See <https://ci-builds.apache.org/job/Tomee/job/master-owasp-check/org.apache.tomee$tomee-project/20/display/redirect?page=changes>
Changes: [Jean-Louis Monteiro] TOMEE-2937 Make sure endDate in the past does not fail but puts the Timer into a state where it won't trigger ------------------------------------------ Established TCP socket on 46827 maven35-agent.jar already up to date maven35-interceptor.jar already up to date maven3-interceptor-commons.jar already up to date <===[JENKINS REMOTING CAPACITY]===> channel started Executing Maven: -B -f <https://ci-builds.apache.org/job/Tomee/job/master-owasp-check/org.apache.tomee$tomee-project/ws/pom.xml> -U --show-version --fail-at-end clean install -Powasp-check -DskipTests [1mApache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)[m Maven home: /usr/local/asfpackages/maven/apache-maven-3.6.3 Java version: 1.8.0_252, vendor: Oracle Corporation, runtime: /usr/local/asfpackages/java/openjdk-8u252-b09/jre Default locale: en_US, platform encoding: ISO-8859-1 OS name: "linux", version: "4.15.0-99-generic", arch: "amd64", family: "unix" [INFO] Scanning for projects... [WARNING] The project org.apache.tomee:tomee-project:pom:8.0.6-SNAPSHOT uses prerequisites which is only intended for maven-plugin projects but not for non maven-plugin projects. For such purposes you should use the maven-enforcer-plugin. See https://maven.apache.org/enforcer/enforcer-rules/requireMavenVersion.html [INFO] [INFO] -------------------< org.apache.tomee:tomee-project >------------------- [INFO] Building Apache OpenEJB 8.0.6-SNAPSHOT [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- maven-clean-plugin:3.1.0:clean (default-clean) @ tomee-project --- [INFO] [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ tomee-project --- [INFO] [INFO] --- maven-remote-resources-plugin:1.5:process (process-resource-bundles) @ tomee-project --- [INFO] [INFO] --- dependency-report-plugin:1.0.2:report (default) @ tomee-project --- [INFO] No dependencies to report [INFO] [INFO] --- maven-bundle-plugin:3.3.0:manifest (bundle-manifest) @ tomee-project --- [WARNING] Ignoring project type pom - supportedProjectTypes = [bundle, jar, maven-plugin] [INFO] [INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ tomee-project --- [INFO] No site descriptor found: nothing to attach. [INFO] [INFO] --- dependency-check-maven:6.0.3:check (default) @ tomee-project --- [INFO] Checking for updates [INFO] NVD CVE requires several updates; this could take a couple of minutes. [INFO] Download Started for NVD CVE - 2009 [INFO] Download Started for NVD CVE - 2008 [INFO] Download Complete for NVD CVE - 2009 (824 ms) [INFO] Processing Started for NVD CVE - 2009 [INFO] Download Started for NVD CVE - 2010 [INFO] Download Complete for NVD CVE - 2008 (897 ms) [INFO] Download Started for NVD CVE - 2011 [INFO] Processing Started for NVD CVE - 2008 [INFO] Download Complete for NVD CVE - 2010 (785 ms) [INFO] Download Started for NVD CVE - 2012 [INFO] Processing Started for NVD CVE - 2010 [INFO] Download Complete for NVD CVE - 2011 (853 ms) [INFO] Download Started for NVD CVE - 2013 [INFO] Processing Started for NVD CVE - 2011 [INFO] Download Complete for NVD CVE - 2012 (784 ms) [INFO] Download Complete for NVD CVE - 2013 (809 ms) [INFO] Processing Started for NVD CVE - 2013 [INFO] Download Started for NVD CVE - 2015 [INFO] Processing Started for NVD CVE - 2012 [INFO] Download Started for NVD CVE - 2014 [INFO] Download Complete for NVD CVE - 2014 (811 ms) [INFO] Download Complete for NVD CVE - 2015 (841 ms) [INFO] Processing Started for NVD CVE - 2015 [INFO] Download Started for NVD CVE - 2017 [INFO] Processing Started for NVD CVE - 2014 [INFO] Download Started for NVD CVE - 2016 [INFO] Download Complete for NVD CVE - 2016 (960 ms) [INFO] Download Started for NVD CVE - 2018 [INFO] Processing Started for NVD CVE - 2016 [INFO] Download Complete for NVD CVE - 2017 (1038 ms) [INFO] Download Started for NVD CVE - 2019 [INFO] Processing Started for NVD CVE - 2017 [INFO] Download Complete for NVD CVE - 2018 (852 ms) [INFO] Download Started for NVD CVE - 2020 [INFO] Processing Started for NVD CVE - 2018 [INFO] Download Complete for NVD CVE - 2019 (846 ms) [INFO] Download Started for NVD CVE - 2021 [INFO] Processing Started for NVD CVE - 2019 [INFO] Download Complete for NVD CVE - 2021 (384 ms) [INFO] Processing Started for NVD CVE - 2021 [INFO] Download Complete for NVD CVE - 2020 (844 ms) [INFO] Processing Started for NVD CVE - 2020 [INFO] Processing Complete for NVD CVE - 2021 (9649 ms) [INFO] Processing Complete for NVD CVE - 2009 (247264 ms) [INFO] Processing Complete for NVD CVE - 2011 (246585 ms) [INFO] Processing Complete for NVD CVE - 2010 (256670 ms) [INFO] Processing Complete for NVD CVE - 2012 (268762 ms) [INFO] Processing Complete for NVD CVE - 2013 (285708 ms) [INFO] Processing Complete for NVD CVE - 2008 (294790 ms) [INFO] Processing Complete for NVD CVE - 2015 (298108 ms) [INFO] Processing Complete for NVD CVE - 2014 (311606 ms) [INFO] Processing Complete for NVD CVE - 2016 (311082 ms) [INFO] Processing Complete for NVD CVE - 2017 (336853 ms) [INFO] Processing Complete for NVD CVE - 2020 (335912 ms) [INFO] Processing Complete for NVD CVE - 2019 (337261 ms) [INFO] Processing Complete for NVD CVE - 2018 (338362 ms) [INFO] Download Started for NVD CVE - Modified [INFO] Download Complete for NVD CVE - Modified (576 ms) [INFO] Processing Started for NVD CVE - Modified [INFO] Processing Complete for NVD CVE - Modified (1349 ms) [INFO] Begin database maintenance [INFO] Updated the CPE ecosystem on 110925 NVD records [INFO] Removed the CPE ecosystem on 3 NVD records [INFO] Cleaned up 60 orphaned NVD records [INFO] End database maintenance (18573 ms) [WARNING] A new version of dependency-check is available. Consider updating to version 6.0.5. [INFO] Begin database defrag [INFO] End database defrag (4984 ms) [INFO] Check for updates complete (376801 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Created CPE Index (2 seconds) [ERROR] Unable to create an Input Stream for ${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml java.io.FileNotFoundException: ${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml (No such file or directory) at java.io.FileInputStream.open0 (Native Method) at java.io.FileInputStream.open (FileInputStream.java:195) at java.io.FileInputStream.<init> (FileInputStream.java:138) at java.io.FileInputStream.<init> (FileInputStream.java:93) at org.owasp.dependencycheck.utils.FileUtils.getResourceAsStream (FileUtils.java:166) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionFile (AbstractSuppressionAnalyzer.java:218) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionData (AbstractSuppressionAnalyzer.java:132) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:103) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:206) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:781) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:617) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1620) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:889) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.jvnet.hudson.maven3.launcher.Maven35Launcher.main (Maven35Launcher.java:130) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at jenkins.maven3.agent.Maven35Main.launch (Maven35Main.java:178) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at hudson.maven.Maven3Builder.call (Maven3Builder.java:139) at hudson.maven.Maven3Builder.call (Maven3Builder.java:70) at hudson.remoting.UserRequest.perform (UserRequest.java:211) at hudson.remoting.UserRequest.perform (UserRequest.java:54) at hudson.remoting.Request$2.run (Request.java:369) at hudson.remoting.InterceptingExecutorService$1.call (InterceptingExecutorService.java:72) at java.util.concurrent.FutureTask.run (FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624) at java.lang.Thread.run (Thread.java:748) [WARNING] Suppression file '${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml' does not exist [ERROR] Exception occurred initializing CPE Analyzer. [INFO] Finished CPE Analyzer (2 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [ERROR] Unable to create an Input Stream for ${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml java.io.FileNotFoundException: ${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml (No such file or directory) at java.io.FileInputStream.open0 (Native Method) at java.io.FileInputStream.open (FileInputStream.java:195) at java.io.FileInputStream.<init> (FileInputStream.java:138) at java.io.FileInputStream.<init> (FileInputStream.java:93) at org.owasp.dependencycheck.utils.FileUtils.getResourceAsStream (FileUtils.java:166) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionFile (AbstractSuppressionAnalyzer.java:218) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionData (AbstractSuppressionAnalyzer.java:132) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:103) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:781) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:617) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1620) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:889) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.jvnet.hudson.maven3.launcher.Maven35Launcher.main (Maven35Launcher.java:130) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at jenkins.maven3.agent.Maven35Main.launch (Maven35Main.java:178) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at hudson.maven.Maven3Builder.call (Maven3Builder.java:139) at hudson.maven.Maven3Builder.call (Maven3Builder.java:70) at hudson.remoting.UserRequest.perform (UserRequest.java:211) at hudson.remoting.UserRequest.perform (UserRequest.java:54) at hudson.remoting.Request$2.run (Request.java:369) at hudson.remoting.InterceptingExecutorService$1.call (InterceptingExecutorService.java:72) at java.util.concurrent.FutureTask.run (FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624) at java.lang.Thread.run (Thread.java:748) [WARNING] Suppression file '${maven.multiModuleProjectDirectory}/owasp-dc-suppression.xml' does not exist [ERROR] Exception occurred initializing Vulnerability Suppression Analyzer. [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Analysis Complete (3 seconds)