Owasp 11.0 #7071
Comments
|
I tried --purging the database and then redownloading it. We'll see when it's done whether it works after that :) |
|
we call dependency-check-build-task@6 in azure devops and pipelines are failing with message "##[error]Dependency Check exited with an error code (exit code: 13)" |
|
Another problem / question: It now needs a Java version 11 but we need to keep at version 8 at the moment. Would it be possible to stay at a lower Java version with this tool? I guess it is important for a number of legacy applications. |
|
The move to Java 11 was due to the numerous dependencies that started using Java 11 as the base. You can still scan projects that use Java 8 - you just need to use Java 11 to scan them with ODC 11+ |
|
As we do not directly support the Azure DevOps Pipeline I am closing this issue. I believe there is a discussion going on here: dependency-check/azuredevops#169 |
|
It worked fine just adding Use java 11 preinstall as a step before. Every pipeline we use worked after that. |
Hi!
All our pipelines for owasp i azure devops failed tonight after 11.0.0 was released.
I got this error
C:\Windows\system32\cmd.exe /D /S /C "D:\a_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\6.2.3\dependency-check\bin\dependency-check.bat --version"
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.UnsupportedClassVersionError: org/owasp/dependencycheck/App has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0
So I saw this issue
dependency-check/azuredevops#169
and tried to adding use java step beforehand the check runs.
steps:
displayName: 'Use Java 11'
inputs:
versionSpec: 11
jdkArchitectureOption: x64
jdkSourceOption: PreInstalled
Now I run into this error instead
"
C:\Windows\system32\cmd.exe /D /S /C "D:\a_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\6.2.3\dependency-check\bin\dependency-check.bat --version"
Dependency-Check Core version 11.0.0
Searching for left over lock files...
found no left over lock files, continuing...
C:\Windows\system32\cmd.exe /D /S /C "D:\a_tasks\dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72\6.2.3\dependency-check\bin\dependency-check.bat --project DBUpdate --out D:\a_temp\dependency-scan-results --scan D:\a\1\s --format ALL --updateonly --data D:\a\1\cvedata"
[ERROR] Incompatible or corrupt database found. To resolve this issue please remove the existing database by running purge
[ERROR] Incompatible or corrupt database found; run the purge command to resolve the issue
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Incompatible or corrupt database found; run the purge command to resolve the issue
at org.owasp.dependencycheck.data.nvdcve.DatabaseManager.initialize(DatabaseManager.java:205)
at org.owasp.dependencycheck.data.nvdcve.DatabaseManager.(DatabaseManager.java:125)
at org.owasp.dependencycheck.data.nvdcve.CveDB.(CveDB.java:291)
at org.owasp.dependencycheck.Engine.openDatabase(Engine.java:1025)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:896)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:878)
at org.owasp.dependencycheck.App.runUpdateOnly(App.java:431)
at org.owasp.dependencycheck.App.run(App.java:175)
at org.owasp.dependencycheck.App.main(App.java:90)
Dependency Check completed with exit code 9.
Dependency Check reports:
[]
Dependency Check failed with message "Dependency Check exited with an error code (exit code: 9)."
##[error]Dependency Check exited with an error code (exit code: 9).
"
Should i purge the database?
The text was updated successfully, but these errors were encountered: