Started by GitHub push by andreapoli Running as SYSTEM Building in workspace /var/lib/jenkins/workspace/GovWay [WS-CLEANUP] Clean-up disabled, skipping workspace deletion. The recommended git tool is: NONE No credentials specified > /usr/bin/git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/GovWay/.git # timeout=10 Fetching changes from the remote Git repository > /usr/bin/git config remote.origin.url https://github.com/link-it/govway.git # timeout=10 Fetching upstream changes from https://github.com/link-it/govway.git > /usr/bin/git --version # timeout=10 > git --version # 'git version 2.47.1' > /usr/bin/git fetch --tags --force --progress -- https://github.com/link-it/govway.git +refs/heads/*:refs/remotes/origin/* # timeout=10 > /usr/bin/git rev-parse origin/3.4.x^{commit} # timeout=10 Checking out Revision 3bd37702b475ef7faa7cbc8dd6a3b2deeb42e26d (origin/3.4.x) > /usr/bin/git config core.sparsecheckout # timeout=10 > /usr/bin/git checkout -f 3bd37702b475ef7faa7cbc8dd6a3b2deeb42e26d # timeout=10 Commit message: "[TestSuite] Rivista testsuite DPoP per adeguare tempistiche rispetto all'ambiente CI Jenkins" > /usr/bin/git rev-list --no-walk f1595be52e297150a460c2245b918f7ca89a5289 # timeout=10 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] Run condition [Boolean condition] enabling prebuild for step [BuilderChain] [GovWay] $ /bin/bash /tmp/jenkins105415110711209363.sh ============================= General Info Workspace: /var/lib/jenkins/workspace/GovWay Build: true Deploy: true Test: true Test Integrazione: true ============================= ============================= Environment Info HOME: /var/lib/jenkins ANT_OPTS: -Xmx1024m -XX:MaxMetaspaceSize=700m -XX:+UseG1GC MAVEN_OPTS: SOFTHSM2_CONF: /home/ec2-user/lib/softhsm/softhsm2.conf SONAR_SCANNER_OPTS: ============================= ============================= Java openjdk version "21.0.7" 2025-04-15 LTS OpenJDK Runtime Environment Temurin-21.0.7+6 (build 21.0.7+6-LTS) OpenJDK 64-Bit Server VM Temurin-21.0.7+6 (build 21.0.7+6-LTS, mixed mode, sharing) ============================= ============================= Maven Apache Maven 3.0.5 (Red Hat 3.0.5-17) Maven home: /usr/share/maven Java version: 21.0.7, vendor: Eclipse Adoptium Java home: /opt/openjdk-21.0.7+6 Default locale: en_US, platform encoding: UTF-8 OS name: "linux", version: "4.14.94-89.73.amzn2.x86_64", arch: "amd64", family: "unix" ============================= ============================= ANT Apache Ant(TM) version 1.10.15 compiled on August 25 2024 ============================= ============================= Git Info Url: https://github.com/link-it/govway.git branch: origin/3.4.x commit: 3bd37702b475ef7faa7cbc8dd6a3b2deeb42e26d previuos commit: f1595be52e297150a460c2245b918f7ca89a5289 previuos successful commit: f1595be52e297150a460c2245b918f7ca89a5289 commit message: [TestSuite] Rivista testsuite DPoP per adeguare tempistiche rispetto all'ambiente CI Jenkins ============================= ============================= NODEjs Info v22.14.0 { npm: '10.9.2', node: '22.14.0', acorn: '8.14.0', ada: '2.9.2', amaro: '0.3.0', ares: '1.34.4', brotli: '1.1.0', cjs_module_lexer: '1.4.1', cldr: '46.0', icu: '76.1', llhttp: '9.2.1', modules: '127', napi: '10', nbytes: '0.1.1', ncrypto: '0.0.1', nghttp2: '1.64.0', nghttp3: '1.6.0', ngtcp2: '1.10.0', openssl: '3.0.15+quic', simdjson: '3.10.1', simdutf: '6.0.3', sqlite: '3.47.2', tz: '2024b', undici: '6.21.1', unicode: '16.0', uv: '1.49.2', uvwasi: '0.0.21', v8: '12.4.254.21-node.22', zlib: '1.3.0.1-motley-82a5fec' } ============================= ============================= OWASP ZAP Info 'ZAP_2.17.0' Associo diritti di esecuzione agli script zap ... Associati diritti di esecuzione agli script zap Update ... Execute: /opt/openjdk-21.0.7+6/bin/java -classpath /opt/zaproxy/ZAP_2.17.0/*:/opt/zaproxy/ZAP_2.17.0/lib/* org.zaproxy.zap.ZAP -cmd -addonupdate -port 8280 -host 127.0.0.1 Defaulting ZAP install dir to /opt/zaproxy/ZAP_2.17.0 Add-on update check complete Update effettuato ============================= Fermo application server ... Tomcat is not running Fermo application server effettuato Ripulisco log application server ... Ripulisco log application server effettuato Predispongo dir testsuite ... Predispongo dir testsuite ok Ripulisco output jacoco ... Ripulisco output jacoco effettuato Fermo sonarqube ... Gracefully stopping SonarQube... Stopped SonarQube. Fermo sonarqube effettuato Verifico che il workspace non esista ... Non e' stata rilevata una corretta re-inizializzazione del Workspace [Boolean condition] checking [true] against [^(1|y|yes|t|true|on|run)$] (origin token: ${GOVWAY_BUILD}) Run condition [Boolean condition] enabling perform for step [BuilderChain] [GovWay] $ /bin/sh -xe /tmp/jenkins574208805910316765.sh + perl -pi -e s/log4bash.appender=ColorConsoleAppender/log4bash.appender=ConsoleAppender/g /var/lib/jenkins/workspace/GovWay/distrib/log4bash.properties + sed -i -e 's#swagger-codegen##g' /var/lib/jenkins/workspace/GovWay/mvn/dependencies/pom.xml + sed -i -e s#UPDATE_DOC=true#UPDATE_DOC=false#g /var/lib/jenkins/workspace/GovWay/distrib/distrib.sh + sed -i -e s#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver,db2#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver#g /var/lib/jenkins/workspace/GovWay/ant/setup/prepare-build.properties [GovWay] $ /opt/apache-maven-3.9.10/bin/mvn initialize [INFO] Scanning for projects... [INFO] ------------------------------------------------------------------------ [INFO] Reactor Build Order: [INFO] [INFO] govway [pom] [INFO] dependencies [pom] [INFO] dependencies.ant [pom] [INFO] dependencies.antinstaller [pom] [INFO] dependencies.angus [pom] [INFO] dependencies.bean-validation [pom] [INFO] dependencies.cxf [pom] [INFO] dependencies.commons [pom] [INFO] dependencies.console [pom] [INFO] dependencies.git [pom] [INFO] dependencies.httpcore [pom] [INFO] dependencies.jackson [pom] [INFO] dependencies.jakarta [pom] [INFO] dependencies.jaxb [pom] [INFO] dependencies.jetty [pom] [INFO] dependencies.jmx [pom] [INFO] dependencies.json [pom] [INFO] dependencies.log [pom] [INFO] dependencies.lucene [pom] [INFO] dependencies.openapi4j [pom] [INFO] dependencies.opensaml [pom] [INFO] dependencies.pdf [pom] [INFO] dependencies.redis [pom] [INFO] dependencies.reports [pom] [INFO] dependencies.saaj [pom] [INFO] dependencies.security [pom] [INFO] dependencies.shared [pom] [INFO] dependencies.spring [pom] [INFO] dependencies.spring-ldap [pom] [INFO] dependencies.spring-security [pom] [INFO] dependencies.swagger [pom] [INFO] dependencies.wss4j [pom] [INFO] dependencies.testsuite [pom] [INFO] dependencies.testsuite.axis14 [pom] [INFO] dependencies.testsuite.as [pom] [INFO] dependencies.testsuite.as.wildfly27 [pom] [INFO] dependencies.testsuite.as.wildfly28 [pom] [INFO] dependencies.testsuite.as.wildfly35 [pom] [INFO] dependencies.testsuite.as.wildfly36 [pom] [INFO] dependencies.testsuite.as.wildfly37 [pom] [INFO] dependencies.testsuite.as.wildfly38 [pom] [INFO] dependencies.testsuite.as.tomcat10 [pom] [INFO] dependencies.testsuite.as.tomcat11 [pom] [INFO] dependencies.testsuite.test [pom] [INFO] dependencies.testsuite.test.testng [pom] [INFO] dependencies.testsuite.test.junit4 [pom] [INFO] dependencies.testsuite.test.karate09 [pom] [INFO] dependencies.testsuite.test.logback [pom] [INFO] dependencies.testsuite.test.httpcore4 [pom] [INFO] dependencies.testsuite.test.spring5 [pom] [INFO] dependencies.testsuite.test.spring-ldap2 [pom] [INFO] dependencies.testsuite.test.apacheds [pom] [INFO] dependencies.testsuite.test.cxf3 [pom] [INFO] dependencies.testsuite.staticAnalysis [pom] [INFO] dependencies.testsuite.dynamicAnalysis [pom] [INFO] dependencies.testsuite.coverage [pom] [INFO] compile [pom] [INFO] package [pom] [INFO] testsuite.utils [pom] [INFO] testsuite.utils.sql [pom] [INFO] testsuite.pdd.core [pom] [INFO] testsuite.pdd.core.sql [pom] [INFO] static_analysis.spotbugs [pom] [INFO] static_analysis.sonarqube [pom] [INFO] dynamic_analysis.zap [pom] [INFO] coverage.jacoco [pom] [INFO] [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- [INFO] Building govway 1.0 [1/66] [INFO] from pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ [INFO] Building dependencies 1.0 [2/66] [INFO] from mvn/dependencies/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- [INFO] Building dependencies.ant 1.0 [3/66] [INFO] from mvn/dependencies/ant/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.ant --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- [INFO] [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ [INFO] Building dependencies.antinstaller 1.0 [4/66] [INFO] from mvn/dependencies/antinstaller/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.angus >---------------- [INFO] Building dependencies.angus 1.0 [5/66] [INFO] from mvn/dependencies/angus/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.angus --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/angus (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.angus --- [INFO] [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- [INFO] Building dependencies.bean-validation 1.0 [6/66] [INFO] from mvn/dependencies/bean-validation/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- [INFO] Building dependencies.cxf 1.0 [7/66] [INFO] from mvn/dependencies/cxf/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.cxf --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-4.1.3.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-4.1.3.jar [INFO] Executed tasks [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- [INFO] Building dependencies.commons 1.0 [8/66] [INFO] from mvn/dependencies/commons/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.commons --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.commons --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/commons/commons-jcs3-core-3.2.1.jar [INFO] Executed tasks [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.console >--------------- [INFO] Building dependencies.console 1.0 [9/66] [INFO] from mvn/dependencies/console/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.console --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/console (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.console --- [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- [INFO] Building dependencies.git 1.0 [10/66] [INFO] from mvn/dependencies/git/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.git --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- [INFO] Building dependencies.httpcore 1.0 [11/66] [INFO] from mvn/dependencies/httpcore/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- [INFO] Building dependencies.jackson 1.0 [12/66] [INFO] from mvn/dependencies/jackson/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jackson --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.jakarta >--------------- [INFO] Building dependencies.jakarta 1.0 [13/66] [INFO] from mvn/dependencies/jakarta/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jakarta --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jakarta (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jakarta --- [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.jaxb >---------------- [INFO] Building dependencies.jaxb 1.0 [14/66] [INFO] from mvn/dependencies/jaxb/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jaxb --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jaxb (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jaxb --- [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- [INFO] Building dependencies.jetty 1.0 [15/66] [INFO] from mvn/dependencies/jetty/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jetty --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.jmx >----------------- [INFO] Building dependencies.jmx 1.0 [16/66] [INFO] from mvn/dependencies/jmx/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jmx --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jmx (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jmx --- [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- [INFO] Building dependencies.json 1.0 [17/66] [INFO] from mvn/dependencies/json/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.json --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14.jar [INFO] Executed tasks [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-networknt) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.5.7.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.5.7.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-validator) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-validator-2.2.14-gov4j-1.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-core) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.14.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-core-1.2.14.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-2.0.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson-equivalence) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-equivalence-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-equivalence-1.0.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-uri-template) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_uri-template-0.10.jar [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- [INFO] Building dependencies.log 1.0 [18/66] [INFO] from mvn/dependencies/log/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.log --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.17.jar [INFO] Executed tasks [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- [INFO] Building dependencies.lucene 1.0 [19/66] [INFO] from mvn/dependencies/lucene/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.lucene --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- [INFO] [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- [INFO] Building dependencies.openapi4j 1.0 [20/66] [INFO] from mvn/dependencies/openapi4j/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar [INFO] Executed tasks [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- [INFO] Building dependencies.opensaml 1.0 [21/66] [INFO] from mvn/dependencies/opensaml/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- [INFO] Building dependencies.pdf 1.0 [22/66] [INFO] from mvn/dependencies/pdf/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.pdf --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- [INFO] Building dependencies.redis 1.0 [23/66] [INFO] from mvn/dependencies/redis/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.redis --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- [INFO] Building dependencies.reports 1.0 [24/66] [INFO] from mvn/dependencies/reports/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.reports --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- [INFO] Building dependencies.saaj 1.0 [25/66] [INFO] from mvn/dependencies/saaj/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.saaj --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-3.0.4.jar [INFO] Executed tasks [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- [INFO] Building dependencies.security 1.0 [26/66] [INFO] from mvn/dependencies/security/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.security --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- [INFO] Building dependencies.shared 1.0 [27/66] [INFO] from mvn/dependencies/shared/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.shared --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-12.7.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-2.4.jar [INFO] Executed tasks [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- [INFO] Building dependencies.spring 1.0 [28/66] [INFO] from mvn/dependencies/spring/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- [INFO] [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- [INFO] Building dependencies.spring-ldap 1.0 [29/66] [INFO] from mvn/dependencies/spring-ldap/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- [INFO] [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- [INFO] Building dependencies.spring-security 1.0 [30/66] [INFO] from mvn/dependencies/spring-security/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- [INFO] Building dependencies.swagger 1.0 [31/66] [INFO] from mvn/dependencies/swagger/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.swagger --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.29.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.44.9.jar [INFO] Executed tasks [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- [INFO] Building dependencies.wss4j 1.0 [32/66] [INFO] from mvn/dependencies/wss4j/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-4.0.0.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-4.0.0.jar [INFO] Executed tasks [INFO] [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- [INFO] Building dependencies.testsuite 1.0 [33/66] [INFO] from mvn/dependencies/testsuite/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- [INFO] Building dependencies.testsuite.axis14 1.0 [34/66] [INFO] from mvn/dependencies/testsuite/axis14/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar [INFO] Executed tasks [INFO] [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- [INFO] Building dependencies.testsuite.as 1.0 [35/66] [INFO] from mvn/dependencies/testsuite/applicationServer/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly27 >-- [INFO] Building dependencies.testsuite.as.wildfly27 1.0 [36/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly27/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly28 >-- [INFO] Building dependencies.testsuite.as.wildfly28 1.0 [37/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly28/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly35 >-- [INFO] Building dependencies.testsuite.as.wildfly35 1.0 [38/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly35/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly36 >-- [INFO] Building dependencies.testsuite.as.wildfly36 1.0 [39/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly36/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly37 >-- [INFO] Building dependencies.testsuite.as.wildfly37 1.0 [40/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly37/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly38 >-- [INFO] Building dependencies.testsuite.as.wildfly38 1.0 [41/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly38/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat10 >-- [INFO] Building dependencies.testsuite.as.tomcat10 1.0 [42/66] [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat10/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat11 >-- [INFO] Building dependencies.testsuite.as.tomcat11 1.0 [43/66] [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat11/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- [INFO] [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- [INFO] Building dependencies.testsuite.test 1.0 [44/66] [INFO] from mvn/dependencies/testsuite/test/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.testng >-------- [INFO] Building dependencies.testsuite.test.testng 1.0 [45/66] [INFO] from mvn/dependencies/testsuite/test/testng/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.testng --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.testng --- [INFO] [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.junit4 >-------- [INFO] Building dependencies.testsuite.test.junit4 1.0 [46/66] [INFO] from mvn/dependencies/testsuite/test/junit4/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.junit4 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit4 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.junit4 --- [INFO] [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.karate09 >------- [INFO] Building dependencies.testsuite.test.karate09 1.0 [47/66] [INFO] from mvn/dependencies/testsuite/test/karate09/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.karate09 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate09 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.karate09 --- [INFO] [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.logback >------- [INFO] Building dependencies.testsuite.test.logback 1.0 [48/66] [INFO] from mvn/dependencies/testsuite/test/logback/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.logback --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.logback --- [INFO] [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.httpcore4 >------ [INFO] Building dependencies.testsuite.test.httpcore4 1.0 [49/66] [INFO] from mvn/dependencies/testsuite/test/httpcore4/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.httpcore4 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/httpcore4 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.httpcore4 --- [INFO] [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.spring5 >------- [INFO] Building dependencies.testsuite.test.spring5 1.0 [50/66] [INFO] from mvn/dependencies/testsuite/test/spring5/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring5 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring5 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring5 --- [INFO] [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.test.spring-ldap2 >----- [INFO] Building dependencies.testsuite.test.spring-ldap2 1.0 [51/66] [INFO] from mvn/dependencies/testsuite/test/spring-ldap2/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring-ldap2 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap2 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring-ldap2 --- [INFO] [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.apacheds >------- [INFO] Building dependencies.testsuite.test.apacheds 1.0 [52/66] [INFO] from mvn/dependencies/testsuite/test/apacheds/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.apacheds --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.apacheds --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.test.apacheds --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds/apacheds-all-2.0.0.AM27.jar [INFO] Executed tasks [INFO] [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.test.cxf3 >--------- [INFO] Building dependencies.testsuite.test.cxf3 1.0 [53/66] [INFO] from mvn/dependencies/testsuite/test/cxf3/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.cxf3 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/cxf3 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.cxf3 --- [INFO] [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [54/66] [INFO] from mvn/dependencies/testsuite/staticAnalysis/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- [INFO] [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [55/66] [INFO] from mvn/dependencies/testsuite/dynamicAnalysis/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- [INFO] [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- [INFO] Building dependencies.testsuite.coverage 1.0 [56/66] [INFO] from mvn/dependencies/testsuite/coverage/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- [INFO] Building compile 1.0 [57/66] [INFO] from mvn/compile/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.package >--------------- [INFO] Building package 1.0 [58/66] [INFO] from distrib/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >----------- [INFO] Building testsuite.utils 1.0 [59/66] [INFO] from tools/utils/mvn/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >--------- [INFO] Building testsuite.utils.sql 1.0 [60/66] [INFO] from tools/utils/mvn/sql/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >--------- [INFO] Building testsuite.pdd.core 1.0 [61/66] [INFO] from core/mvn/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >------- [INFO] Building testsuite.pdd.core.sql 1.0 [62/66] [INFO] from core/mvn/sql/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------ [INFO] Building static_analysis.spotbugs 1.0 [63/66] [INFO] from tools/spotbugs/mvn/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------ [INFO] Building static_analysis.sonarqube 1.0 [64/66] [INFO] from tools/sonarqube/mvn/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >-------- [INFO] Building dynamic_analysis.zap 1.0 [65/66] [INFO] from tools/zap/mvn/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >----------- [INFO] Building coverage.jacoco 1.0 [66/66] [INFO] from tools/jacoco/mvn/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary for govway 1.0: [INFO] [INFO] govway ............................................. SUCCESS [ 0.004 s] [INFO] dependencies ....................................... SUCCESS [ 0.001 s] [INFO] dependencies.ant ................................... SUCCESS [ 1.999 s] [INFO] dependencies.antinstaller .......................... SUCCESS [ 0.074 s] [INFO] dependencies.angus ................................. SUCCESS [ 0.055 s] [INFO] dependencies.bean-validation ....................... SUCCESS [ 0.079 s] [INFO] dependencies.cxf ................................... SUCCESS [ 0.929 s] [INFO] dependencies.commons ............................... SUCCESS [ 0.506 s] [INFO] dependencies.console ............................... SUCCESS [ 0.104 s] [INFO] dependencies.git ................................... SUCCESS [ 0.058 s] [INFO] dependencies.httpcore .............................. SUCCESS [ 0.139 s] [INFO] dependencies.jackson ............................... SUCCESS [ 0.158 s] [INFO] dependencies.jakarta ............................... SUCCESS [ 0.157 s] [INFO] dependencies.jaxb .................................. SUCCESS [ 0.097 s] [INFO] dependencies.jetty ................................. SUCCESS [ 0.144 s] [INFO] dependencies.jmx ................................... SUCCESS [ 0.133 s] [INFO] dependencies.json .................................. SUCCESS [ 0.336 s] [INFO] dependencies.log ................................... SUCCESS [ 0.164 s] [INFO] dependencies.lucene ................................ SUCCESS [ 0.049 s] [INFO] dependencies.openapi4j ............................. SUCCESS [ 0.095 s] [INFO] dependencies.opensaml .............................. SUCCESS [ 0.139 s] [INFO] dependencies.pdf ................................... SUCCESS [ 0.064 s] [INFO] dependencies.redis ................................. SUCCESS [ 0.205 s] [INFO] dependencies.reports ............................... SUCCESS [ 0.084 s] [INFO] dependencies.saaj .................................. SUCCESS [ 0.081 s] [INFO] dependencies.security .............................. SUCCESS [ 0.098 s] [INFO] dependencies.shared ................................ SUCCESS [ 0.442 s] [INFO] dependencies.spring ................................ SUCCESS [ 0.083 s] [INFO] dependencies.spring-ldap ........................... SUCCESS [ 0.019 s] [INFO] dependencies.spring-security ....................... SUCCESS [ 0.037 s] [INFO] dependencies.swagger ............................... SUCCESS [ 0.174 s] [INFO] dependencies.wss4j ................................. SUCCESS [ 0.106 s] [INFO] dependencies.testsuite ............................. SUCCESS [ 0.001 s] [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 0.125 s] [INFO] dependencies.testsuite.as .......................... SUCCESS [ 0.000 s] [INFO] dependencies.testsuite.as.wildfly27 ................ SUCCESS [ 0.109 s] [INFO] dependencies.testsuite.as.wildfly28 ................ SUCCESS [ 0.107 s] [INFO] dependencies.testsuite.as.wildfly35 ................ SUCCESS [ 0.142 s] [INFO] dependencies.testsuite.as.wildfly36 ................ SUCCESS [ 0.128 s] [INFO] dependencies.testsuite.as.wildfly37 ................ SUCCESS [ 0.122 s] [INFO] dependencies.testsuite.as.wildfly38 ................ SUCCESS [ 0.141 s] [INFO] dependencies.testsuite.as.tomcat10 ................. SUCCESS [ 0.018 s] [INFO] dependencies.testsuite.as.tomcat11 ................. SUCCESS [ 0.020 s] [INFO] dependencies.testsuite.test ........................ SUCCESS [ 0.001 s] [INFO] dependencies.testsuite.test.testng ................. SUCCESS [ 0.045 s] [INFO] dependencies.testsuite.test.junit4 ................. SUCCESS [ 0.019 s] [INFO] dependencies.testsuite.test.karate09 ............... SUCCESS [ 0.041 s] [INFO] dependencies.testsuite.test.logback ................ SUCCESS [ 0.033 s] [INFO] dependencies.testsuite.test.httpcore4 .............. SUCCESS [ 0.035 s] [INFO] dependencies.testsuite.test.spring5 ................ SUCCESS [ 0.045 s] [INFO] dependencies.testsuite.test.spring-ldap2 ........... SUCCESS [ 0.018 s] [INFO] dependencies.testsuite.test.apacheds ............... SUCCESS [ 0.129 s] [INFO] dependencies.testsuite.test.cxf3 ................... SUCCESS [ 0.045 s] [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 0.024 s] [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 0.009 s] [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 0.041 s] [INFO] compile ............................................ SUCCESS [ 0.001 s] [INFO] package ............................................ SUCCESS [ 0.000 s] [INFO] testsuite.utils .................................... SUCCESS [ 0.001 s] [INFO] testsuite.utils.sql ................................ SUCCESS [ 0.000 s] [INFO] testsuite.pdd.core ................................. SUCCESS [ 0.000 s] [INFO] testsuite.pdd.core.sql ............................. SUCCESS [ 0.001 s] [INFO] static_analysis.spotbugs ........................... SUCCESS [ 0.000 s] [INFO] static_analysis.sonarqube .......................... SUCCESS [ 0.000 s] [INFO] dynamic_analysis.zap ............................... SUCCESS [ 0.001 s] [INFO] coverage.jacoco .................................... SUCCESS [ 0.000 s] [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 8.813 s [INFO] Finished at: 2026-01-27T17:27:00+01:00 [INFO] ------------------------------------------------------------------------ [GovWay] $ /opt/apache-maven-3.9.10/bin/mvn -Dowasp.plugin.autoUpdate=true -Dpackage=none -DossIndexUsername=andrea.poli@link.it -Dcompile=none -Dowasp=verify -Dtestsuite=none -DossIndexPassword=6b31d4937d57ec65ccb3aed4ff8461107c8eeb5a -DnvdApiKey=f8281fbf-3d81-4e4a-9f03-ab68856b336d -Dowasp.plugin.failBuildOnAnyVulnerability=false verify [INFO] Scanning for projects... [INFO] ------------------------------------------------------------------------ [INFO] Reactor Build Order: [INFO] [INFO] govway [pom] [INFO] dependencies [pom] [INFO] dependencies.ant [pom] [INFO] dependencies.antinstaller [pom] [INFO] dependencies.angus [pom] [INFO] dependencies.bean-validation [pom] [INFO] dependencies.cxf [pom] [INFO] dependencies.commons [pom] [INFO] dependencies.console [pom] [INFO] dependencies.git [pom] [INFO] dependencies.httpcore [pom] [INFO] dependencies.jackson [pom] [INFO] dependencies.jakarta [pom] [INFO] dependencies.jaxb [pom] [INFO] dependencies.jetty [pom] [INFO] dependencies.jmx [pom] [INFO] dependencies.json [pom] [INFO] dependencies.log [pom] [INFO] dependencies.lucene [pom] [INFO] dependencies.openapi4j [pom] [INFO] dependencies.opensaml [pom] [INFO] dependencies.pdf [pom] [INFO] dependencies.redis [pom] [INFO] dependencies.reports [pom] [INFO] dependencies.saaj [pom] [INFO] dependencies.security [pom] [INFO] dependencies.shared [pom] [INFO] dependencies.spring [pom] [INFO] dependencies.spring-ldap [pom] [INFO] dependencies.spring-security [pom] [INFO] dependencies.swagger [pom] [INFO] dependencies.wss4j [pom] [INFO] dependencies.testsuite [pom] [INFO] dependencies.testsuite.axis14 [pom] [INFO] dependencies.testsuite.as [pom] [INFO] dependencies.testsuite.as.wildfly27 [pom] [INFO] dependencies.testsuite.as.wildfly28 [pom] [INFO] dependencies.testsuite.as.wildfly35 [pom] [INFO] dependencies.testsuite.as.wildfly36 [pom] [INFO] dependencies.testsuite.as.wildfly37 [pom] [INFO] dependencies.testsuite.as.wildfly38 [pom] [INFO] dependencies.testsuite.as.tomcat10 [pom] [INFO] dependencies.testsuite.as.tomcat11 [pom] [INFO] dependencies.testsuite.test [pom] [INFO] dependencies.testsuite.test.testng [pom] [INFO] dependencies.testsuite.test.junit4 [pom] [INFO] dependencies.testsuite.test.karate09 [pom] [INFO] dependencies.testsuite.test.logback [pom] [INFO] dependencies.testsuite.test.httpcore4 [pom] [INFO] dependencies.testsuite.test.spring5 [pom] [INFO] dependencies.testsuite.test.spring-ldap2 [pom] [INFO] dependencies.testsuite.test.apacheds [pom] [INFO] dependencies.testsuite.test.cxf3 [pom] [INFO] dependencies.testsuite.staticAnalysis [pom] [INFO] dependencies.testsuite.dynamicAnalysis [pom] [INFO] dependencies.testsuite.coverage [pom] [INFO] compile [pom] [INFO] package [pom] [INFO] testsuite.utils [pom] [INFO] testsuite.utils.sql [pom] [INFO] testsuite.pdd.core [pom] [INFO] testsuite.pdd.core.sql [pom] [INFO] static_analysis.spotbugs [pom] [INFO] static_analysis.sonarqube [pom] [INFO] dynamic_analysis.zap [pom] [INFO] coverage.jacoco [pom] [INFO] [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- [INFO] Building govway 1.0 [1/66] [INFO] from pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ [INFO] Building dependencies 1.0 [2/66] [INFO] from mvn/dependencies/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.dependencies --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.dependencies --- [INFO] Checking for updates ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] NVD API request failures are occurring; retrying request for the 1st time [INFO] NVD API has 523 records in this update [INFO] Downloaded 523/523 (100%) [INFO] Completed processing batch 1/1 (100%) in 1,867ms [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json [INFO] Begin database defrag [INFO] End database defrag (11285 ms) [INFO] Check for updates complete (24225 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (2 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (2 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Using MemorySegmentIndexInput and native madvise support with Java 21 or later; to disable start with -Dorg.apache.lucene.store.MMapDirectory.enableMemorySegments=false ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Java vector incubator module is not readable. For optimal vector performance, pass '--add-modules jdk.incubator.vector' to enable Vector API. [INFO] Created CPE Index (4 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (10 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished RetireJS Analyzer (10 seconds) [INFO] Finished Sonatype OSS Index Analyzer (4 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (32 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-gitlab.json ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] One or more dependencies were identified with known vulnerabilities in dependencies: angus-activation-2.0.2.jar (pkg:maven/org.eclipse.angus/angus-activation@2.0.2, cpe:2.3:a:eclipse:angus_mail:2.0.2:*:*:*:*:*:*:*) : CVE-2025-7962 codemodel-4.0.5.jar (pkg:maven/org.glassfish.jaxb/codemodel@4.0.5, cpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*) : CVE-2024-9329 cxf-rt-bindings-soap-4.1.3.jar (pkg:maven/org.apache.cxf/cxf-rt-bindings-soap@4.1.3, cpe:2.3:a:apache:cxf:4.1.3:*:*:*:*:*:*:*, cpe:2.3:a:apache:soap:4.1.3:*:*:*:*:*:*:*) : CVE-2022-40705 jakarta.servlet.jsp.jstl-3.0.1.jar (pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1, cpe:2.3:a:eclipse:glassfish:3.0.1:*:*:*:*:*:*:*) : CVE-2024-9329 jaxb-core-4.0.5.jar (pkg:maven/org.glassfish.jaxb/jaxb-core@4.0.5, cpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*) : CVE-2024-9329 json-schema-validator-1.5.7.jar (pkg:maven/com.networknt/json-schema-validator@1.5.7, cpe:2.3:a:json-schema_project:json-schema:1.5.7:*:*:*:*:*:*:*, cpe:2.3:a:validator:validator:1.5.7:*:*:*:*:*:*:*) : CVE-2025-15104 stax2-api-4.2.2.jar (pkg:maven/org.codehaus.woodstox/stax2-api@4.2.2, cpe:2.3:a:fasterxml:woodstox:4.2.2:*:*:*:*:*:*:*) : CVE-2022-40152 txw2-4.0.5.jar (pkg:maven/org.glassfish.jaxb/txw2@4.0.5, cpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*) : CVE-2024-9329 xsom-4.0.5.jar (pkg:maven/org.glassfish.jaxb/xsom@4.0.5, cpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*) : CVE-2024-9329 See the dependency-check report for more details. [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- [INFO] Building dependencies.ant 1.0 [3/66] [INFO] from mvn/dependencies/ant/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.ant --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.ant --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.ant --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (75 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (2 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (2 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ [INFO] Building dependencies.antinstaller 1.0 [4/66] [INFO] from mvn/dependencies/antinstaller/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.antinstaller --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.antinstaller --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (93 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (2 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.angus >---------------- [INFO] Building dependencies.angus 1.0 [5/66] [INFO] from mvn/dependencies/angus/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.angus --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/angus (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.angus --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.angus --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.angus --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (89 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (2 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (2 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] One or more dependencies were identified with known vulnerabilities in dependencies.angus: angus-activation-2.0.2.jar (pkg:maven/org.eclipse.angus/angus-activation@2.0.2, cpe:2.3:a:eclipse:angus_mail:2.0.2:*:*:*:*:*:*:*) : CVE-2025-7962 See the dependency-check report for more details. [INFO] [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- [INFO] Building dependencies.bean-validation 1.0 [6/66] [INFO] from mvn/dependencies/bean-validation/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.bean-validation --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.bean-validation --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (71 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- [INFO] Building dependencies.cxf 1.0 [7/66] [INFO] from mvn/dependencies/cxf/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.cxf --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-4.1.3.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-4.1.3.jar [INFO] Executed tasks [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.cxf --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.cxf --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (72 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (2 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] One or more dependencies were identified with known vulnerabilities in dependencies.cxf: cxf-rt-bindings-soap-4.1.3.jar (pkg:maven/org.apache.cxf/cxf-rt-bindings-soap@4.1.3, cpe:2.3:a:apache:cxf:4.1.3:*:*:*:*:*:*:*, cpe:2.3:a:apache:soap:4.1.3:*:*:*:*:*:*:*) : CVE-2022-40705 stax2-api-4.2.2.jar (pkg:maven/org.codehaus.woodstox/stax2-api@4.2.2, cpe:2.3:a:fasterxml:woodstox:4.2.2:*:*:*:*:*:*:*) : CVE-2022-40152 See the dependency-check report for more details. [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- [INFO] Building dependencies.commons 1.0 [8/66] [INFO] from mvn/dependencies/commons/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.commons --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.commons --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/commons/commons-jcs3-core-3.2.1.jar [INFO] Executed tasks [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.commons --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.commons --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (68 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (2 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.console >--------------- [INFO] Building dependencies.console 1.0 [9/66] [INFO] from mvn/dependencies/console/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.console --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/console (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.console --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.console --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.console --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (80 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished RetireJS Analyzer (3 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (5 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- [INFO] Building dependencies.git 1.0 [10/66] [INFO] from mvn/dependencies/git/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.git --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.git --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.git --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (72 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- [INFO] Building dependencies.httpcore 1.0 [11/66] [INFO] from mvn/dependencies/httpcore/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.httpcore --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.httpcore --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (73 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- [INFO] Building dependencies.jackson 1.0 [12/66] [INFO] from mvn/dependencies/jackson/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jackson --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jackson --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jackson --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (71 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (2 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.jakarta >--------------- [INFO] Building dependencies.jakarta 1.0 [13/66] [INFO] from mvn/dependencies/jakarta/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jakarta --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jakarta (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jakarta --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jakarta --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jakarta --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (74 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (2 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] One or more dependencies were identified with known vulnerabilities in dependencies.jakarta: jakarta.servlet.jsp.jstl-3.0.1.jar (pkg:maven/org.glassfish.web/jakarta.servlet.jsp.jstl@3.0.1, cpe:2.3:a:eclipse:glassfish:3.0.1:*:*:*:*:*:*:*) : CVE-2024-9329 See the dependency-check report for more details. [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.jaxb >---------------- [INFO] Building dependencies.jaxb 1.0 [14/66] [INFO] from mvn/dependencies/jaxb/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jaxb --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jaxb (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jaxb --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jaxb --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jaxb --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (75 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] One or more dependencies were identified with known vulnerabilities in dependencies.jaxb: codemodel-4.0.5.jar (pkg:maven/org.glassfish.jaxb/codemodel@4.0.5, cpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*) : CVE-2024-9329 jaxb-core-4.0.5.jar (pkg:maven/org.glassfish.jaxb/jaxb-core@4.0.5, cpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*) : CVE-2024-9329 txw2-4.0.5.jar (pkg:maven/org.glassfish.jaxb/txw2@4.0.5, cpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*) : CVE-2024-9329 xsom-4.0.5.jar (pkg:maven/org.glassfish.jaxb/xsom@4.0.5, cpe:2.3:a:eclipse:glassfish:4.0.5:*:*:*:*:*:*:*) : CVE-2024-9329 See the dependency-check report for more details. [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- [INFO] Building dependencies.jetty 1.0 [15/66] [INFO] from mvn/dependencies/jetty/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jetty --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jetty --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jetty --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (71 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.jmx >----------------- [INFO] Building dependencies.jmx 1.0 [16/66] [INFO] from mvn/dependencies/jmx/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.jmx --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jmx (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jmx --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jmx --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.jmx --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (67 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- [INFO] Building dependencies.json 1.0 [17/66] [INFO] from mvn/dependencies/json/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.json --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14.jar [INFO] Executed tasks [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-networknt) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.5.7.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.5.7.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-validator) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.14-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-validator-2.2.14-gov4j-1.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-core) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.14.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_json-schema-core-1.2.14.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-2.0.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-jackson-equivalence) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/jackson-coreutils-equivalence-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_jackson-coreutils-equivalence-1.0.jar [INFO] [INFO] --- copy-rename:1.0:rename (rename-file-github-uri-template) @ org.openspcoop2.json --- [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/github_uri-template-0.10.jar [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.json --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.json --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (72 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] One or more dependencies were identified with known vulnerabilities in dependencies.json: json-schema-validator-1.5.7.jar (pkg:maven/com.networknt/json-schema-validator@1.5.7, cpe:2.3:a:json-schema_project:json-schema:1.5.7:*:*:*:*:*:*:*, cpe:2.3:a:validator:validator:1.5.7:*:*:*:*:*:*:*) : CVE-2025-15104 See the dependency-check report for more details. [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- [INFO] Building dependencies.log 1.0 [18/66] [INFO] from mvn/dependencies/log/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.log --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.17.jar [INFO] Executed tasks [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.log --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.log --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (71 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- [INFO] Building dependencies.lucene 1.0 [19/66] [INFO] from mvn/dependencies/lucene/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.lucene --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.lucene --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.lucene --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (70 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- [INFO] Building dependencies.openapi4j 1.0 [20/66] [INFO] from mvn/dependencies/openapi4j/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar [INFO] Executed tasks [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.openapi4j --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.openapi4j --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (70 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- [INFO] Building dependencies.opensaml 1.0 [21/66] [INFO] from mvn/dependencies/opensaml/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.opensaml --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.opensaml --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (70 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- [INFO] Building dependencies.pdf 1.0 [22/66] [INFO] from mvn/dependencies/pdf/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.pdf --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.pdf --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.pdf --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (80 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- [INFO] Building dependencies.redis 1.0 [23/66] [INFO] from mvn/dependencies/redis/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.redis --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.redis --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.redis --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (68 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- [INFO] Building dependencies.reports 1.0 [24/66] [INFO] from mvn/dependencies/reports/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.reports --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.reports --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.reports --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (67 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- [INFO] Building dependencies.saaj 1.0 [25/66] [INFO] from mvn/dependencies/saaj/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.saaj --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-3.0.4.jar [INFO] Executed tasks [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.saaj --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.saaj --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (72 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- [INFO] Building dependencies.security 1.0 [26/66] [INFO] from mvn/dependencies/security/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.security --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.security --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.security --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (69 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- [INFO] Building dependencies.shared 1.0 [27/66] [INFO] from mvn/dependencies/shared/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.shared --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-12.7.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-2.4.jar [INFO] Executed tasks [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.shared --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.shared --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (75 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (2 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (3 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- [INFO] Building dependencies.spring 1.0 [28/66] [INFO] from mvn/dependencies/spring/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (67 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- [INFO] Building dependencies.spring-ldap 1.0 [29/66] [INFO] from mvn/dependencies/spring-ldap/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-ldap --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring-ldap --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (66 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- [INFO] Building dependencies.spring-security 1.0 [30/66] [INFO] from mvn/dependencies/spring-security/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-security --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring-security --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (74 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished RetireJS Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- [INFO] Building dependencies.swagger 1.0 [31/66] [INFO] from mvn/dependencies/swagger/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.swagger --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.29.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.44.9.jar [INFO] Executed tasks [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.swagger --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.swagger --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (73 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished RetireJS Analyzer (6 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (8 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- [INFO] Building dependencies.wss4j 1.0 [32/66] [INFO] from mvn/dependencies/wss4j/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-4.0.0.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-4.0.0.jar [INFO] Executed tasks [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.wss4j --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.wss4j --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (70 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.46-gov4j-1.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The following template can be used to demonstrate the vulnerability: ```{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` ## Recommendation Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 11974, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-core@.*$, regex=true, caseSensitive=false},cve={CVE-2025-48976,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons-fileupload2-jakarta@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_fileupload, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.github\.java-json-tools/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.richfaces\.ui/beanValidator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- [INFO] Building dependencies.testsuite 1.0 [33/66] [INFO] from mvn/dependencies/testsuite/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (69 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- [INFO] Building dependencies.testsuite.axis14 1.0 [34/66] [INFO] from mvn/dependencies/testsuite/axis14/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axis14 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- [INFO] [INFO] --- antrun:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- [INFO] Executing tasks [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar [INFO] Executed tasks [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.axis14 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.axis14 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (69 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- [INFO] Building dependencies.testsuite.as 1.0 [35/66] [INFO] from mvn/dependencies/testsuite/applicationServer/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (167 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly27 >-- [INFO] Building dependencies.testsuite.as.wildfly27 1.0 [36/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly27/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly27 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly27 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (94 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly28 >-- [INFO] Building dependencies.testsuite.as.wildfly28 1.0 [37/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly28/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly28 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly28 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (88 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly35 >-- [INFO] Building dependencies.testsuite.as.wildfly35 1.0 [38/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly35/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly35 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly35 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (68 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly36 >-- [INFO] Building dependencies.testsuite.as.wildfly36 1.0 [39/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly36/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly36 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly36 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (68 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly37 >-- [INFO] Building dependencies.testsuite.as.wildfly37 1.0 [40/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly37/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly37 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly37 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (70 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly38 >-- [INFO] Building dependencies.testsuite.as.wildfly38 1.0 [41/66] [INFO] from mvn/dependencies/testsuite/applicationServer/wildfly38/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly38 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly38 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (71 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat10 >-- [INFO] Building dependencies.testsuite.as.tomcat10 1.0 [42/66] [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat10/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat10 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.tomcat10 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (69 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat11 >-- [INFO] Building dependencies.testsuite.as.tomcat11 1.0 [43/66] [INFO] from mvn/dependencies/testsuite/applicationServer/tomcat11/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat11 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.tomcat11 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (69 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- [INFO] Building dependencies.testsuite.test 1.0 [44/66] [INFO] from mvn/dependencies/testsuite/test/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (68 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.testng >-------- [INFO] Building dependencies.testsuite.test.testng 1.0 [45/66] [INFO] from mvn/dependencies/testsuite/test/testng/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.testng --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.testng --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.testng --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.testng --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (70 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.junit4 >-------- [INFO] Building dependencies.testsuite.test.junit4 1.0 [46/66] [INFO] from mvn/dependencies/testsuite/test/junit4/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.junit4 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit4 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.junit4 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.junit4 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.junit4 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (68 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.karate09 >------- [INFO] Building dependencies.testsuite.test.karate09 1.0 [47/66] [INFO] from mvn/dependencies/testsuite/test/karate09/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.karate09 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate09 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.karate09 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.karate09 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.karate09 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (65 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.logback >------- [INFO] Building dependencies.testsuite.test.logback 1.0 [48/66] [INFO] from mvn/dependencies/testsuite/test/logback/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.logback --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.logback --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.logback --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.logback --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (71 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.test.httpcore4 >------ [INFO] Building dependencies.testsuite.test.httpcore4 1.0 [49/66] [INFO] from mvn/dependencies/testsuite/test/httpcore4/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.httpcore4 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/httpcore4 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.httpcore4 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.httpcore4 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.httpcore4 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (79 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.test.spring5 >------- [INFO] Building dependencies.testsuite.test.spring5 1.0 [50/66] [INFO] from mvn/dependencies/testsuite/test/spring5/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring5 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring5 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring5 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.spring5 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.spring5 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (70 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (1 seconds) [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json [INFO] [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.test.spring-ldap2 >----- [INFO] Building dependencies.testsuite.test.spring-ldap2 1.0 [51/66] [INFO] from mvn/dependencies/testsuite/test/spring-ldap2/pom.xml [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- clean:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test.spring-ldap2 --- [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap2 (includes = [*.jar], excludes = []) [INFO] [INFO] --- dependency:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test.spring-ldap2 --- [INFO] [INFO] --- antrun:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test.spring-ldap2 --- [INFO] Executing tasks [INFO] Executed tasks [INFO] [INFO] --- dependency-check:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test.spring-ldap2 --- [INFO] Checking for updates [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. [INFO] Check for updates complete (66 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) ha:////4KPdy0SR/O3P/nBKZhd8tZk7LAvVAcNexCInftOY0HSsAAAAYh+LCAAAAAAAAP9b85aBtbiIQSWjNKU4P0+vJLE4u1gvPjexLDVPzxdEhicW5WXmpfvll6SeOJwgmrt9CSsTA0NFEYMUVEtyfl5xfk6qnjOEBilkgABGkMICAEQzmI1iAAAA[WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314) Caused by: org.xml.sax.SAXException: Line=3, Column=28: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1465) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1443) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:261) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:615) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3079) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:114) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:542) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:889) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:825) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1224) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:637) at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283) at org.apache.maven.cli.MavenCli.main (MavenCli.java:206) at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke (Method.java:580)