Spring boot 在jenkin中运行OWASP依赖项检查器时遇到SSLHandshakeException_Spring Boot_Sonarqube_Jenkins Pipeline_Owasp_Maven Dependency Check Plugin

Spring boot 在jenkin中运行OWASP依赖项检查器时遇到SSLHandshakeException

spring-boot sonarqube

Spring boot 在jenkin中运行OWASP依赖项检查器时遇到SSLHandshakeException,spring-boot,sonarqube,jenkins-pipeline,owasp,maven-dependency-check-plugin,Spring Boot,Sonarqube,Jenkins Pipeline,Owasp,Maven Dependency Check Plugin,我们已经添加了依赖项检查器插件pom.xml Error: 15:35:18 [ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta 15:35:18 [ERROR] caused by DownloadFailedException: Download failed, unable to retrieve 'ht

我们已经添加了依赖项检查器插件pom.xml

Error:
15:35:18 [ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
15:35:18 [ERROR] caused by DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
15:35:18 [ERROR] caused by DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
15:35:18 [ERROR] caused by SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] caused by ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] caused by SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] NoDataException: No documents exist


org.owasp
依赖性检查maven
6.0.3  
检查
错误的

此错误通常意味着您的JVM无法创建到服务器的安全（https）连接

nvd.nist.gov

，因为它不信任服务器提供的证书。为了信任服务器，服务器的公共证书或签名机构必须位于JVM使用的信任存储中。默认情况下，信任存储在

%JAVA\u HOME%\lib\security\cacerts

中，您可以使用以下（windows）

keytool-list-keystore”%JAVA\u HOME%\lib\security\cacerts“-storepass changeit

列出它的内容。您应该会看到证书列表，如果未列出

digicertglobalrootg2

，则需要导入该列表以信任服务器，因为证书由CN=DigiCert全局根G2签名，OU=www.DigiCert.com，O=DigiCert Inc，C=US。您使用的是什么版本的Java？上述证书可能不包括在1.8之前的版本中

<plugin>  
         <groupId>org.owasp</groupId>  
         <artifactId>dependency-check-maven</artifactId>  
         <version>6.0.3</version>  
         <executions>  
           <execution>  
             <goals>  
               <goal>check</goal>  
             </goals>  
           </execution>  
         </executions>  
         <configuration>         
           <!-- Generate all report formats -->             
           <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>          
         </configuration>  
       </plugin>