Spring boot 在jenkin中运行OWASP依赖项检查器时遇到SSLHandshakeException
我们已经添加了依赖项检查器插件pom.xmlSpring boot 在jenkin中运行OWASP依赖项检查器时遇到SSLHandshakeException,spring-boot,sonarqube,jenkins-pipeline,owasp,maven-dependency-check-plugin,Spring Boot,Sonarqube,Jenkins Pipeline,Owasp,Maven Dependency Check Plugin,我们已经添加了依赖项检查器插件pom.xml Error: 15:35:18 [ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta 15:35:18 [ERROR] caused by DownloadFailedException: Download failed, unable to retrieve 'ht
Error:
15:35:18 [ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
15:35:18 [ERROR] caused by DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
15:35:18 [ERROR] caused by DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
15:35:18 [ERROR] caused by SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] caused by ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] caused by SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] NoDataException: No documents exist
org.owasp
依赖性检查maven
6.0.3
检查
错误的
此错误通常意味着您的JVM无法创建到服务器的安全(https)连接nvd.nist.gov
,因为它不信任服务器提供的证书。为了信任服务器,服务器的公共证书或签名机构必须位于JVM使用的信任存储中。默认情况下,信任存储在%JAVA\u HOME%\lib\security\cacerts
中,您可以使用以下(windows)keytool-list-keystore”%JAVA\u HOME%\lib\security\cacerts“-storepass changeit
列出它的内容。
您应该会看到证书列表,如果未列出digicertglobalrootg2
,则需要导入该列表以信任服务器,因为证书由CN=DigiCert全局根G2签名,OU=www.DigiCert.com,O=DigiCert Inc,C=US。
您使用的是什么版本的Java?上述证书可能不包括在1.8之前的版本中
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.0.3</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<!-- Generate all report formats -->
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
</configuration>
</plugin>