FailedConsole Output

Started by user Ganesh Dutt Sharma
Running as SYSTEM
Building on master in workspace /home/jenkins/.jenkins/jobs/owasp_check/workspace
[workspace] $ /bin/sh -xe /opt/jetty/temp/jenkins5999239634680730514.sh
+ '[' 4.1.0.Final == 2.4.4.sp4 ']'
+ '[' 4.1.0.Final == 3.0.1 ']'
+ '[' 4.1.0.Final == 3.1.3 ']'
+ STORAGE_LOCATION=/var/www/html/maven/org/gluu
+ '[' -d /var/www/html/maven/org/gluu/oxauth-server/4.1.0.Final ']'
+ /usr/local/dependency-check/bin/dependency-check.sh --out /usr/local/dependency-check/reports/oxauth-server_4.1.0.Final -s /var/www/html/maven/org/gluu/oxauth-server/4.1.0.Final
[INFO] Checking for updates
[INFO] NVD CVE requires several updates; this could take a couple of minutes.
[INFO] Download Started for NVD CVE - 2003
[INFO] Download Started for NVD CVE - 2004
[INFO] Download Complete for NVD CVE - 2003  (132 ms)
[INFO] Download Started for NVD CVE - 2005
[INFO] Processing Started for NVD CVE - 2003
[INFO] Download Complete for NVD CVE - 2004  (152 ms)
[INFO] Download Started for NVD CVE - 2006
[INFO] Processing Started for NVD CVE - 2004
[INFO] Download Complete for NVD CVE - 2005  (182 ms)
[INFO] Download Started for NVD CVE - 2007
[INFO] Processing Started for NVD CVE - 2005
[INFO] Download Complete for NVD CVE - 2006  (315 ms)
[INFO] Download Started for NVD CVE - 2008
[INFO] Processing Started for NVD CVE - 2006
[INFO] Download Complete for NVD CVE - 2007  (299 ms)
[INFO] Download Started for NVD CVE - 2009
[INFO] Processing Started for NVD CVE - 2007
[INFO] Download Complete for NVD CVE - 2008  (262 ms)
[INFO] Download Started for NVD CVE - 2010
[INFO] Processing Started for NVD CVE - 2008
[INFO] Download Complete for NVD CVE - 2009  (544 ms)
[INFO] Download Complete for NVD CVE - 2010  (373 ms)
[INFO] Download Started for NVD CVE - 2011
[INFO] Download Complete for NVD CVE - 2011  (330 ms)
[INFO] Download Started for NVD CVE - 2012
[INFO] Download Started for NVD CVE - 2013
[INFO] Download Complete for NVD CVE - 2012  (271 ms)
[INFO] Download Complete for NVD CVE - 2013  (246 ms)
[INFO] Download Started for NVD CVE - 2014
[INFO] Download Started for NVD CVE - 2015
[INFO] Download Complete for NVD CVE - 2015  (333 ms)
[INFO] Download Complete for NVD CVE - 2014  (387 ms)
[INFO] Download Started for NVD CVE - 2016
[INFO] Download Started for NVD CVE - 2017
[INFO] Download Complete for NVD CVE - 2016  (287 ms)
[INFO] Download Started for NVD CVE - 2018
[INFO] Download Complete for NVD CVE - 2017  (313 ms)
[INFO] Download Started for NVD CVE - 2019
[INFO] Download Complete for NVD CVE - 2018  (428 ms)
[INFO] Download Complete for NVD CVE - 2019  (547 ms)
[INFO] Processing Complete for NVD CVE - 2003  (22680 ms)
[INFO] Processing Started for NVD CVE - 2009
[INFO] Processing Complete for NVD CVE - 2004  (38617 ms)
[INFO] Processing Started for NVD CVE - 2010
[INFO] Processing Complete for NVD CVE - 2005  (65682 ms)
[INFO] Processing Started for NVD CVE - 2011
[INFO] Processing Complete for NVD CVE - 2007  (106871 ms)
[INFO] Processing Started for NVD CVE - 2013
[INFO] Processing Complete for NVD CVE - 2009  (98490 ms)
[INFO] Processing Started for NVD CVE - 2012
[INFO] Processing Complete for NVD CVE - 2006  (121581 ms)
[INFO] Processing Started for NVD CVE - 2014
[INFO] Processing Complete for NVD CVE - 2008  (129805 ms)
[INFO] Processing Started for NVD CVE - 2015
[INFO] Processing Complete for NVD CVE - 2010  (169107 ms)
[INFO] Processing Started for NVD CVE - 2016
[INFO] Processing Complete for NVD CVE - 2011  (205664 ms)
[INFO] Processing Started for NVD CVE - 2017
[INFO] Processing Complete for NVD CVE - 2013  (201459 ms)
[INFO] Processing Started for NVD CVE - 2019
[INFO] Processing Complete for NVD CVE - 2012  (191831 ms)
[INFO] Processing Started for NVD CVE - 2018
[INFO] Processing Complete for NVD CVE - 2015  (193407 ms)
[INFO] Processing Complete for NVD CVE - 2014  (207272 ms)
[INFO] Processing Complete for NVD CVE - 2016  (130125 ms)
[INFO] Processing Complete for NVD CVE - 2017  (85472 ms)
[INFO] Processing Complete for NVD CVE - 2019  (49359 ms)
[INFO] Processing Complete for NVD CVE - 2018  (48708 ms)
[INFO] Download Started for NVD CVE - Modified
[INFO] Download Complete for NVD CVE - Modified  (469 ms)
[INFO] Processing Started for NVD CVE - Modified
[INFO] Processing Complete for NVD CVE - Modified  (3300 ms)
[INFO] Begin database maintenance
[INFO] End database maintenance (6751 ms)
[INFO] Begin database defrag
[INFO] End database defrag (9533 ms)
[INFO] Check for updates complete (383761 ms)
[INFO] 

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.


[INFO] Analysis Started
[INFO] Finished Archive Analyzer (5 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (1 seconds)
[INFO] Finished Central Analyzer (0 seconds)
[ERROR] ----------------------------------------------------
[ERROR] .NET Assembly Analyzer could not be initialized and at least one 'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the path; either disable the Assembly Analyzer or configure the path dotnet core.
[ERROR] ----------------------------------------------------
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
00:00  INFO: Vulnerability found: bootstrap below 4.3.1
00:00  INFO: Vulnerability found: bootstrap below 4.1.2
00:00  INFO: Vulnerability found: bootstrap below 4.1.2
00:00  INFO: Vulnerability found: bootstrap below 4.1.2
00:00  INFO: Vulnerability found: bootstrap below 4.3.1
00:00  INFO: Vulnerability found: bootstrap below 4.1.2
00:00  INFO: Vulnerability found: bootstrap below 4.1.2
00:00  INFO: Vulnerability found: bootstrap below 4.1.2
00:00  INFO: Vulnerability found: jquery below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.1
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: jquery below 3.0.0-beta1
00:00  INFO: Vulnerability found: jquery below 2.2.0
00:00  INFO: Vulnerability found: jquery below 3.4.0
00:01  INFO: Vulnerability found: moment.js below 2.11.2
[INFO] Finished RetireJS Analyzer (1 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (16 seconds)
+ '[' -d /var/www/html/maven/org/gluu/oxtrust-server/4.1.0.Final ']'
+ /usr/local/dependency-check/bin/dependency-check.sh --out /usr/local/dependency-check/reports/oxtrust-server_4.1.0.Final -s /var/www/html/maven/org/gluu/oxtrust-server/4.1.0.Final
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (11 ms)
[INFO] 

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.


[INFO] Analysis Started
[INFO] Finished Archive Analyzer (7 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (1 seconds)
[INFO] Finished Central Analyzer (0 seconds)
[ERROR] ----------------------------------------------------
[ERROR] .NET Assembly Analyzer could not be initialized and at least one 'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the path; either disable the Assembly Analyzer or configure the path dotnet core.
[ERROR] ----------------------------------------------------
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
00:00  INFO: Vulnerability found: bootstrap below 3.4.1
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.1
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.1
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: bootstrap below 3.4.0
00:00  INFO: Vulnerability found: jquery below 3.0.0-beta1
00:00  INFO: Vulnerability found: jquery below 2.2.0
00:00  INFO: Vulnerability found: jquery below 3.4.0
00:00  INFO: Vulnerability found: jquery-ui-dialog below 1.12.0
00:01  INFO: Vulnerability found: jquery below 3.0.0-beta1
00:01  INFO: Vulnerability found: jquery below 2.2.0
00:01  INFO: Vulnerability found: jquery below 3.4.0
00:01  INFO: Vulnerability found: jquery-ui-dialog below 1.12.0
00:01  INFO: Vulnerability found: jquery below 3.0.0-beta1
00:01  INFO: Vulnerability found: jquery below 2.2.0
00:01  INFO: Vulnerability found: jquery below 3.4.0
00:01  INFO: Vulnerability found: jquery-ui-dialog below 1.12.0
00:01  INFO: Vulnerability found: jquery below 3.0.0-beta1
00:01  INFO: Vulnerability found: jquery below 2.2.0
00:01  INFO: Vulnerability found: jquery below 3.4.0
00:03  INFO: Vulnerability found: ckeditor below 4.5.11
00:03  INFO: Vulnerability found: ckeditor below 4.11.0
00:03  INFO: Vulnerability found: bootstrap below 3.4.1
00:03  INFO: Vulnerability found: bootstrap below 3.4.0
00:03  INFO: Vulnerability found: bootstrap below 3.4.0
00:03  INFO: Vulnerability found: bootstrap below 3.4.0
00:03  INFO: Vulnerability found: jquery below 3.0.0-beta1
00:03  INFO: Vulnerability found: jquery below 2.2.0
00:03  INFO: Vulnerability found: jquery below 3.4.0
00:03  INFO: Vulnerability found: moment.js below 2.11.2
00:03  INFO: Vulnerability found: jquery below 3.4.0
[INFO] Finished RetireJS Analyzer (4 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (21 seconds)
+ '[' -d /var/www/html/maven/org/gluu/oxauth-rp/4.1.0.Final ']'
+ /usr/local/dependency-check/bin/dependency-check.sh --out /usr/local/dependency-check/reports/oxauth-rp_4.1.0.Final -s /var/www/html/maven/org/gluu/gluu/oxauth-rp/4.1.0.Final
Invalid 'scan' argument: '/var/www/html/maven/org/gluu/gluu/oxauth-rp/4.1.0.Final' - path does not exist
usage: Dependency-Check Core [--advancedHelp] [--cveValidForHours <hours>]
       [--enableExperimental] [--enableRetired] [--exclude <pattern>] [-f
       <format>] [--failOnCVSS <score>] [-h] [--junitFailOnCVSS <score>]
       [-l <file>] [-n] [-o <path>] [--prettyPrint] [--project <name>] [-s
       <path>] [--suppression <file>] [--symLink <depth>] [-v]

Dependency-Check Core can be used to identify if there are any known CVE
vulnerabilities in libraries utilized by an application. Dependency-Check
Core will automatically update required data from the Internet, such as
the CVE and CPE data files from nvd.nist.gov.

    --advancedHelp               Print the advanced help message.
    --cveValidForHours <hours>   The number of hours to wait before
                                 checking for new updates from the NVD.
    --enableExperimental         Enables the experimental analyzers.
    --enableRetired              Enables the retired analyzers.
    --exclude <pattern>          Specify an exclusion pattern. This option
                                 can be specified multiple times and it
                                 accepts Ant style exclusions.
 -f,--format <format>            The report format (HTML, XML, CSV, JSON,
                                 JUNIT, or ALL). The default is HTML.
                                 Multiple format parameters can be
                                 specified.
    --failOnCVSS <score>         Specifies if the build should be failed
                                 if a CVSS score above a specified level
                                 is identified. The default is 11; since
                                 the CVSS scores are 0-10, by default the
                                 build will never fail.
 -h,--help                       Print this message.
    --junitFailOnCVSS <score>    Specifies the CVSS score that is
                                 considered a failure when generating the
                                 junit report. The default is 0.
 -l,--log <file>                 The file path to write verbose logging
                                 information.
 -n,--noupdate                   Disables the automatic updating of the
                                 CPE data.
 -o,--out <path>                 The folder to write reports to. This
                                 defaults to the current directory. It is
                                 possible to set this to a specific file
                                 name if the format argument is not set to
                                 ALL.
    --prettyPrint                When specified the JSON and XML report
                                 formats will be pretty printed.
    --project <name>             The name of the project being scanned.
 -s,--scan <path>                The path to scan - this option can be
                                 specified multiple times. Ant style paths
                                 are supported (e.g. 'path/**/*.jar'); if
                                 using Ant style paths it is highly
                                 recommended to quote the argument value.
    --suppression <file>         The file path to the suppression XML
                                 file. This can be specified more then
                                 once to utilize multiple suppression
                                 files
    --symLink <depth>            Sets how deep nested symbolic links will
                                 be followed; 0 indicates symbolic links
                                 will not be followed.
 -v,--version                    Print the version information.
Build step 'Execute shell' marked build as failure
Finished: FAILURE