1

我对 Sonatype OSS 索引分析器有暂时的问题。我很确定这是由于我必须通过公司的代理。一些请求失败:

15:25:48  13:25:48.165 [WARN] [org.owasp.dependencycheck.AnalysisTask] An error occurred while analyzing '/tmp/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.5.7/dda059f4908e1b548b7ba68d81a3b05897f27cb0/httpclient-4.5.7.jar' (Sonatype OSS Index Analyzer).
15:25:48  13:25:48.166 [DEBUG] [org.owasp.dependencycheck.AnalysisTask] 
15:25:48  org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
15:25:48    at org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:149)
15:25:48    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
15:25:48    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
15:25:48    at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
15:25:48    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
15:25:48    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
15:25:48    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
15:25:48    at java.lang.Thread.run(Thread.java:748)
15:25:48  Caused by: java.net.SocketException: Connection reset

下一个请求很好:

15:25:48  13:25:48.166 [DEBUG] [org.owasp.dependencycheck.AnalysisTask] Begin Analysis of '/tmp/caches/modules-2/files-2.1/commons-io/commons-io/2.6/815893df5f31da2ece4040fe0a12fd44b577afaf/commons-io-2.6.jar' (Sonatype OSS Index Analyzer)

但是由于一个失败请求,整个构建失败了。是否可以创建 Sonatype OSS 索引的镜像或设置重试值?

4

1 回答 1

1

我解决了我的问题。解决方案是将 bouncycastle jar 放入 JAVA JRE 中,如下所述: EC2 Linux 机器上安装的 OpenJDK 8 不支持 ECDHE 密码套件

但也许 Sonatype OSS Index Analyzer 的重试机制仍然是一个好主意。

于 2020-04-28T11:59:42.040 回答