Jenkinsfile pipeline with DependenceCheck fail with RetireJS checking

Question

Error as below:

[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  29.902 s
[INFO] Finished at: 2021-01-21T09:58:57+08:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.0.5:check (default-cli) on project core-account-service: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
[ERROR]     InitializationException: Unable to initialize the Retire JS respository
[ERROR]         caused by UpdateException: Failed to initialize the RetireJS repo
[ERROR]         caused by DownloadFailedException: Download failed, unable to copy 'https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json' to '/app/repository/org/owasp/dependency-check-utils/6.0.5/../../dependency-check-data/5.0/jsrepository.json'; Error downloading file https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json; unable to connect.
[ERROR]         caused by DownloadFailedException: Error downloading file https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json; unable to connect.
[ERROR]         caused by ConnectException: Connection refused (Connection refused)
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.

Jenkins Pipeline

        stage('dependencyCheck') {
          steps {
            parallel(
              dependencyCheck: {
                          sh 'mvn org.owasp:dependency-check-maven:check -Ddependency-check-format=XML -DdisableRetireJS -DdisableNodeJS'
                          step([$class: 'DependencyCheckPublisher', unstableTotalAll: '0'])
              }
            )
          }
        }

        stage('dependencyCheck') {
          steps {
            parallel(
              dependencyCheck: {
                          sh 'mvn org.owasp:dependency-check-maven:check -Ddependency-check-format=XML --disableRetireJS --disableNodeJS'
                          step([$class: 'DependencyCheckPublisher', unstableTotalAll: '0'])
              }
            )
          }
        }

When we try to integrate Dependency-check with Jenkins Pipelow as above showing, it's failed.

Any idea about how to add disableRetireJS and disableNodeJS , when use mvn org.owasp:dependency-check-maven:check

Answer 1

Solution not related to Jenkins pipeline, but may help someone on GitLab.

DependencyCheck Version

id "org.owasp.dependencycheck" version "8.4.0"

We were experiencing same issue on GitLab

A new version of dependency-check is available. Consider updating to version 8.4.2.
Exception occurred initializing RetireJS Analyzer.
> Task :dependencyCheckAnalyze FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':dependencyCheckAnalyze'.
> Analysis failed.

We were able to fix this by disabling the reitrejs by adding below code

analyzers {
        retirejs {
            enabled = false
        }
    }

Full dependencyCheck task looks like below

dependencyCheck {
    analyzers {
        retirejs {
            enabled = false
        }
    }
    formats = ['XML', 'JSON']
    failBuildOnCVSS = 2
    failOnError = true
    suppressionFile = 'config/dependency-check/suppressions.xml'
    check.dependsOn(dependencyCheckAnalyze)
}