kandi background
Explore Kits

DependencyCheck | OWASP dependencycheck is a software composition analysis utility | Security library

 by   jeremylong Java Version: v7.0.4 License: Apache-2.0

 by   jeremylong Java Version: v7.0.4 License: Apache-2.0

Download this library from

kandi X-RAY | DependencyCheck Summary

DependencyCheck is a Java library typically used in Financial Services, Banks, Payments, Security, Maven applications. DependencyCheck has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has medium support. You can download it from GitHub, Maven.
[![Maven Central](https://img.shields.io/maven-central/v/org.owasp/dependency-check-maven.svg)](https://mvnrepository.com/artifact/org.owasp/dependency-check-maven) ![Build and Deploy](https://github.com/jeremylong/DependencyCheck/workflows/Build%20and%20Deploy/badge.svg?branch=main) [![Coverity Scan Build Status](https://img.shields.io/coverity/scan/1654.svg)](https://scan.coverity.com/projects/dependencycheck) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/6b6021d481dc41a888c5da0d9ecf9494)](https://www.codacy.com/app/jeremylong/DependencyCheck?utm_source=github.com&utm_medium=referral&utm_content=jeremylong/DependencyCheck&utm_campaign=Badge_Grade) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/843/badge)](https://bestpractices.coreinfrastructure.org/projects/843) [![Apache 2.0 License](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0.txt). [![Black Hat Arsenal](https://raw.githubusercontent.com/toolswatch/badges/master/arsenal/usa/2018.svg?sanitize=true)](http://www.toolswatch.org/2018/05/black-hat-arsenal-usa-2018-the-w0w-lineup/) [![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2015.svg)](https://www.toolswatch.org/2015/06/black-hat-arsenal-usa-2015-speakers-lineup/) [![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2014.svg)](https://www.toolswatch.org/2014/06/black-hat-usa-2014-arsenal-tools-speaker-list/) [![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2013.svg)](https://www.toolswatch.org/2013/06/announcement-blackhat-arsenal-usa-2013-selected-tools/).
Support
Support
Quality
Quality
Security
Security
License
License
Reuse
Reuse

kandi-support Support

  • DependencyCheck has a medium active ecosystem.
  • It has 3986 star(s) with 916 fork(s). There are 153 watchers for this library.
  • There were 5 major release(s) in the last 6 months.
  • There are 320 open issues and 2581 have been closed. On average issues are closed in 14 days. There are 6 open pull requests and 0 closed requests.
  • It has a neutral sentiment in the developer community.
  • The latest version of DependencyCheck is v7.0.4
DependencyCheck Support
Best in #Security
Average in #Security
DependencyCheck Support
Best in #Security
Average in #Security

quality kandi Quality

  • DependencyCheck has 0 bugs and 0 code smells.
DependencyCheck Quality
Best in #Security
Average in #Security
DependencyCheck Quality
Best in #Security
Average in #Security

securitySecurity

  • DependencyCheck has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
  • DependencyCheck code analysis shows 0 unresolved vulnerabilities.
  • There are 0 security hotspots that need review.
DependencyCheck Security
Best in #Security
Average in #Security
DependencyCheck Security
Best in #Security
Average in #Security

license License

  • DependencyCheck is licensed under the Apache-2.0 License. This license is Permissive.
  • Permissive licenses have the least restrictions, and you can use them in most projects.
DependencyCheck License
Best in #Security
Average in #Security
DependencyCheck License
Best in #Security
Average in #Security

buildReuse

  • DependencyCheck releases are available to install and integrate.
  • Deployable package is available in Maven.
  • Build file is available. You can build the component from source.
  • Installation instructions are not available. Examples and code snippets are available.
  • It has 99962 lines of code, 3326 functions and 624 files.
  • It has high code complexity. Code complexity directly impacts maintainability of the code.
DependencyCheck Reuse
Best in #Security
Average in #Security
DependencyCheck Reuse
Best in #Security
Average in #Security
Top functions reviewed by kandi - BETA

kandi has reviewed DependencyCheck and discovered the below as its top functions. This is intended to give you an instant insight into DependencyCheck implemented functionality, and help decide if they suit your requirements.

  • Sets the evidence of the pom .
  • Collects dependency management dependencies .
  • Update the description of the assembly .
  • Checks if the CPE matches .
  • Update CVE values .
  • Updates the CVE value in the database .
  • Checks whether the dependency matches .
  • Attempt to determine the ecosystem based on the vendor information .
  • Initializes the database driver .
  • Process node dependencies .

DependencyCheck Key Features

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Dependency-Check

copy iconCopydownload iconDownload
If upgrading to 7.0.0 or higher, there were breaking changes. If you get an error indicating you can't connect
to the database you will need to run the purge command to remove the old database:
- gradle: `./gradlew dependencyCheckPurge`
- maven: `mvn org.owasp:dependency-check-maven:7.0.0:purge`
- cli: `dependency-check.sh --purge`

Homebrew users upgrading to dependency-check 7.0.0 will need to purge their old database.

Current Releases
-------------
### Jenkins Plugin

For instructions on the use of the Jenkins plugin please see the [OWASP Dependency-Check Plugin page](https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin).

### Command Line

More detailed instructions can be found on the
[dependency-check github pages](http://jeremylong.github.io/DependencyCheck/dependency-check-cli/).
The latest CLI can be downloaded from github in the [releases section](https://github.com/jeremylong/DependencyCheck/releases).

On *nix
```
$ ./bin/dependency-check.sh -h
$ ./bin/dependency-check.sh --out . --scan [path to jar files to be scanned]
```
On Windows
```
> .\bin\dependency-check.bat -h
> .\bin\dependency-check.bat --out . --scan [path to jar files to be scanned]
```
On Mac with [Homebrew](http://brew.sh)
Note - homebrew users upgrading from 5.x to 6.0.0 will need to run `dependency-check.sh --purge`.
```
$ brew update && brew install dependency-check
$ dependency-check -h
$ dependency-check --out . --scan [path to jar files to be scanned]
```

### Maven Plugin

More detailed instructions can be found on the [dependency-check-maven github pages](http://jeremylong.github.io/DependencyCheck/dependency-check-maven).
By default, the plugin is tied to the `verify` phase (i.e. `mvn verify`). Alternatively,
one can directly invoke the plugin via `mvn org.owasp:dependency-check-maven:check`.

The dependency-check plugin can be configured using the following:

```xml
<project>
    <build>
        <plugins>
            ...
            <plugin>
              <groupId>org.owasp</groupId>
              <artifactId>dependency-check-maven</artifactId>
              <executions>
                  <execution>
                      <goals>
                          <goal>check</goal>
                      </goals>
                  </execution>
              </executions>
            </plugin>
            ...
        </plugins>
        ...
    </build>
    ...
</project>
```

### Ant Task

For instructions on the use of the Ant Task, please see the [dependency-check-ant github page](http://jeremylong.github.io/DependencyCheck/dependency-check-ant).

Development Prerequisites
-------------

For installation to pass, you must have the following components installed:
* Java: `java -version` 1.8
* Maven: `mvn -version` 3.5.0 and higher

Tests cases require:
* dotnet core version 6.0
* Go: `go version` 1.12 and higher
* Ruby [bundler-audit](https://github.com/rubysec/bundler-audit#install)
* [Yarn](https://classic.yarnpkg.com/en/docs/install/)
* [pnpm](https://pnpm.io/installation)

Development Usage
-------------
The following instructions outline how to compile and use the current snapshot. While every intention is to maintain a stable snapshot it is recommended
that the release versions listed above be used.

The repository has some large files due to test resources. The team has tried to clean up the history as much as possible.
However, it is recommended that you perform a shallow clone to save yourself time:

```bash
git clone --depth 1 https://github.com/jeremylong/DependencyCheck.git
```

On *nix
```
$ mvn -s settings.xml install
$ ./cli/target/release/bin/dependency-check.sh -h
$ ./cli/target/release/bin/dependency-check.sh --out . --scan ./src/test/resources
```
On Windows
```
> mvn -s settings.xml install
> .\cli\target\release\bin\dependency-check.bat -h
> .\cli\target\release\bin\dependency-check.bat --out . --scan ./src/test/resources
```

Then load the resulting 'dependency-check-report.html' into your favorite browser.

### Docker

In the following example it is assumed that the source to be checked is in the current working directory and the reports will be written to `$(pwd)/odc-reports`. Persistent data and cache directories are used, allowing you to destroy the container after running.

For Linux:
```sh
#!/bin/sh

DC_VERSION="latest"
DC_DIRECTORY=$HOME/OWASP-Dependency-Check
DC_PROJECT="dependency-check scan: $(pwd)"
DATA_DIRECTORY="$DC_DIRECTORY/data"
CACHE_DIRECTORY="$DC_DIRECTORY/data/cache"

if [ ! -d "$DATA_DIRECTORY" ]; then
    echo "Initially creating persistent directory: $DATA_DIRECTORY"
    mkdir -p "$DATA_DIRECTORY"
fi
if [ ! -d "$CACHE_DIRECTORY" ]; then
    echo "Initially creating persistent directory: $CACHE_DIRECTORY"
    mkdir -p "$CACHE_DIRECTORY"
fi

# Make sure we are using the latest version
docker pull owasp/dependency-check:$DC_VERSION

docker run --rm \
    -e user=$USER \
    -u $(id -u ${USER}):$(id -g ${USER}) \
    --volume $(pwd):/src:z \
    --volume "$DATA_DIRECTORY":/usr/share/dependency-check/data:z \
    --volume $(pwd)/odc-reports:/report:z \
    owasp/dependency-check:$DC_VERSION \
    --scan /src \
    --format "ALL" \
    --project "$DC_PROJECT" \
    --out /report
    # Use suppression like this: (where /src == $pwd)
    # --suppression "/src/security/dependency-check-suppression.xml"
```

For Windows:
```bat
@echo off

set DC_VERSION="latest"
set DC_DIRECTORY=%USERPROFILE%\OWASP-Dependency-Check
SET DC_PROJECT="dependency-check scan: %CD%"
set DATA_DIRECTORY="%DC_DIRECTORY%\data"
set CACHE_DIRECTORY="%DC_DIRECTORY%\data\cache"

IF NOT EXIST %DATA_DIRECTORY% (
    echo Initially creating persistent directory: %DATA_DIRECTORY%
    mkdir %DATA_DIRECTORY%
)
IF NOT EXIST %CACHE_DIRECTORY% (
    echo Initially creating persistent directory: %CACHE_DIRECTORY%
    mkdir %CACHE_DIRECTORY%
)

rem Make sure we are using the latest version
docker pull owasp/dependency-check:%DC_VERSION%

docker run --rm ^
    --volume %CD%:/src ^
    --volume %DATA_DIRECTORY%:/usr/share/dependency-check/data ^
    --volume %CD%/odc-reports:/report ^
    owasp/dependency-check:%DC_VERSION% ^
    --scan /src ^
    --format "ALL" ^
    --project "%DC_PROJECT%" ^
    --out /report
    rem Use suppression like this: (where /src == %CD%)
    rem --suppression "/src/security/dependency-check-suppression.xml"
```

Building From Source
-------------
To build dependency-check (using Java 8) run the command:

```
mvn -s settings.xml install
```

Building the documentation
--------------------------

The documentation on the [github pages](http://jeremylong.github.io/DependencyCheck/) is generated from this repository:

    mvn -s settings.xml site  site:staging

Once done, point your browser to `./target/staging/index.html`.

Building The Docker Image
-------------
To build dependency-check docker image run the command:

```
mvn -s settings.xml install
./build-docker.sh
```

License
-------

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt](https://raw.githubusercontent.com/jeremylong/DependencyCheck/master/LICENSE.txt) file for the full license.

Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt][notices] file for more information.

Copyright (c) 2012-2022 Jeremy Long. All Rights Reserved.

  [wiki]: https://github.com/jeremylong/DependencyCheck/wiki
  [notices]: https://github.com/jeremylong/DependencyCheck/blob/master/NOTICE.txt

dependency-check-maven - suppression not working

copy iconCopydownload iconDownload
  <suppress>
    <notes>
      <![CDATA[
      file name: h2-1.4.200.jar
      ]]>
    </notes>
    <packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
    <vulnerabilityName>CVE-2021-23463</vulnerabilityName>
  </suppress>
  <suppress>
    <notes>
      <![CDATA[
      file name: h2-1.4.200.jar
      ]]>
    </notes>
    <filePath regex="true">.*\/h2database.*\.jar</filePath>
    <vulnerabilityName>CVE-2021-23463</vulnerabilityName>
  </suppress>
-----------------------
  <suppress>
    <notes>
      <![CDATA[
      file name: h2-1.4.200.jar
      ]]>
    </notes>
    <packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
    <vulnerabilityName>CVE-2021-23463</vulnerabilityName>
  </suppress>
  <suppress>
    <notes>
      <![CDATA[
      file name: h2-1.4.200.jar
      ]]>
    </notes>
    <filePath regex="true">.*\/h2database.*\.jar</filePath>
    <vulnerabilityName>CVE-2021-23463</vulnerabilityName>
  </suppress>

BeanDefinitionOverrideException when supplying bean for integration test / @SpringBootTest

copy iconCopydownload iconDownload
spring:
  main:
    allow-bean-definition-overriding: true
-----------------------
    @TestConfiguration
    static class ClockTestConfiguration {

        @Bean("fixedClock")
        @Primary
        public Clock clock() {
            return Clock.fixed(Instant.ofEpochMilli(1635513004000L), ZoneId.systemDefault());
        }
    }

Getting zero coverage on sonarQube after publishing sonar report via ci-pipeline

copy iconCopydownload iconDownload
run_sonar() {
      run_mvn \
        -Dsonar.projectKey=UI-Service \
        -Dsonar.host.url=xxx \
        -Dsonar.login=${SONAR_TOKEN} \
        -Dsonar.sources=src/main \
        -Dsonar.tests=src/test \
        package \
        sonar:sonar
}
-----------------------
<execution>
  <id>pre-unit-test</id>
  <goals>
    <goal>prepare-agent</goal>
  </goals>
  <configuration>
    <propertyName>surefireArgLine</propertyName>
  </configuration>
</execution>
<argLine>${surefireArgLine}</argLine>
-----------------------
<execution>
  <id>pre-unit-test</id>
  <goals>
    <goal>prepare-agent</goal>
  </goals>
  <configuration>
    <propertyName>surefireArgLine</propertyName>
  </configuration>
</execution>
<argLine>${surefireArgLine}</argLine>

Spring Boot: combining Webflux, OAuth2 and HATEOAS

copy iconCopydownload iconDownload
dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-webflux'
    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
    //implementation 'org.springframework.boot:spring-boot-starter-hateoas'
    implementation 'org.springframework.hateoas:spring-hateoas:1.3.1'

    testImplementation('org.springframework.boot:spring-boot-starter-test') {
        exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
    }
}

Spring boot to work with legacy data beans

copy iconCopydownload iconDownload
@SpringBootApplication(exclude={DataSourceAutoConfiguration.class, TransactionAutoConfiguration.class})
spring.main.allow-bean-definition-overriding=true
-----------------------
@SpringBootApplication(exclude={DataSourceAutoConfiguration.class, TransactionAutoConfiguration.class})
spring.main.allow-bean-definition-overriding=true

spring batch job parameters in StepScope

copy iconCopydownload iconDownload
@Bean
@StepScope
public FlatFileItemReader<CsvTask> importTasksReader(@Value("#{jobParameters['inputfile']}") String inputFile) {
  // ...
}
Once you have an @EnableBatchProcessing class in your configuration you will have an instance of StepScope and JobScope so your beans inside steps can have @Scope("step") and @Scope("job") respectively.
-----------------------
@Bean
@StepScope
public FlatFileItemReader<CsvTask> importTasksReader(@Value("#{jobParameters['inputfile']}") String inputFile) {
  // ...
}
Once you have an @EnableBatchProcessing class in your configuration you will have an instance of StepScope and JobScope so your beans inside steps can have @Scope("step") and @Scope("job") respectively.

How to put a RestTemplate into a separate class?

copy iconCopydownload iconDownload
@Configuration
@ComponentScan
public class GetRestTemplate2Config {

    @Bean(name = "restTemplate2")
    public RestTemplate getRestTemplate2() throws KeyStoreException, 
        NoSuchAlgorithmException, KeyManagementException {
       [...]
    }
}

Spring Batch @JobScope bean creation error &quot;A bean with that name has already been defined&quot;

copy iconCopydownload iconDownload
@Component("dealerItemProcessor")
public class DealerItemProcessor implements ItemProcessor<Dealer, Dealer> , StepExecutionListener {
    
    private StepExecution stepExecution;

    @Override
    public Dealer process(final Dealer dealer) throws Exception {
    //get unique JobId like this - stepExecution.getJobExecutionId()
    // process logic
    }

    @Override
    public void beforeStep(StepExecution stepExecution) {
        //get the stepExecution Object.
        this.stepExecution = stepExecution;
    }

    @Override
    public ExitStatus afterStep(StepExecution stepExecution) {
        return null;
    }
}

File from previous step cannot be found in Azure DevOps-Pipeline

copy iconCopydownload iconDownload
  - task: PublishTestResults@2
    inputs:
      testResultsFormat: 'JUnit'
      testResultsFiles: '**/*-junit.xml'
      searchFolder: '$(Common.TestResultsDirectory)'

How to resolve proxy issue in owasp dependency check?

copy iconCopydownload iconDownload
  <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>owasp</groupId>
    <artifactId>dependency-check</artifactId>
    <version>99.0.0.0.0</version>
    <name>OWASP_Dependency_Check</name>
    <dependencies>
      <dependency>
        <groupId>org.owasp</groupId>
        <artifactId>dependency-check-maven</artifactId>
        <version>5.0.0</version>
        <scope>test</scope>
      </dependency>
    </dependencies>
  </project>
mvn clean install  org.owasp:dependency-check-maven:check -DscanSet.fileSet=['src/main/resources/']
-----------------------
  <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>owasp</groupId>
    <artifactId>dependency-check</artifactId>
    <version>99.0.0.0.0</version>
    <name>OWASP_Dependency_Check</name>
    <dependencies>
      <dependency>
        <groupId>org.owasp</groupId>
        <artifactId>dependency-check-maven</artifactId>
        <version>5.0.0</version>
        <scope>test</scope>
      </dependency>
    </dependencies>
  </project>
mvn clean install  org.owasp:dependency-check-maven:check -DscanSet.fileSet=['src/main/resources/']

Community Discussions

Trending Discussions on DependencyCheck
  • Unable to run Spring Boot Application of Java 17
  • dependency-check-maven - suppression not working
  • BeanDefinitionOverrideException when supplying bean for integration test / @SpringBootTest
  • OWASP Dependency check, how to use suppressions
  • JwtDecoder bean is not injected automatically while setting a ressource server using 'spring-boot-starter-oauth2-resource-server'
  • Queue listener like behavior using spring cloud stream
  • Getting zero coverage on sonarQube after publishing sonar report via ci-pipeline
  • Spring Boot: combining Webflux, OAuth2 and HATEOAS
  • Cannot resolve symbol from gradle plugin in build.gradle, even though it compiles correctly. (gradle-idea-ext-plugin)
  • Spring boot to work with legacy data beans
Trending Discussions on DependencyCheck

QUESTION

Unable to run Spring Boot Application of Java 17

Asked 2022-Feb-28 at 19:18

Just as a sanity test I tried to compile and then run the default Spring-Boot start application.

I compiled the project into a Jar file with Maven but when I tired to run the application I received the following output:

[@YCApp61 ~/WorkDir]$ java -jar ./MyService-0.0.1-SNAPSHOT.jar com.myCompany.myApp.MyServiceApplication
2022-02-24 20:52:29.627  INFO 81808 --- [           main] com.myCompany.myApp.MyService.App  : Starting App v0.0.1-SNAPSHOT with PID 81808 (/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar started by usr in /usr/home/usr/WorkDir)
2022-02-24 20:52:29.704  INFO 81808 --- [           main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@707302d6: startup date [Thu Feb 24 20:52:29 UTC 2022]; root of context hierarchy
2022-02-24 20:52:30.598  INFO 81808 --- [           main] o.s.b.f.s.DefaultListableBeanFactory     : Overriding bean definition for bean 'beanNameViewResolver': replacing [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$WhitelabelErrorViewConfiguration; factoryMethodName=beanNameViewResolver; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/web/ErrorMvcAutoConfiguration$WhitelabelErrorViewConfiguration.class]] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.web.WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter; factoryMethodName=beanNameViewResolver; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter.class]]
2022-02-24 20:52:30.712  INFO 81808 --- [           main] .b.l.ClasspathLoggingApplicationListener : Application failed to start with classpath: [jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-boot-starter-web-1.2.7.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-boot-starter-1.2.7.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-boot-1.2.7.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-boot-autoconfigure-1.2.7.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-boot-starter-logging-1.2.7.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/jcl-over-slf4j-1.7.12.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/slf4j-api-1.7.12.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/jul-to-slf4j-1.7.12.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/log4j-over-slf4j-1.7.12.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/logback-classic-1.1.3.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/logback-core-1.1.3.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/snakeyaml-1.14.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-boot-starter-tomcat-1.2.7.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/tomcat-embed-core-8.0.28.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/tomcat-embed-el-8.0.28.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/tomcat-embed-logging-juli-8.0.28.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/tomcat-embed-websocket-8.0.28.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/jackson-databind-2.4.6.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/jackson-annotations-2.4.6.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/jackson-core-2.4.6.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/hibernate-validator-5.1.3.Final.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/validation-api-1.1.0.Final.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/jboss-logging-3.1.3.GA.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/classmate-1.0.0.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-core-4.1.8.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-web-4.1.8.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-aop-4.1.8.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/aopalliance-1.0.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-beans-4.1.8.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-context-4.1.8.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-webmvc-4.1.8.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-expression-4.1.8.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-boot-starter-jdbc-1.2.7.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-jdbc-4.1.8.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/tomcat-jdbc-8.0.28.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/tomcat-juli-8.0.28.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/spring-tx-4.1.8.RELEASE.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/h2-1.4.190.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/lombok-1.14.8.jar!/, jar:file:/usr/home/usr/WorkDir/MyService-0.0.1-SNAPSHOT.jar!/lib/log4jdbc-log4j2-jdbc4.1-1.16.jar!/]
2022-02-24 20:52:30.717 ERROR 81808 --- [           main] o.s.boot.SpringApplication               : Application startup failed

java.lang.IllegalStateException: Cannot load configuration class: com.myCompany.myApp.MyService.App
        at org.springframework.context.annotation.ConfigurationClassPostProcessor.enhanceConfigurationClasses(ConfigurationClassPostProcessor.java:395)
        at org.springframework.context.annotation.ConfigurationClassPostProcessor.postProcessBeanFactory(ConfigurationClassPostProcessor.java:259)
        at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:265)
        at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:126)
        at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:607)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:462)
        at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:117)
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:689)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:321)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:969)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:958)
        at com.myCompany.myApp.MyService.App.main(App.java:9)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:53)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.ExceptionInInitializerError: null
        at org.springframework.cglib.core.KeyFactory$Generator.generateClass(KeyFactory.java:166)
        at org.springframework.cglib.core.DefaultGeneratorStrategy.generate(DefaultGeneratorStrategy.java:25)
        at org.springframework.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:216)
        at org.springframework.cglib.core.KeyFactory$Generator.create(KeyFactory.java:144)
        at org.springframework.cglib.core.KeyFactory.create(KeyFactory.java:116)
        at org.springframework.cglib.core.KeyFactory.create(KeyFactory.java:108)
        at org.springframework.cglib.core.KeyFactory.create(KeyFactory.java:104)
        at org.springframework.cglib.proxy.Enhancer.<clinit>(Enhancer.java:69)
        at org.springframework.context.annotation.ConfigurationClassEnhancer.newEnhancer(ConfigurationClassEnhancer.java:112)
        at org.springframework.context.annotation.ConfigurationClassEnhancer.enhance(ConfigurationClassEnhancer.java:100)
        at org.springframework.context.annotation.ConfigurationClassPostProcessor.enhanceConfigurationClasses(ConfigurationClassPostProcessor.java:385)
        ... 17 common frames omitted
Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make protected final java.lang.Class java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain) throws java.lang.ClassFormatError accessible: module java.base does not "opens java.lang" to unnamed module @2c60a1a7
        at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(Unknown Source)
        at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(Unknown Source)
        at java.base/java.lang.reflect.Method.checkCanSetAccessible(Unknown Source)
        at java.base/java.lang.reflect.Method.setAccessible(Unknown Source)
        at org.springframework.cglib.core.ReflectUtils$2.run(ReflectUtils.java:56)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.springframework.cglib.core.ReflectUtils.<clinit>(ReflectUtils.java:46)
        ... 28 common frames omitted

2022-02-24 20:52:30.718  INFO 81808 --- [           main] ationConfigEmbeddedWebApplicationContext : Closing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@707302d6: startup date [Thu Feb 24 20:52:29 UTC 2022]; root of context hierarchy
2022-02-24 20:52:30.720  WARN 81808 --- [           main] ationConfigEmbeddedWebApplicationContext : Exception thrown from ApplicationListener handling ContextClosedEvent

java.lang.IllegalStateException: ApplicationEventMulticaster not initialized - call 'refresh' before multicasting events via the context: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@707302d6: startup date [Thu Feb 24 20:52:29 UTC 2022]; root of context hierarchy
        at org.springframework.context.support.AbstractApplicationContext.getApplicationEventMulticaster(AbstractApplicationContext.java:344)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:331)
        at org.springframework.context.support.AbstractApplicationContext.doClose(AbstractApplicationContext.java:873)
        at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.doClose(EmbeddedWebApplicationContext.java:150)
        at org.springframework.context.support.AbstractApplicationContext.close(AbstractApplicationContext.java:840)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:343)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:969)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:958)
        at com.myCompany.myApp.MyService.App.main(App.java:9)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:53)
        at java.base/java.lang.Thread.run(Unknown Source)

2022-02-24 20:52:30.720  WARN 81808 --- [           main] ationConfigEmbeddedWebApplicationContext : Exception thrown from LifecycleProcessor on context close

java.lang.IllegalStateException: LifecycleProcessor not initialized - call 'refresh' before invoking lifecycle methods via the context: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@707302d6: startup date [Thu Feb 24 20:52:29 UTC 2022]; root of context hierarchy
        at org.springframework.context.support.AbstractApplicationContext.getLifecycleProcessor(AbstractApplicationContext.java:357)
        at org.springframework.context.support.AbstractApplicationContext.doClose(AbstractApplicationContext.java:881)
        at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.doClose(EmbeddedWebApplicationContext.java:150)
        at org.springframework.context.support.AbstractApplicationContext.close(AbstractApplicationContext.java:840)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:343)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:969)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:958)
        at com.myCompany.myApp.MyService.App.main(App.java:9)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:53)
        at java.base/java.lang.Thread.run(Unknown Source)

java.lang.reflect.InvocationTargetException
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:53)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.IllegalStateException: Cannot load configuration class: com.myCompany.myApp.MyService.App
        at org.springframework.context.annotation.ConfigurationClassPostProcessor.enhanceConfigurationClasses(ConfigurationClassPostProcessor.java:395)
        at org.springframework.context.annotation.ConfigurationClassPostProcessor.postProcessBeanFactory(ConfigurationClassPostProcessor.java:259)
        at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:265)
        at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:126)
        at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:607)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:462)
        at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:117)
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:689)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:321)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:969)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:958)
        at com.myCompany.myApp.MyService.App.main(App.java:9)
        ... 6 more
Caused by: java.lang.ExceptionInInitializerError
        at org.springframework.cglib.core.KeyFactory$Generator.generateClass(KeyFactory.java:166)
        at org.springframework.cglib.core.DefaultGeneratorStrategy.generate(DefaultGeneratorStrategy.java:25)
        at org.springframework.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:216)
        at org.springframework.cglib.core.KeyFactory$Generator.create(KeyFactory.java:144)
        at org.springframework.cglib.core.KeyFactory.create(KeyFactory.java:116)
        at org.springframework.cglib.core.KeyFactory.create(KeyFactory.java:108)
        at org.springframework.cglib.core.KeyFactory.create(KeyFactory.java:104)
        at org.springframework.cglib.proxy.Enhancer.<clinit>(Enhancer.java:69)
        at org.springframework.context.annotation.ConfigurationClassEnhancer.newEnhancer(ConfigurationClassEnhancer.java:112)
        at org.springframework.context.annotation.ConfigurationClassEnhancer.enhance(ConfigurationClassEnhancer.java:100)
        at org.springframework.context.annotation.ConfigurationClassPostProcessor.enhanceConfigurationClasses(ConfigurationClassPostProcessor.java:385)
        ... 17 more
Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make protected final java.lang.Class java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain) throws java.lang.ClassFormatError accessible: module java.base does not "opens java.lang" to unnamed module @2c60a1a7
        at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(Unknown Source)
        at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(Unknown Source)
        at java.base/java.lang.reflect.Method.checkCanSetAccessible(Unknown Source)
        at java.base/java.lang.reflect.Method.setAccessible(Unknown Source)
        at org.springframework.cglib.core.ReflectUtils$2.run(ReflectUtils.java:56)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.springframework.cglib.core.ReflectUtils.<clinit>(ReflectUtils.java:46)
        ... 28 more
[usr@YCApp61 ~/WorkDir]$

I tried running the application again with the following arguments but got the same error message:

java -jar ./MyService-0.0.1-SNAPSHOT.jar com.myCompany.myApp.MyServiceApplication --add-exports=java.base/jdk.internal.misc=ALL-UNNAMED --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=java.management/com.sun.jmx.mbeanserver=ALL-UNNAMED --add-exports=jdk.internal.jvmstat/sun.jvmstat.monitor=ALL-UNNAMED --add-exports=java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED --add-opens java.base/java.nio=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED 

The machine I am trying to run on is Java 17. Am I missing some jvm arguments or am I passing them incorrectly?

ANSWER

Answered 2022-Feb-28 at 19:18

Chin Huang was correct above, changing to project to use version 2.6.3 of spring-boot fixed the issue.

Source https://stackoverflow.com/questions/71258240

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install DependencyCheck

You can download it from GitHub, Maven.
You can use DependencyCheck like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the DependencyCheck component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

DOWNLOAD this Library from

Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

Share this Page

share link
Try Top Libraries by jeremylong
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

  • © 2022 Open Weaver Inc.