个人中心
gpt4 book ai didi

java - Sonatype OSS Index Analyzer Error requesting component 报告 javax.net.ssl.SSLHandshakeException :

转载 作者:行者123 更新时间:2023-12-04 22:40:07 25 4
gpt4 key购买 nike

我在 Jenkins 中使用 dependency-check-cli 版本 6.1.0,在扫描 jar 文件时它给了我以下错误。

[DependencyCheck] [WARN] An error occurred while analyzing '/JenkinsHome/.jenkins/workspace/Demo/cryptix32.jar' (Sonatype OSS Index Analyzer).
[DependencyCheck] [INFO] Finished Sonatype OSS Index Analyzer (1 seconds)
[DependencyCheck] [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[DependencyCheck] [INFO] Finished Dependency Bundling Analyzer (0 seconds)
[DependencyCheck] [INFO] Analysis Complete (8 seconds)
[DependencyCheck] [INFO] Writing report to: /JenkinsHome/.jenkins/workspace/Demo/./dependency-check-report.html
[DependencyCheck] [ERROR] Failed to request component-reports
Build step 'Invoke Dependency-Check' changed build result to FAILURE
当我检查日志报告时,我收到以下错误: 
DEBUG - Connecting to: https://ossindex.sonatype.org/api/v3/component-report
2021-06-04 17:39:51,398 org.owasp.dependencycheck.analyzer.OssIndexAnalyzer:147
DEBUG - Error requesting component reports
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
    at org.sonatype.ossindex.service.client.transport.HttpUrlConnectionTransport.post(HttpUrlConnectionTransport.java:90)
    at org.sonatype.ossindex.service.client.internal.OssindexClientImpl.doRequestComponentReports(OssindexClientImpl.java:204)
    at org.sonatype.ossindex.service.client.internal.OssindexClientImpl.requestComponentReports(OssindexClientImpl.java:170)
    at org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.requestReports(OssIndexAnalyzer.java:198)
    at org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:138)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    ... 24 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 30 common frames omitted
2021-06-04 17:39:51,399 org.owasp.dependencycheck.AnalysisTask:90
WARN  - An error occurred while analyzing '/JenkinsHome/.jenkins/workspace/Demo/cryptix32.jar' (Sonatype OSS Index Analyzer).
我什至尝试过导入 https://ossindex.sonatype.org 的 ssl 证书到/usr/java/jdk1.8.0_101/jre/lib/security/cacerts ,但仍然面临同样的问题。
请指导我如何解决此问题。

最佳答案

添加到代码
--disableOssIndex 真
XD

关于java - Sonatype OSS Index Analyzer Error requesting component 报告 javax.net.ssl.SSLHandshakeException :,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67837299/

25 4 0
文章推荐: ssl - 当 Docker compose 为 Dotnet 核心项目工作时,Kubernetes 因 SSL 错误而失败
文章推荐: security - 从 openssl 中删除弱密码
文章推荐: java - 获取 Spark 包时如何禁用 SSL 身份验证?
文章推荐: ssl - openSSL 1.1.1 API 疑点
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com