Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI argument --retireJsUrl fails for filenames other than jsrepository.json (using via Jenkins) #2120

Closed
jortkoopmans opened this issue Aug 2, 2019 · 3 comments
Closed

CLI argument --retireJsUrl fails for filenames other than jsrepository.json (using via Jenkins) #2120

jortkoopmans opened this issue Aug 2, 2019 · 3 comments
Labels
bug

Comments

@jortkoopmans
Copy link

Describe the bug
When using DependencyChecker with the --retireJsUrl argument, it will fail if the obtained json file is using a different filename than 'jsrepository.json'.
I'm using the new DependencyChecker 5.2.0 via Jenkins, which is having the new 'decoupled' wrapper around the cli.
I'm passing the --retireJsUrl there, like;
dependencyCheck additionalArguments: 'https://somelocalurl/jsrepository-alt.json', odcInstallation: 'Dependency-Check5.2.0'.

When the local resource location is using the exact same file name as the standard one on;
https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json
e.g.;
https://somelocalurl/jsrepository.json
it works fine.

** Version of dependency-check used **
The problem occurs using version 5.2.0 of the cli, started by Jenkins using the new plugin structure.

** Log file **
I don't get much logging via Jenkins. Only get;
[DependencyCheck] [ERROR] Failed to initialize the RetireJS repo

To Reproduce
Steps to reproduce the behavior:

  1. Set up a mirror of the jsrepository.json file, using an alternative filename
  2. Configure DependencyChecker to use it, with the --retireJsUrl argument
  3. Run DependencyCheck.
  4. See error

Expected behavior
That the --retireJsUrl also allows for an alternative filename (since it's part of the full provide URL).

Additional context
What I'm thinking is that the code is just expecting to find the jsrepository.json file locally (after being downloaded from somewhere). It's likely a small glitch?
@jeremylong
Copy link
Owner

We do not support an alternate name for the retire JS repository and do not plan to support this. Please use jsrepository.json.

@jortkoopmans
Copy link
Author

Ok, thanks for responding. Good to know it's not intended to be working like this (and not considered for the future), which was not obvious to me from the documentation. Would you consider making this more clear on the documentation (https://github.com/jeremylong/DependencyCheck/blob/master/cli/src/site/markdown/arguments.md)?

jeremylong added a commit that referenced this issue Aug 4, 2019
@jeremylong
update documentation per #2120
12a9762
@lock lock bot locked and limited conversation to collaborators Sep 2, 2019
Repository owner unlocked this conversation Dec 4, 2019
@jeremylong
Copy link
Owner

An update is being included in the next release that will allow for custom JS repository names. In the next release we will be using the filename as defined in the --retireJsURL (or comparable argument depending on the implementation used).

@lock lock bot locked and limited conversation to collaborators Jan 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeremylong @jortkoopmans