dependency-check: Sonatype OSS Index Analyzer的重试机制
dependency-check: retry mechanism for Sonatype OSS Index Analyser
我在使用 Sonatype OSS 索引分析器时遇到临时问题。我很确定这是由于我必须通过我们在公司的代理。部分请求失败:
15:25:48 13:25:48.165 [WARN] [org.owasp.dependencycheck.AnalysisTask] An error occurred while analyzing '/tmp/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.5.7/dda059f4908e1b548b7ba68d81a3b05897f27cb0/httpclient-4.5.7.jar' (Sonatype OSS Index Analyzer).
15:25:48 13:25:48.166 [DEBUG] [org.owasp.dependencycheck.AnalysisTask]
15:25:48 org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
15:25:48 at org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:149)
15:25:48 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
15:25:48 at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
15:25:48 at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
15:25:48 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
15:25:48 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
15:25:48 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
15:25:48 at java.lang.Thread.run(Thread.java:748)
15:25:48 Caused by: java.net.SocketException: Connection reset
下一个请求没问题:
15:25:48 13:25:48.166 [DEBUG] [org.owasp.dependencycheck.AnalysisTask] Begin Analysis of '/tmp/caches/modules-2/files-2.1/commons-io/commons-io/2.6/815893df5f31da2ece4040fe0a12fd44b577afaf/commons-io-2.6.jar' (Sonatype OSS Index Analyzer)
但是因为一个失败的请求,整个构建都失败了。
是否可以创建Sonatype OSS索引的镜像或设置重试值?
我解决了我的问题。
解决方案是将 bouncycastle jar 放入 JAVA JRE,如下所述:
但也许 Sonatype OSS Index Analyzer 的重试机制仍然是个好主意。
我在使用 Sonatype OSS 索引分析器时遇到临时问题。我很确定这是由于我必须通过我们在公司的代理。部分请求失败:
15:25:48 13:25:48.165 [WARN] [org.owasp.dependencycheck.AnalysisTask] An error occurred while analyzing '/tmp/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.5.7/dda059f4908e1b548b7ba68d81a3b05897f27cb0/httpclient-4.5.7.jar' (Sonatype OSS Index Analyzer).
15:25:48 13:25:48.166 [DEBUG] [org.owasp.dependencycheck.AnalysisTask]
15:25:48 org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
15:25:48 at org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:149)
15:25:48 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
15:25:48 at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
15:25:48 at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
15:25:48 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
15:25:48 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
15:25:48 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
15:25:48 at java.lang.Thread.run(Thread.java:748)
15:25:48 Caused by: java.net.SocketException: Connection reset
下一个请求没问题:
15:25:48 13:25:48.166 [DEBUG] [org.owasp.dependencycheck.AnalysisTask] Begin Analysis of '/tmp/caches/modules-2/files-2.1/commons-io/commons-io/2.6/815893df5f31da2ece4040fe0a12fd44b577afaf/commons-io-2.6.jar' (Sonatype OSS Index Analyzer)
但是因为一个失败的请求,整个构建都失败了。 是否可以创建Sonatype OSS索引的镜像或设置重试值?
我解决了我的问题。
解决方案是将 bouncycastle jar 放入 JAVA JRE,如下所述:
但也许 Sonatype OSS Index Analyzer 的重试机制仍然是个好主意。