Started by user Yuriy Movchan
Running as SYSTEM
Building on master in workspace /home/jenkins/.jenkins/jobs/owasp_check/workspace
[workspace] $ /bin/sh -xe /opt/jetty/temp/jenkins5190200440006730775.sh
+ /usr/local/dependency-check/bin/dependency-check.sh --failOnCVSS 8 -s /var/www/html/maven/org/gluu/oxauth-server/oxauth-server/4.0.1.Final
Invalid 'scan' argument: '/var/www/html/maven/org/gluu/oxauth-server/oxauth-server/4.0.1.Final' - path does not exist
usage: Dependency-Check Core [--advancedHelp] [--cveValidForHours <hours>]
[--enableExperimental] [--enableRetired] [--exclude <pattern>] [-f
<format>] [--failOnCVSS <score>] [-h] [--junitFailOnCVSS <score>]
[-l <file>] [-n] [-o <path>] [--prettyPrint] [--project <name>] [-s
<path>] [--suppression <file>] [--symLink <depth>] [-v]
Dependency-Check Core can be used to identify if there are any known CVE
vulnerabilities in libraries utilized by an application. Dependency-Check
Core will automatically update required data from the Internet, such as
the CVE and CPE data files from nvd.nist.gov.
--advancedHelp Print the advanced help message.
--cveValidForHours <hours> The number of hours to wait before
checking for new updates from the NVD.
--enableExperimental Enables the experimental analyzers.
--enableRetired Enables the retired analyzers.
--exclude <pattern> Specify an exclusion pattern. This option
can be specified multiple times and it
accepts Ant style exclusions.
-f,--format <format> The report format (HTML, XML, CSV, JSON,
JUNIT, or ALL). The default is HTML.
Multiple format parameters can be
specified.
--failOnCVSS <score> Specifies if the build should be failed
if a CVSS score above a specified level
is identified. The default is 11; since
the CVSS scores are 0-10, by default the
build will never fail.
-h,--help Print this message.
--junitFailOnCVSS <score> Specifies the CVSS score that is
considered a failure when generating the
junit report. The default is 0.
-l,--log <file> The file path to write verbose logging
information.
-n,--noupdate Disables the automatic updating of the
CPE data.
-o,--out <path> The folder to write reports to. This
defaults to the current directory. It is
possible to set this to a specific file
name if the format argument is not set to
ALL.
--prettyPrint When specified the JSON and XML report
formats will be pretty printed.
--project <name> The name of the project being scanned.
-s,--scan <path> The path to scan - this option can be
specified multiple times. Ant style paths
are supported (e.g. 'path/**/*.jar'); if
using Ant style paths it is highly
recommended to quote the argument value.
--suppression <file> The file path to the suppression XML
file. This can be specified more then
once to utilize multiple suppression
files
--symLink <depth> Sets how deep nested symbolic links will
be followed; 0 indicates symbolic links
will not be followed.
-v,--version Print the version information.
Build step 'Execute shell' marked build as failure
Finished: FAILURE
![[Jenkins]](/jenkins/static/47b8b5fb/images/jenkins-header-logo-v2.svg){kind=logo}
Console Output