Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to see the transitive dependencies in the report after the scan? #6550

Open
JyotsanaShankar opened this issue Mar 26, 2024 · 4 comments
Open

How to see the transitive dependencies in the report after the scan? #6550

JyotsanaShankar opened this issue Mar 26, 2024 · 4 comments
Labels
question

Comments

@JyotsanaShankar
Copy link

I am a new user and I scanned the DependencyCheck code using the DependencyCheck itself. But I am not able to see transitive dependencies. Can you please help me how to check that?
@jeremylong
Copy link
Owner

Use the Maven or Gradle plugin to scan your Java projects. Avoid the CLI/Docker/GitHub Action.

@JyotsanaShankar
Copy link
Author

I tried to install maven maven and got these errors, not able to understand the reason...how to resolve this?

[ERROR] Errors:
[ERROR] GolangModAnalyzerTest.testGoMod:97 » Runtime java.io.IOException: Could not start 'go mod edit' in path 'C:\Users\I575878\Projects\DependencyCheck\core\target\temp\dctemp8e4b4df2-6409-4986-9528-48746c528ca0'. Details: CreateProcess error=2, The system cannot find the file specified
[INFO]
[ERROR] Tests run: 477, Failures: 0, Errors: 1, Skipped: 14
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Dependency-Check 9.0.10-SNAPSHOT:
[INFO]
[INFO] Dependency-Check ................................... SUCCESS [ 9.251 s]
[INFO] Dependency-Check Utils ............................. SUCCESS [ 43.398 s]
[INFO] Dependency-Check Core .............................. FAILURE [01:28 min]
[INFO] Dependency-Check Command Line ...................... SKIPPED
[INFO] Dependency-Check Ant Task .......................... SKIPPED
[INFO] Dependency-Check Maven Plugin ...................... SKIPPED
[INFO] Dependency-Check Plugin Archetype .................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:22 min
[INFO] Finished at: 2024-03-26T19:11:46+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:3.2.2:test (default-test) on project dependency-check-core:
[ERROR]
[ERROR] Please refer to C:\Users\I575878\Projects\DependencyCheck\core\target\surefire-reports for the individual test results.
[ERROR] Please refer to dump files (if any exist) [date].dump, [date]-jvmRun[N].dump and [date].dumpstream.
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn -rf :dependency-check-core

@JyotsanaShankar
Copy link
Author

Use the Maven or Gradle plugin to scan your Java projects. Avoid the CLI/Docker/GitHub Action.

Is there any steps or guide or any youtube video to do that can you please share that?

@jeremylong
Copy link
Owner

The only thing I've created is the documentation:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeremylong @JyotsanaShankar