aikebah
commented
1 year ago @Jayakumar6 Are you sure that /report is a writable mount in your docker container? Because that's the folder it tries to write to, which with the standard docker command in the README would resolve to '<current working directory>/odc-reports' (as defined by --volume $(pwd)/odc-reports:/report:z)
latest: Pulling from owasp/dependency-check Digest: sha256:06fa5954ab7bbef34864807d9b3477d50116ce7bdd8dc1faebecf45750739fb0 Status: Image is up to date for owasp/dependency-check:latest docker.io/owasp/dependency-check:latest [INFO] Checking for updates [INFO] NVD CVE requires several updates; this could take a couple of minutes. [INFO] Download Started for NVD CVE - 2008 [INFO] Download Complete for NVD CVE - 2008 (13396 ms) [INFO] Processing Started for NVD CVE - 2008 [INFO] Download Started for NVD CVE - 2014 [INFO] Processing Complete for NVD CVE - 2008 (6963 ms) [INFO] Download Complete for NVD CVE - 2014 (15045 ms) [INFO] Processing Started for NVD CVE - 2014 [INFO] Download Started for NVD CVE - 2015 [INFO] Processing Complete for NVD CVE - 2014 (4555 ms) [INFO] Download Complete for NVD CVE - 2015 (13812 ms) [INFO] Processing Started for NVD CVE - 2015 [INFO] Processing Complete for NVD CVE - 2015 (3852 ms) [INFO] Download Started for NVD CVE - 2016 [INFO] Download Complete for NVD CVE - 2016 (16829 ms) [INFO] Processing Started for NVD CVE - 2016 [INFO] Processing Complete for NVD CVE - 2016 (3765 ms) [INFO] Download Started for NVD CVE - 2017 [INFO] Download Complete for NVD CVE - 2017 (22779 ms) [INFO] Processing Started for NVD CVE - 2017 [INFO] Download Started for NVD CVE - 2019 [INFO] Processing Complete for NVD CVE - 2017 (4112 ms) [INFO] Download Complete for NVD CVE - 2019 (28664 ms) [INFO] Processing Started for NVD CVE - 2019 [INFO] Processing Complete for NVD CVE - 2019 (3839 ms) [INFO] Download Started for NVD CVE - 2020 [INFO] Download Complete for NVD CVE - 2020 (35012 ms) [INFO] Processing Started for NVD CVE - 2020 [INFO] Download Started for NVD CVE - 2021 [INFO] Processing Complete for NVD CVE - 2020 (4685 ms) [INFO] Download Complete for NVD CVE - 2021 (37162 ms) [INFO] Processing Started for NVD CVE - 2021 [INFO] Download Started for NVD CVE - 2022 [INFO] Processing Complete for NVD CVE - 2021 (5165 ms) [INFO] Download Complete for NVD CVE - 2022 (35455 ms) [INFO] Processing Started for NVD CVE - 2022 [INFO] Download Started for NVD CVE - 2023 [INFO] Processing Complete for NVD CVE - 2022 (5483 ms) [INFO] Download Complete for NVD CVE - 2023 (15291 ms) [INFO] Processing Started for NVD CVE - 2023 [INFO] Processing Complete for NVD CVE - 2023 (2247 ms) [INFO] Download Started for NVD CVE - Modified [INFO] Download Complete for NVD CVE - Modified (3166 ms) [INFO] Processing Started for NVD CVE - Modified [INFO] Processing Complete for NVD CVE - Modified (237 ms) [INFO] Begin database maintenance [INFO] Updated the CPE ecosystem on 128260 NVD records [INFO] Removed the CPE ecosystem on 5 NVD records [INFO] Cleaned up 250 orphaned NVD records [INFO] End database maintenance (7579 ms) [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json [INFO] Begin database defrag [INFO] End database defrag (2767 ms) [INFO] Check for updates complete (402231 ms) [INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished RetireJS Analyzer (0 seconds) [WARN] Unable to determine Package-URL identifiers for 2 dependencies [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing report to: /report/dependency-check-report.xml [ERROR] Error generating the report for dependency-check scan: /home/jk/Downloads/
I am running the OWASP dependency check as a docker and it is running successfully and it's not generating any report. I am running in the application's working directory..the directory is having the full permissions. @jeremylong