Failed to initialize the RetireJS repo
See original GitHub issueWe have a scheduler job setup which will run the dependency-check scan on a set of projects. Recently we have come across a new issue where it fails to initialize RetireJS repo. DependencyCheck only fails for the first project when the scheduler starts, the scan runs successfully for the remaining projects in a batch.
failed with error [INFO] Checking for updates
[INFO] NVD CVE requires several updates; this could take a couple of minutes.
[INFO] Download Started for NVD CVE - 2002
[INFO] Download Started for NVD CVE - 2003
[INFO] Download Complete for NVD CVE - 2003 (361 ms)
[INFO] Download Started for NVD CVE - 2004
[INFO] Processing Started for NVD CVE - 2003
[INFO] Download Complete for NVD CVE - 2002 (420 ms)
[INFO] Download Started for NVD CVE - 2005
[INFO] Download Complete for NVD CVE - 2004 (405 ms)
[INFO] Download Started for NVD CVE - 2006
[INFO] Download Complete for NVD CVE - 2005 (417 ms)
[INFO] Download Started for NVD CVE - 2007
[INFO] Download Complete for NVD CVE - 2006 (510 ms)
[INFO] Download Started for NVD CVE - 2008
[INFO] Download Complete for NVD CVE - 2007 (521 ms)
[INFO] Download Started for NVD CVE - 2009
[INFO] Download Complete for NVD CVE - 2008 (446 ms)
[INFO] Download Started for NVD CVE - 2010
[INFO] Download Complete for NVD CVE - 2009 (486 ms)
[INFO] Download Started for NVD CVE - 2011
[INFO] Download Complete for NVD CVE - 2010 (466 ms)
[INFO] Download Started for NVD CVE - 2012
[INFO] Download Complete for NVD CVE - 2011 (526 ms)
[INFO] Download Started for NVD CVE - 2013
[INFO] Download Complete for NVD CVE - 2012 (474 ms)
[INFO] Download Started for NVD CVE - 2014
[INFO] Download Complete for NVD CVE - 2013 (518 ms)
[INFO] Download Started for NVD CVE - 2015
[INFO] Download Complete for NVD CVE - 2014 (576 ms)
[INFO] Download Started for NVD CVE - 2016
[INFO] Download Complete for NVD CVE - 2015 (516 ms)
[INFO] Download Started for NVD CVE - 2017
[INFO] Download Complete for NVD CVE - 2016 (490 ms)
[INFO] Download Started for NVD CVE - 2018
[INFO] Processing Complete for NVD CVE - 2003 (3402 ms)
[INFO] Processing Started for NVD CVE - 2002
[INFO] Download Complete for NVD CVE - 2017 (547 ms)
[INFO] Download Started for NVD CVE - 2019
[INFO] Download Complete for NVD CVE - 2018 (564 ms)
[INFO] Download Started for NVD CVE - 2020
[INFO] Download Complete for NVD CVE - 2019 (540 ms)
[INFO] Download Complete for NVD CVE - 2020 (398 ms)
[INFO] Processing Complete for NVD CVE - 2002 (6403 ms)
[INFO] Processing Started for NVD CVE - 2004
[INFO] Processing Complete for NVD CVE - 2004 (3325 ms)
[INFO] Processing Started for NVD CVE - 2005
[INFO] Processing Complete for NVD CVE - 2005 (4782 ms)
[INFO] Processing Started for NVD CVE - 2006
[INFO] Processing Complete for NVD CVE - 2006 (6925 ms)
[INFO] Processing Started for NVD CVE - 2007
[INFO] Processing Complete for NVD CVE - 2007 (6365 ms)
[INFO] Processing Started for NVD CVE - 2008
[INFO] Processing Complete for NVD CVE - 2008 (7978 ms)
[INFO] Processing Started for NVD CVE - 2009
[INFO] Processing Complete for NVD CVE - 2009 (7971 ms)
[INFO] Processing Started for NVD CVE - 2010
[INFO] Processing Complete for NVD CVE - 2010 (12939 ms)
[INFO] Processing Started for NVD CVE - 2011
[INFO] Processing Complete for NVD CVE - 2011 (53170 ms)
[INFO] Processing Started for NVD CVE - 2012
[INFO] Processing Complete for NVD CVE - 2012 (13753 ms)
[INFO] Processing Started for NVD CVE - 2013
[INFO] Processing Complete for NVD CVE - 2013 (12758 ms)
[INFO] Processing Started for NVD CVE - 2014
[INFO] Processing Complete for NVD CVE - 2014 (11918 ms)
[INFO] Processing Started for NVD CVE - 2015
[INFO] Processing Complete for NVD CVE - 2015 (8532 ms)
[INFO] Processing Started for NVD CVE - 2016
[INFO] Processing Complete for NVD CVE - 2016 (9072 ms)
[INFO] Processing Started for NVD CVE - 2017
[INFO] Processing Complete for NVD CVE - 2017 (10691 ms)
[INFO] Processing Started for NVD CVE - 2018
[INFO] Processing Complete for NVD CVE - 2018 (10594 ms)
[INFO] Processing Started for NVD CVE - 2019
[INFO] Processing Complete for NVD CVE - 2019 (8534 ms)
[INFO] Processing Started for NVD CVE - 2020
[INFO] Processing Complete for NVD CVE - 2020 (1967 ms)
[INFO] Download Started for NVD CVE - Modified
[INFO] Download Complete for NVD CVE - Modified (331 ms)
[INFO] Processing Started for NVD CVE - Modified
[INFO] Processing Complete for NVD CVE - Modified (1029 ms)
[INFO] Begin database maintenance
[INFO] Updated the CPE ecosystem on 51517 NVD records
[INFO] Removed the CPE ecosystem on 5580 NVD records
[INFO] End database maintenance (81766 ms)
[ERROR] Failed to initialize the RetireJS repo
org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo
at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:139)
at org.owasp.dependencycheck.data.update.RetireJSDataSource.update(RetireJSDataSource.java:88)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:936)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:737)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:667)
at org.owasp.dependencycheck.App.runScan(App.java:254)
at org.owasp.dependencycheck.App.run(App.java:186)
at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json' to '/opt/app/dependency-check/data/jsrepository.json'
at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:98)
at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:74)
at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:137)
... 7 common frames omitted
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json; unable to connect.
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:238)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:138)
at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:94)
... 9 common frames omitted
Caused by: java.net.SocketTimeoutException: connect timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:607)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1162)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167)
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:178)
... 11 common frames omitted
[INFO] Begin database defrag
[INFO] End database defrag (19382 ms)
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Failed to initialize the RetireJS repo
[ERROR] No documents exist
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Jenkinsfile pipeline with DependenceCheck fail with RetireJS ...
... Unable to initialize the Retire JS respository [ERROR] caused by UpdateException: Failed to initialize the RetireJS repo [ERROR] caused ...
Read more >Check fails if job directory not on the same partition as the tmp ...
Message: Failed to initialize the RetireJS repo org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo
Read more >Failed to initialize the RetireJS repo - Bountysource
When the data directory is in a different path than the temporary directory, the retirejs analyzer fails with "Failed to initialize the ......
Read more >RetireJsAnalyzer xref
setEnabled(false); 238 throw new InitializationException("Failed to initialize the RetireJS repo: `" + repoFile 239 + "` appears to be malformed.
Read more >org.owasp.dependencycheck.data.update ... - Java2s.com
@param repo the retire JS repository. ... catch (IOException e) { throw new UpdateException("Failed to initialize the RetireJS repo", e); } } } ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
/opt/app/dependency-check/data/jsrepository.json In my case, the file jsrepository.json in my maven local repository is empty. I added an empty json body {} into it, that solved my problem.
This resolved the issue. Thank you