[ERROR] Could not execute .NET AssemblyAnalyzer

[MDzyga]

Describe the bug When I try to launch analyzer in docker image (ubuntu 18.04), I get an error Could not execute .NET AssemblyAnalyzer.

Version of dependency-check used dependency-check: 8.0.2 SonarScanner for .NET: 5.11

Log file [WARN] An error occurred with the .NET AssemblyAnalyzer, please see the log for more details. [ERROR] Exception occurred initializing Assembly Analyzer. [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Created CPE Index (3 seconds) [INFO] Finished CPE Analyzer (4 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [WARN] Unable to determine Package-URL identifiers for 8 dependencies [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (6 seconds) [INFO] Writing report to: /mnt/src/dependency-check-report.json [INFO] Writing report to: /mnt/src/dependency-check-report.html [ERROR] Could not execute .NET AssemblyAnalyzer

To Reproduce Execute /usr/bin/dependency-check.sh -f JSON -f HTML -s '/mnt/src/' -o '/mnt/src/' --disableNuspec false --disableNugetconf false --disableMSBuild true --disableCentralCache false --disableNodeAuditCache false

[MDzyga]

I found this in logs:

DEBUG - Initializing Assembly Analyzer
2023-02-01 08:12:54,734 org.owasp.dependencycheck.utils.FileUtils:121
DEBUG - Temporary directory is `/tmp/dctemp6333fd27-875e-4fbc-91d1-eaf2db570e13/dctemp26c97e55-6353-4305-a0be-b0be960fb465`
2023-02-01 08:12:54,932 org.owasp.dependencycheck.analyzer.AssemblyAnalyzer:368
WARN  - An error occurred with the .NET AssemblyAnalyzer, please see the log for more details.
2023-02-01 08:12:54,932 org.owasp.dependencycheck.analyzer.AssemblyAnalyzer:369
DEBUG - GrokAssembly.dll is not working properly
2023-02-01 08:12:54,932 org.owasp.dependencycheck.Engine:826
ERROR - Exception occurred initializing Assembly Analyzer.
2023-02-01 08:12:54,934 org.owasp.dependencycheck.Engine:827
DEBUG - 
org.owasp.dependencycheck.exception.InitializationException: Could not execute .NET AssemblyAnalyzer
    at org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.prepareFileTypeAnalyzer(AssemblyAnalyzer.java:372)
    at org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer.prepareAnalyzer(AbstractFileTypeAnalyzer.java:83)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare(AbstractAnalyzer.java:102)
    at org.owasp.dependencycheck.Engine.initializeAnalyzer(Engine.java:824)
    at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:660)
    at org.owasp.dependencycheck.App.runScan(App.java:259)
    at org.owasp.dependencycheck.App.run(App.java:191)
    at org.owasp.dependencycheck.App.main(App.java:86)

[MDzyga]

Problem is related to Archive analyser. We have zip package in our repository with openssl. If I disable archive analyser, dependency check works fine.

[jeremylong]

The issue is unrelated to ArchiveAnalyzer. The AssemblyAnalyzer requires the dotnet core 6 runtime or sdk to be installed to analyze assemblies. There were likely warnings and/or errors in the log that indicated this. If you do not have any dotnet code consider disabling the AssemblyAnalyzer instead of the ArchiveAnalyzer.

[MDzyga]

We have installed .NET 7 sdk.

[jeremylong]

you'll need to also install dotnet 6 so dependency-check can analyze the .net 7 assemblies.

[MDzyga]

Thanks, it helped :)