink-api:jar:1.0 [DEBUG] Included: org.sonatype.plexus:plexus-sec-dispatcher:jar:1.4 [DEBUG] Included: org.sonatype.plexus:plexus-cipher:jar:1.4 [DEBUG] Included: org.apache.maven.shared:maven-dependency-tree:jar:2.2 [DEBUG] Included: org.codehaus.plexus:plexus-component-annotations:jar:1.5.5 [DEBUG] Included: org.eclipse.aether:aether-util:jar:0.9.0.M2 [DEBUG] Included: org.apache.maven.shared:maven-artifact-transfer:jar:0.9.1 [DEBUG] Included: org.codehaus.plexus:plexus-interpolation:jar:1.16 [DEBUG] Included: org.apache.maven.shared:maven-common-artifact-filters:jar:3.0.1 [DEBUG] Included: org.sonatype.sisu:sisu-inject-bean:jar:1.4.2 [DEBUG] Included: org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7 [DEBUG] Included: commons-codec:commons-codec:jar:1.6 [DEBUG] Configuring mojo org.owasp:dependency-check-maven:3.1.2:check from plugin realm ClassRealm[plugin>org.owasp:dependency-check-maven:3.1.2, parent: sun.misc.Launcher$AppClassLoader@18b4aac2] [DEBUG] Configuring mojo 'org.owasp:dependency-check-maven:3.1.2:check' with basic configurator --> [DEBUG] (f) cveUrl12Base = http://192.168.100.108/mirror-dir/nvdcve-%d.xml [DEBUG] (f) cveUrl12Modified = http://192.168.100.108/mirror-dir/nvdcve-Modified.xml.gz [DEBUG] (f) cveUrl20Base = http://192.168.100.108/mirror-dir/nvdcve-2.0-%d.xml [DEBUG] (f) cveUrl20Modified = http://192.168.100.108/mirror-dir/nvdcve-2.0-Modified.xml.gz [DEBUG] (f) dataFileName = dependency-check.ser [DEBUG] (f) failBuildOnAnyVulnerability = false [DEBUG] (f) failBuildOnCVSS = 11.0 [DEBUG] (f) failOnError = true [DEBUG] (f) format = HTML [DEBUG] (f) mavenSettings = org.apache.maven.execution.SettingsAdapter@27a0a5a2 [DEBUG] (f) name = dependency-check [DEBUG] (f) outputDirectory = C:\Users\Administrator\Desktop\TestMaven\TestMaven\target [DEBUG] (f) project = MavenProject: com.test:com.test:1.0-SNAPSHOT @ C:\Users\Administrator\Desktop\TestMaven\TestMaven\pom.xml [DEBUG] (f) reactorProjects = [MavenProject: com.test:com.test:1.0-SNAPSHOT @ C:\Users\Administrator\Desktop\TestMaven\TestMaven\pom.xml] [DEBUG] (f) remoteRepositories = [ id: central url: https://repo.maven.apache.org/maven2 layout: default snapshots: [enabled => false, update => daily] releases: [enabled => true, update => daily] ] [DEBUG] (s) reportOutputDirectory = C:\Users\Administrator\Desktop\TestMaven\TestMaven\target\site [DEBUG] (f) scanSet = [] [DEBUG] (f) session = org.apache.maven.execution.MavenSession@50b0bc4c [DEBUG] (f) settingsXml = org.apache.maven.execution.SettingsAdapter@27a0a5a2 [DEBUG] (f) showSummary = true [DEBUG] (f) skip = false [DEBUG] (f) skipProvidedScope = false [DEBUG] (f) skipRuntimeScope = false [DEBUG] (f) skipSystemScope = false [DEBUG] (f) skipTestScope = true [DEBUG] (f) suppressionFiles = [] [DEBUG] (f) versionCheckEnabled = true [DEBUG] -- end configuration -- [DEBUG] Properties loaded:

data.driver_path='' cve.url-2.0.modified='https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-Modified.xml.gz' cve.check.validforhours='4' cve.startyear='2002' data.version='3.0' analyzer.hint.enabled='true' analyzer.cocoapods.enabled='true' cve.url-2.0.original='https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-Modified.xml.gz' analyzer.nvdcve.enabled='true' cve.url-1.2.base='https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz' analyzer.falsepositive.enabled='true' cve.url-2.0.base='https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz' database.batchinsert.enabled='true' application.version='3.1.2' data.connection_string='jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;LOG=0;CACHE_SIZE=65536;' analyzer.archive.enabled='true' analyzer.ruby.gemspec.enabled='true' analyzer.assembly.enabled='true' analyzer.jar.enabled='true' analyzer.python.distribution.enabled='true' analyzer.cmake.enabled='true' analyzer.node.package.enabled='true' data.password='*****' cpe.url='https://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz' downloader.quick.query.timestamp='true' application.name='Dependency-Check Core' analyzer.cpesuppression.enabled='true' engine.version.url='https://jeremylong.github.io/DependencyCheck/current.txt' analyzer.central.url='https://search.maven.org/solrsearch/select' data.user='dcuser' analyzer.nsp.url='https://api.nodesecurity.io/check' data.driver_name='org.h2.Driver' analyzer.bundle.audit.enabled='true' updater.nvdcve.enabled='true' analyzer.dependencybundling.enabled='true' ecosystem.skip.cpeanalyzer='npm' analyzer.retired.enabled='false' analyzer.swift.package.manager.enabled='true' data.h2.shutdownhook='org.owasp.dependencycheck.utils.H2DBCleanupHook' analyzer.versionfilter.enabled='true' cve.cpe.startswith.filter='cpe:/a:' analyzer.vulnerabilitysuppression.enabled='true' updater.versioncheck.enabled='true' analyzer.filename.enabled='true' data.file_name='dc.h2.db' analyzer.experimental.enabled='false' database.batchinsert.maxsize='1000' analyzer.nexus.proxy='true' archive.scan.depth='3' analyzer.openssl.enabled='true' data.directory='[JAR]/data' analyzer.central.enabled='true' analyzer.composer.lock.enabled='true' cve.url.modified.validfordays='7' analyzer.nuspec.enabled='true' analyzer.nexus.enabled='false' analyzer.cpe.enabled='true' analyzer.central.query='%s?q=1:%s&wt=xml' proxy.disableSchemas='true' cve.url-1.2.modified='https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz' analyzer.nsp.package.enabled='true' analyzer.autoconf.enabled='true' downloader.tls.protocols='TLSv1,TLSv1.1,TLSv1.2,TLSv1.3' analyzer.dependencymerging.enabled='true' cpe.validfordays='30' analyzer.nexus.url='https://repository.sonatype.org/service/local/' autoupdate='true' analyzer.python.package.enabled='true'

[DEBUG] Properties updated via merge:

data.driver_path='' cve.url-2.0.modified='https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-Modified.xml.gz' cve.check.validforhours='4' cve.startyear='2002' data.version='3.0' analyzer.hint.enabled='true' analyzer.cocoapods.enabled='true' cve.url-2.0.original='https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-Modified.xml.gz' analyzer.nvdcve.enabled='true' cve.url-1.2.base='https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz' analyzer.falsepositive.enabled='true' cve.url-2.0.base='https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz' database.batchinsert.enabled='true' application.version='3.1.2' data.connection_string='jdbc:h2:file:%s;MV_STORE=FALSE;AUTOCOMMIT=ON;LOG=0;CACHE_SIZE=65536;' analyzer.archive.enabled='true' analyzer.ruby.gemspec.enabled='true' analyzer.assembly.enabled='true' analyzer.jar.enabled='true' analyzer.python.distribution.enabled='true' analyzer.cmake.enabled='true' analyzer.node.package.enabled='true' data.password='*****' cpe.url='https://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz' downloader.quick.query.timestamp='true' application.name='Dependency-Check Core' analyzer.cpesuppression.enabled='true' engine.version.url='https://jeremylong.github.io/DependencyCheck/current.txt' analyzer.central.url='https://search.maven.org/solrsearch/select' data.user='dcuser' analyzer.nsp.url='https://api.nodesecurity.io/check' data.driver_name='org.h2.Driver' analyzer.bundle.audit.enabled='true' updater.nvdcve.enabled='true' analyzer.dependencybundling.enabled='true' ecosystem.skip.cpeanalyzer='npm' analyzer.retired.enabled='false' analyzer.swift.package.manager.enabled='true' data.h2.shutdownhook='org.owasp.dependencycheck.utils.H2DBCleanupHook' analyzer.versionfilter.enabled='true' cve.cpe.startswith.filter='cpe:/a:' analyzer.vulnerabilitysuppression.enabled='true' updater.versioncheck.enabled='true' analyzer.filename.enabled='true' data.file_name='dc.h2.db' analyzer.experimental.enabled='false' database.batchinsert.maxsize='1000' analyzer.nexus.proxy='true' archive.scan.depth='3' analyzer.openssl.enabled='true' data.directory='[JAR]/../../dependency-check-data/3.0' analyzer.central.enabled='true' analyzer.composer.lock.enabled='true' cve.url.modified.validfordays='7' analyzer.nuspec.enabled='true' analyzer.nexus.enabled='false' analyzer.cpe.enabled='true' analyzer.central.query='%s?q=1:%s&wt=xml' proxy.disableSchemas='true' cve.url-1.2.modified='https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz' analyzer.nsp.package.enabled='true' analyzer.autoconf.enabled='true' downloader.tls.protocols='TLSv1,TLSv1.1,TLSv1.2,TLSv1.3' analyzer.dependencymerging.enabled='true' cpe.validfordays='30' analyzer.nexus.url='https://repository.sonatype.org/service/local/' autoupdate='true' analyzer.python.package.enabled='true'

[DEBUG] Setting: updater.versioncheck.enabled='true' [DEBUG] Setting: cve.url-1.2.modified='http://192.168.100.108/mirror-dir/nvdcve-Modified.xml.gz' [DEBUG] Setting: cve.url-2.0.modified='http://192.168.100.108/mirror-dir/nvdcve-2.0-Modified.xml.gz' [DEBUG] Setting: cve.url-1.2.base='http://192.168.100.108/mirror-dir/nvdcve-%d.xml' [DEBUG] Setting: cve.url-2.0.base='http://192.168.100.108/mirror-dir/nvdcve-2.0-%d.xml' [DEBUG] Loaded Analyzer Archive Analyzer [DEBUG] Loaded Analyzer File Name Analyzer [DEBUG] Loaded Analyzer Jar Analyzer [DEBUG] Loaded Analyzer Hint Analyzer [DEBUG] Loaded Analyzer CPE Analyzer [DEBUG] Loaded Analyzer False Positive Analyzer [DEBUG] Loaded Analyzer Dependency Bundling Analyzer [DEBUG] Loaded Analyzer Dependency Merging Analyzer [DEBUG] Loaded Analyzer NVD CVE Analyzer [DEBUG] Loaded Analyzer Vulnerability Suppression Analyzer [DEBUG] Loaded Analyzer Central Analyzer [DEBUG] Loaded Analyzer Nexus Analyzer [DEBUG] Loaded Analyzer Nuspec Analyzer [DEBUG] Loaded Analyzer Assembly Analyzer [DEBUG] Loaded Analyzer OpenSSL Source Analyzer [DEBUG] Loaded Analyzer Node.js Package Analyzer [DEBUG] Loaded Analyzer Node Security Platform Analyzer [DEBUG] Loaded Analyzer Ruby Bundle Audit Analyzer [DEBUG] Loaded Analyzer Version Filter Analyzer [DEBUG] Enabling the Central analyzer [DEBUG] Nexus analyzer disabled, using Central instead [DEBUG] building maven31 dependency graph for com.test:com.test:jar:1.0-SNAPSHOT with Maven31DependencyGraphBuilder [DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=0, ConflictMarker.markTime=0, ConflictMarker.nodeCount=4, ConflictIdSorter.graphTime=0, ConflictIdSorter.topsortTime=0, ConflictIdSorter.conflictIdCount=2, ConflictIdSorter.conflictIdCycleCount=0, ConflictResolver.totalTime=0, ConflictResolver.conflictItemCount=3, DefaultDependencyCollector.collectTime=16, DefaultDependencyCollector.transformTime=0} [DEBUG] com.test:com.test:jar:1.0-SNAPSHOT [DEBUG] org.apache.logging.log4j:log4j-api:jar:2.11.0:compile [DEBUG] org.apache.logging.log4j:log4j-core:jar:2.11.0:compile [DEBUG] Adding project reference com.test on dependency log4j-api-2.11.0.jar [DEBUG] Adding project reference com.test on dependency log4j-core-2.11.0.jar [DEBUG] Settings.getDataFile() - file: '[JAR]/../../dependency-check-data/3.0' [DEBUG] Settings.getDataFile() - transforming filename [DEBUG] Settings.getDataFile() - jar file: 'C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2' [DEBUG] Settings.getDataFile() - returning: 'C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2....\dependency-check-data\3.0' [DEBUG] Data directory: C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2....\dependency-check-data\3.0 [DEBUG] Connection String: 'jdbc:h2:file:C:\Users\Administrator.m2\repository\org\owasp\dependency-check-data\3.0\dc;MV_STORE=FALSE;AUTOCOMMIT=ON;LOG=0;CACHE_SIZE=65536;' [DEBUG] locking for update [DEBUG] Settings.getDataFile() - file: '[JAR]/../../dependency-check-data/3.0' [DEBUG] Settings.getDataFile() - transforming filename [DEBUG] Settings.getDataFile() - jar file: 'C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2' [DEBUG] Settings.getDataFile() - returning: 'C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2....\dependency-check-data\3.0' [DEBUG] Lock file created (main) 56dba8f4f635069e632490fc1c74f684 @ 2018-05-08 15:32:21.679 [DEBUG] Loading driver 'org.h2.Driver' [DEBUG] Settings.getDataFile() - file: '[JAR]/../../dependency-check-data/3.0' [DEBUG] Settings.getDataFile() - transforming filename [DEBUG] Settings.getDataFile() - jar file: 'C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2' [DEBUG] Settings.getDataFile() - returning: 'C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2....\dependency-check-data\3.0' [DEBUG] Data directory: C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2....\dependency-check-data\3.0 [DEBUG] Connection String: 'jdbc:h2:file:C:\Users\Administrator.m2\repository\org\owasp\dependency-check-data\3.0\dc;MV_STORE=FALSE;AUTOCOMMIT=ON;LOG=0;CACHE_SIZE=65536;' [DEBUG] Settings.getDataFile() - file: '[JAR]/../../dependency-check-data/3.0' [DEBUG] Settings.getDataFile() - transforming filename [DEBUG] Settings.getDataFile() - jar file: 'C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2' [DEBUG] Settings.getDataFile() - returning: 'C:\Users\Administrator.m2\repository\org\owasp\dependency-check-utils\3.1.2....\dependency-check-data\3.0' [DEBUG] Need to create DB Structure: false [DEBUG] Loading database connection [DEBUG] Connection String: jdbc:h2:file:C:\Users\Administrator.m2\repository\org\owasp\dependency-check-data\3.0\dc;MV_STORE=FALSE;AUTOCOMMIT=ON;LOG=0;CACHE_SIZE=65536; [DEBUG] Database User: dcuser [DEBUG] Unable to connect to the database org.h2.jdbc.JdbcSQLException: General error: "java.lang.RuntimeException: rowcount remaining=2 SYS" [50000-196] at org.h2.message.DbException.getJdbcSQLException(DbException.java:345) at org.h2.message.DbException.get(DbException.java:168) at org.h2.message.DbException.convert(DbException.java:295) at org.h2.engine.Database.openDatabase(Database.java:307) at org.h2.engine.Database.(Database.java:270) at org.h2.engine.Engine.openSession(Engine.java:64) at org.h2.engine.Engine.openSession(Engine.java:176) at org.h2.engine.Engine.createSessionAndValidate(Engine.java:154) at org.h2.engine.Engine.createSession(Engine.java:137) at org.h2.engine.Engine.createSession(Engine.java:27) at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:354) at org.h2.jdbc.JdbcConnection.(JdbcConnection.java:116) at org.h2.jdbc.JdbcConnection.(JdbcConnection.java:100) at org.h2.Driver.connect(Driver.java:69) at java.sql.DriverManager.getConnection(DriverManager.java:664) at java.sql.DriverManager.getConnection(DriverManager.java:247) at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize(ConnectionFactory.java:162) at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.getConnection(ConnectionFactory.java:230) at org.owasp.dependencycheck.data.nvdcve.CveDB.open(CveDB.java:228) at org.owasp.dependencycheck.data.nvdcve.CveDB.(CveDB.java:198) at org.owasp.dependencycheck.Engine.openDatabase(Engine.java:942) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:882) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:716) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:642) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck(BaseDependencyCheckMojo.java:923) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute(BaseDependencyCheckMojo.java:590) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106) at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863) at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288) at org.apache.maven.cli.MavenCli.main(MavenCli.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) at org.codehaus.classworlds.Launcher.main(Launcher.java:47) Caused by: java.lang.RuntimeException: rowcount remaining=2 SYS at org.h2.message.DbException.throwInternalError(DbException.java:242) at org.h2.table.RegularTable.addIndex(RegularTable.java:283) at org.h2.engine.Database.open(Database.java:748) at org.h2.engine.Database.openDatabase(Database.java:276) ... 45 more [DEBUG] Lock released (main) 56dba8f4f635069e632490fc1c74f684 @ 2018-05-08 15:32:22.36 [WARNING] Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. [DEBUG] Update Error org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to connect to the database at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:898) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:716) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:642) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck(BaseDependencyCheckMojo.java:923) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute(BaseDependencyCheckMojo.java:590) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106) at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863) at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288) at org.apache.maven.cli.MavenCli.main(MavenCli.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) at org.codehaus.classworlds.Launcher.main(Launcher.java:47) Caused by: org.h2.jdbc.JdbcSQLException: General error: "java.lang.RuntimeException: rowcount remaining=2 SYS" [50000-196] at org.h2.message.DbException.getJdbcSQLException(DbException.java:345) at org.h2.message.DbException.get(DbException.java:168) at org.h2.message.DbException.convert(DbException.java:295) at org.h2.engine.Database.openDatabase(Database.java:307) at org.h2.engine.Database.(Database.java:270) at org.h2.engine.Engine.openSession(Engine.java:64) at org.h2.engine.Engine.openSession(Engine.java:176) at org.h2.engine.Engine.createSessionAndValidate(Engine.java:154) at org.h2.engine.Engine.createSession(Engine.java:137) at org.h2.engine.Engine.createSession(Engine.java:27) at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:354) at org.h2.jdbc.JdbcConnection.(JdbcConnection.java:116) at org.h2.jdbc.JdbcConnection.(JdbcConnection.java:100) at org.h2.Driver.connect(Driver.java:69) at java.sql.DriverManager.getConnection(DriverManager.java:664) at java.sql.DriverManager.getConnection(DriverManager.java:247) at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize(ConnectionFactory.java:162) at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.getConnection(ConnectionFactory.java:230) at org.owasp.dependencycheck.data.nvdcve.CveDB.open(CveDB.java:228) at org.owasp.dependencycheck.data.nvdcve.CveDB.(CveDB.java:198) at org.owasp.dependencycheck.Engine.openDatabase(Engine.java:942) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:882) ... 27 more Caused by: java.lang.RuntimeException: rowcount remaining=2 SYS at org.h2.message.DbException.throwInternalError(DbException.java:242) at org.h2.table.RegularTable.addIndex(RegularTable.java:283) at org.h2.engine.Database.open(Database.java:748) at org.h2.engine.Database.openDatabase(Database.java:276) ... 45 more [ERROR] No documents exist

Unable to continue dependency-check analysis. [DEBUG] org.owasp.dependencycheck.exception.NoDataException: No documents exist at org.owasp.dependencycheck.Engine.ensureDataExists(Engine.java:1070) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:646) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck(BaseDependencyCheckMojo.java:923) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute(BaseDependencyCheckMojo.java:590) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106) at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863) at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288) at org.apache.maven.cli.MavenCli.main(MavenCli.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) at org.codehaus.classworlds.Launcher.main(Launcher.java:47) [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 3.182 s [INFO] Finished at: 2018-05-08T15:32:22+04:30 [INFO] Final Memory: 13M/206M [DEBUG] Entering finalize [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.1.2:check (default-cli) on project com.test: Fatal exception(s) analyzing com.test: Unable to continue dependency-check analysis. [ERROR] Unable to connect to the database [ERROR] No documents exist [ERROR] -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.owasp:dependency-check-maven:3.1.2:check (default-cli) on project com.test: Fatal exception(s) analyzing com.test at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106) at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863) at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288) at org.apache.maven.cli.MavenCli.main(MavenCli.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) at org.codehaus.classworlds.Launcher.main(Launcher.java:47) Caused by: org.apache.maven.plugin.MojoExecutionException: Fatal exception(s) analyzing com.test at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.handleAnalysisExceptions(BaseDependencyCheckMojo.java:992) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck(BaseDependencyCheckMojo.java:925) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute(BaseDependencyCheckMojo.java:590) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207) ... 21 more Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: Unable to continue dependency-check analysis. Unable to connect to the database No documents exist at org.owasp.dependencycheck.Engine.throwFatalExceptionCollection(Engine.java:1087) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:648) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck(BaseDependencyCheckMojo.java:923) ... 24 more [ERROR] [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

Process finished with exit code 1 4

mahzad commented 6 years ago

@jeremylong My problem is solved :) I delete dependency-check data folder in my repo and run ODC again.

lock[bot] commented 6 years ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.