Started by user Ganesh Dutt Sharma
Running as SYSTEM
Building on master in workspace /home/jenkins/.jenkins/jobs/owasp_check/workspace
[workspace] $ /bin/sh -xe /opt/jetty/temp/jenkins5999239634680730514.sh
+ '[' 4.1.0.Final == 2.4.4.sp4 ']'
+ '[' 4.1.0.Final == 3.0.1 ']'
+ '[' 4.1.0.Final == 3.1.3 ']'
+ STORAGE_LOCATION=/var/www/html/maven/org/gluu
+ '[' -d /var/www/html/maven/org/gluu/oxauth-server/4.1.0.Final ']'
+ /usr/local/dependency-check/bin/dependency-check.sh --out /usr/local/dependency-check/reports/oxauth-server_4.1.0.Final -s /var/www/html/maven/org/gluu/oxauth-server/4.1.0.Final
[INFO] Checking for updates
[INFO] NVD CVE requires several updates; this could take a couple of minutes.
[INFO] Download Started for NVD CVE - 2003
[INFO] Download Started for NVD CVE - 2004
[INFO] Download Complete for NVD CVE - 2003 (132 ms)
[INFO] Download Started for NVD CVE - 2005
[INFO] Processing Started for NVD CVE - 2003
[INFO] Download Complete for NVD CVE - 2004 (152 ms)
[INFO] Download Started for NVD CVE - 2006
[INFO] Processing Started for NVD CVE - 2004
[INFO] Download Complete for NVD CVE - 2005 (182 ms)
[INFO] Download Started for NVD CVE - 2007
[INFO] Processing Started for NVD CVE - 2005
[INFO] Download Complete for NVD CVE - 2006 (315 ms)
[INFO] Download Started for NVD CVE - 2008
[INFO] Processing Started for NVD CVE - 2006
[INFO] Download Complete for NVD CVE - 2007 (299 ms)
[INFO] Download Started for NVD CVE - 2009
[INFO] Processing Started for NVD CVE - 2007
[INFO] Download Complete for NVD CVE - 2008 (262 ms)
[INFO] Download Started for NVD CVE - 2010
[INFO] Processing Started for NVD CVE - 2008
[INFO] Download Complete for NVD CVE - 2009 (544 ms)
[INFO] Download Complete for NVD CVE - 2010 (373 ms)
[INFO] Download Started for NVD CVE - 2011
[INFO] Download Complete for NVD CVE - 2011 (330 ms)
[INFO] Download Started for NVD CVE - 2012
[INFO] Download Started for NVD CVE - 2013
[INFO] Download Complete for NVD CVE - 2012 (271 ms)
[INFO] Download Complete for NVD CVE - 2013 (246 ms)
[INFO] Download Started for NVD CVE - 2014
[INFO] Download Started for NVD CVE - 2015
[INFO] Download Complete for NVD CVE - 2015 (333 ms)
[INFO] Download Complete for NVD CVE - 2014 (387 ms)
[INFO] Download Started for NVD CVE - 2016
[INFO] Download Started for NVD CVE - 2017
[INFO] Download Complete for NVD CVE - 2016 (287 ms)
[INFO] Download Started for NVD CVE - 2018
[INFO] Download Complete for NVD CVE - 2017 (313 ms)
[INFO] Download Started for NVD CVE - 2019
[INFO] Download Complete for NVD CVE - 2018 (428 ms)
[INFO] Download Complete for NVD CVE - 2019 (547 ms)
[INFO] Processing Complete for NVD CVE - 2003 (22680 ms)
[INFO] Processing Started for NVD CVE - 2009
[INFO] Processing Complete for NVD CVE - 2004 (38617 ms)
[INFO] Processing Started for NVD CVE - 2010
[INFO] Processing Complete for NVD CVE - 2005 (65682 ms)
[INFO] Processing Started for NVD CVE - 2011
[INFO] Processing Complete for NVD CVE - 2007 (106871 ms)
[INFO] Processing Started for NVD CVE - 2013
[INFO] Processing Complete for NVD CVE - 2009 (98490 ms)
[INFO] Processing Started for NVD CVE - 2012
[INFO] Processing Complete for NVD CVE - 2006 (121581 ms)
[INFO] Processing Started for NVD CVE - 2014
[INFO] Processing Complete for NVD CVE - 2008 (129805 ms)
[INFO] Processing Started for NVD CVE - 2015
[INFO] Processing Complete for NVD CVE - 2010 (169107 ms)
[INFO] Processing Started for NVD CVE - 2016
[INFO] Processing Complete for NVD CVE - 2011 (205664 ms)
[INFO] Processing Started for NVD CVE - 2017
[INFO] Processing Complete for NVD CVE - 2013 (201459 ms)
[INFO] Processing Started for NVD CVE - 2019
[INFO] Processing Complete for NVD CVE - 2012 (191831 ms)
[INFO] Processing Started for NVD CVE - 2018
[INFO] Processing Complete for NVD CVE - 2015 (193407 ms)
[INFO] Processing Complete for NVD CVE - 2014 (207272 ms)
[INFO] Processing Complete for NVD CVE - 2016 (130125 ms)
[INFO] Processing Complete for NVD CVE - 2017 (85472 ms)
[INFO] Processing Complete for NVD CVE - 2019 (49359 ms)
[INFO] Processing Complete for NVD CVE - 2018 (48708 ms)
[INFO] Download Started for NVD CVE - Modified
[INFO] Download Complete for NVD CVE - Modified (469 ms)
[INFO] Processing Started for NVD CVE - Modified
[INFO] Processing Complete for NVD CVE - Modified (3300 ms)
[INFO] Begin database maintenance
[INFO] End database maintenance (6751 ms)
[INFO] Begin database defrag
[INFO] End database defrag (9533 ms)
[INFO] Check for updates complete (383761 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (5 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (1 seconds)
[INFO] Finished Central Analyzer (0 seconds)
[ERROR] ----------------------------------------------------
[ERROR] .NET Assembly Analyzer could not be initialized and at least one 'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the path; either disable the Assembly Analyzer or configure the path dotnet core.
[ERROR] ----------------------------------------------------
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
00:00 INFO: Vulnerability found: bootstrap below 4.3.1
00:00 INFO: Vulnerability found: bootstrap below 4.1.2
00:00 INFO: Vulnerability found: bootstrap below 4.1.2
00:00 INFO: Vulnerability found: bootstrap below 4.1.2
00:00 INFO: Vulnerability found: bootstrap below 4.3.1
00:00 INFO: Vulnerability found: bootstrap below 4.1.2
00:00 INFO: Vulnerability found: bootstrap below 4.1.2
00:00 INFO: Vulnerability found: bootstrap below 4.1.2
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.1
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.0.0-beta1
00:00 INFO: Vulnerability found: jquery below 2.2.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:01 INFO: Vulnerability found: moment.js below 2.11.2
[INFO] Finished RetireJS Analyzer (1 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (16 seconds)
+ '[' -d /var/www/html/maven/org/gluu/oxtrust-server/4.1.0.Final ']'
+ /usr/local/dependency-check/bin/dependency-check.sh --out /usr/local/dependency-check/reports/oxtrust-server_4.1.0.Final -s /var/www/html/maven/org/gluu/oxtrust-server/4.1.0.Final
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (11 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (7 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (1 seconds)
[INFO] Finished Central Analyzer (0 seconds)
[ERROR] ----------------------------------------------------
[ERROR] .NET Assembly Analyzer could not be initialized and at least one 'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the path; either disable the Assembly Analyzer or configure the path dotnet core.
[ERROR] ----------------------------------------------------
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
00:00 INFO: Vulnerability found: bootstrap below 3.4.1
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.1
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.1
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: bootstrap below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.0.0-beta1
00:00 INFO: Vulnerability found: jquery below 2.2.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery-ui-dialog below 1.12.0
00:01 INFO: Vulnerability found: jquery below 3.0.0-beta1
00:01 INFO: Vulnerability found: jquery below 2.2.0
00:01 INFO: Vulnerability found: jquery below 3.4.0
00:01 INFO: Vulnerability found: jquery-ui-dialog below 1.12.0
00:01 INFO: Vulnerability found: jquery below 3.0.0-beta1
00:01 INFO: Vulnerability found: jquery below 2.2.0
00:01 INFO: Vulnerability found: jquery below 3.4.0
00:01 INFO: Vulnerability found: jquery-ui-dialog below 1.12.0
00:01 INFO: Vulnerability found: jquery below 3.0.0-beta1
00:01 INFO: Vulnerability found: jquery below 2.2.0
00:01 INFO: Vulnerability found: jquery below 3.4.0
00:03 INFO: Vulnerability found: ckeditor below 4.5.11
00:03 INFO: Vulnerability found: ckeditor below 4.11.0
00:03 INFO: Vulnerability found: bootstrap below 3.4.1
00:03 INFO: Vulnerability found: bootstrap below 3.4.0
00:03 INFO: Vulnerability found: bootstrap below 3.4.0
00:03 INFO: Vulnerability found: bootstrap below 3.4.0
00:03 INFO: Vulnerability found: jquery below 3.0.0-beta1
00:03 INFO: Vulnerability found: jquery below 2.2.0
00:03 INFO: Vulnerability found: jquery below 3.4.0
00:03 INFO: Vulnerability found: moment.js below 2.11.2
00:03 INFO: Vulnerability found: jquery below 3.4.0
[INFO] Finished RetireJS Analyzer (4 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (21 seconds)
+ '[' -d /var/www/html/maven/org/gluu/oxauth-rp/4.1.0.Final ']'
+ /usr/local/dependency-check/bin/dependency-check.sh --out /usr/local/dependency-check/reports/oxauth-rp_4.1.0.Final -s /var/www/html/maven/org/gluu/gluu/oxauth-rp/4.1.0.Final
Invalid 'scan' argument: '/var/www/html/maven/org/gluu/gluu/oxauth-rp/4.1.0.Final' - path does not exist
usage: Dependency-Check Core [--advancedHelp] [--cveValidForHours <hours>]
[--enableExperimental] [--enableRetired] [--exclude <pattern>] [-f
<format>] [--failOnCVSS <score>] [-h] [--junitFailOnCVSS <score>]
[-l <file>] [-n] [-o <path>] [--prettyPrint] [--project <name>] [-s
<path>] [--suppression <file>] [--symLink <depth>] [-v]
Dependency-Check Core can be used to identify if there are any known CVE
vulnerabilities in libraries utilized by an application. Dependency-Check
Core will automatically update required data from the Internet, such as
the CVE and CPE data files from nvd.nist.gov.
--advancedHelp Print the advanced help message.
--cveValidForHours <hours> The number of hours to wait before
checking for new updates from the NVD.
--enableExperimental Enables the experimental analyzers.
--enableRetired Enables the retired analyzers.
--exclude <pattern> Specify an exclusion pattern. This option
can be specified multiple times and it
accepts Ant style exclusions.
-f,--format <format> The report format (HTML, XML, CSV, JSON,
JUNIT, or ALL). The default is HTML.
Multiple format parameters can be
specified.
--failOnCVSS <score> Specifies if the build should be failed
if a CVSS score above a specified level
is identified. The default is 11; since
the CVSS scores are 0-10, by default the
build will never fail.
-h,--help Print this message.
--junitFailOnCVSS <score> Specifies the CVSS score that is
considered a failure when generating the
junit report. The default is 0.
-l,--log <file> The file path to write verbose logging
information.
-n,--noupdate Disables the automatic updating of the
CPE data.
-o,--out <path> The folder to write reports to. This
defaults to the current directory. It is
possible to set this to a specific file
name if the format argument is not set to
ALL.
--prettyPrint When specified the JSON and XML report
formats will be pretty printed.
--project <name> The name of the project being scanned.
-s,--scan <path> The path to scan - this option can be
specified multiple times. Ant style paths
are supported (e.g. 'path/**/*.jar'); if
using Ant style paths it is highly
recommended to quote the argument value.
--suppression <file> The file path to the suppression XML
file. This can be specified more then
once to utilize multiple suppression
files
--symLink <depth> Sets how deep nested symbolic links will
be followed; 0 indicates symbolic links
will not be followed.
-v,--version Print the version information.
Build step 'Execute shell' marked build as failure
Finished: FAILURE
![[Jenkins]](/jenkins/static/47b8b5fb/images/jenkins-header-logo-v2.svg){kind=logo}
Console Output