dgknght
commented
4 years ago It looks to me like there is an error parsing the suppressions.xml file, which appears to be a schema file, rather than a proper suppression file.
Cannot find the declaration of element 'xs:schema'I believe what you need is to pass a reference to a suppression xml file that conforms to that schema that you specified, rather than passing the schema document itself. If you're not sure what to put in the suppression file, it can be omitted.
I hope that helps!
Hello, I'm using Gitlab CI and i want to add a dependecy-check stage in my pipeline but i got this error all the time, can any one help me with this error ?
This the error:
[INFO] Analysis Started [INFO] Finished Archive Analyzer (3 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Central Analyzer (1 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Created CPE Index (7 seconds) [WARN] Unable to parse suppression xml file 'dependency_check_suppressions.xml' [WARN] org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=6, Column=99: cvc-elt.1.a: Cannot find the declaration of element 'xs:schema'. [ERROR] Exception occurred initializing CPE Analyzer. [INFO] Finished CPE Analyzer (8 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished RetireJS Analyzer (2 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [WARN] Unable to parse suppression xml file 'dependency_check_suppressions.xml' [WARN] org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=6, Column=99: cvc-elt.1.a: Cannot find the declaration of element 'xs:schema'. [ERROR] Exception occurred initializing Vulnerability Suppression Analyzer. [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Analysis Complete (15 seconds) [ERROR] Warn initializing the suppression analyzer: Failed to load dependency_check_suppressions.xml, caused by org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=6, Column=99: cvc-elt.1.a: Cannot find the declaration of element 'xs:schema'.. [ERROR] Warn initializing the suppression analyzer: Failed to load dependency_check_suppressions.xml, caused by org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=6, Column=99: cvc-elt.1.a: Cannot find the declaration of element 'xs:schema'.. Uploading artifacts... dependency-check-out/dependency-check-report.*: found 4 matching files Uploading artifacts to coordinator... ok id=2009442 responseStatus=201 Created token=TunH7rgy ERROR: Job failed: exit code 242And this is my script:
`dependency-check: stage: pre-analysis allow_failure: true image: name: owasp/dependency-check entrypoint: [""] before_script:
/usr/share/dependency-check/bin/dependency-check.sh --scan . --format 'ALL' --project "$CI_PROJECT_NAME" --failOnCVSS 7 --disableNodeJS --disableNodeAudit --suppression=dependency_check_suppressions.xml --data=dependency-check/datas --out=dependency-check-out --proxyserver=${PROXY_HOST} --proxyport=${PROXY_PORT} artifacts: name: "${CI_JOBID}${CI_JOB_NAME}" when: always expire_in: 1 week paths:
only: refs:
i'm using the dependency_check_suppressions.xml Link: https://github.com/jeremylong/DependencyCheck/blob/master/core/src/main/resources/schema/dependency-suppression.1.1.xsd
Many thanks !