Hello! Any idea on why I'm getting this issue?
Basically I cloned the repo and ran:
"C:\DependencyCheck\dependency-check-cli\target\release\bin\dependency-check.bat" -f ALL -a MY-PROJECT -s "C:\jenkins\workspace\MY-PROJECT" -o "C:\jenkins\workspace\MY-PROJECT"
The log:
Dez 16, 2013 11:27:56 AM org.owasp.dependencycheck.data.update.StandardUpdate up
date
INFO: NVD CVE requires several updates; this could take a couple of minutes.
Dez 16, 2013 11:27:56 AM org.owasp.dependencycheck.data.update.CallableDownloadT
ask call
INFO: Download Started for NVD CVE - 2002
Dez 16, 2013 11:27:56 AM org.owasp.dependencycheck.data.update.CallableDownloadT
ask call
[...]
(everything ok until here)
INFO: Processing Complete for NVD CVE - 2013
Exception in thread "main" java.lang.SecurityException: Invalid signature file d
igest for Manifest main attributes
at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVeri
fier.java:240)
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier
.java:193)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:305)
at java.util.jar.JarVerifier.update(JarVerifier.java:216)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:345)
at java.util.jar.JarFile.getInputStream(JarFile.java:412)
at org.owasp.dependencycheck.analyzer.JarAnalyzer.retrievePom(JarAnalyze
r.java:365)
at org.owasp.dependencycheck.analyzer.JarAnalyzer.analyzePOM(JarAnalyzer
.java:283)
at org.owasp.dependencycheck.analyzer.JarAnalyzer.analyze(JarAnalyzer.ja
va:225)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:336)
at org.owasp.dependencycheck.App.runScan(App.java:126)
at org.owasp.dependencycheck.App.run(App.java:103)
at org.owasp.dependencycheck.App.main(App.java:71)
My java version:
C:\DependencyCheck> java -version
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) Client VM (build 24.45-b08, mixed mode, sharing)
Let me know if you have something in mind...
Thank you in advance,