Comments (15)
@Masireddy65 Could you kindly email me prabhu @ appthreat dot com so that we could do a separate troubleshooting session for you? It may or may not be related to this particular ticket. You could also rerun by setting the environment variable
SCAN_DEBUG_MODE=debug
to see if there are any additional information.
from cdxgen.
I'm running into this issue, just trying to generate an SBOM from https://github.com/elastic/elasticsearch with cdxgen.
I am also able to run ./gradlew dependencies
on the project successfully.
from cdxgen.
@navulirs Can you execute the below gradle command directly and let me know if it works correctly?
gradlew dependencies
Hi, Sorry for delayed response. It is working now. it has to do with the gradle version. Thanks
from cdxgen.
@navulirs Can you execute the below gradle command directly and let me know if it works correctly?
gradlew dependencies
from cdxgen.
@navulirs did you get a chance to try this?
from cdxgen.
Hello @prabhu, I had same issue for Gradle project. Tried gradlew deppendencies
Welcome to Gradle 7.0.2! Here are the highlights of this release:
- File system watching enabled by default
- Support for running with and building Java 16 projects
- Native support for Apple Silicon processors
- Dependency catalog feature preview
For more details see https://docs.gradle.org/7.0.2/release-notes.html Starting a Gradle Daemon (subsequent builds will be faster) FAILURE: Build failed with an exception. * What went wrong:
Unable to start the daemon process.
This problem might be caused by incorrect configuration of the daemon.
For example, an unrecognized jvm option is used.
Please refer to the User Manual chapter on the daemon at https://docs.gradle.org/7.0.2/userguide/gradle_daemon.html Process command line: C:\Program Files (x86)\Java\jre1.8.0_291\bin\java.exe -Xmx4096m -Dfile.encoding=windows-1252 -Duser.country=IN -Duser.language=en -Duser.variant -cp C:\Users\msrik.gradle\wrapper\dists\gradle-7.0.2-all\7era6s5ay7zsbhuvl0oc9g94s\gradle-7.0.2\lib\gradle-launcher-7.0.2.jar org.gradle.launcher.daemon.bootstrap.GradleDaemon 7.0.2
Please read the following process output to find out more:
Invalid maximum heap size: -Xmx4096m
The specified size exceeds the maximum representable size.
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit. * Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights. * Get more help at https://help.gradle.org
Can you please let me know, whats the best approach to generate BOM for similar Java/Gradle projects
from cdxgen.
@Masireddy65 Noticed a typo in gradlew dependencies
There were 2 P.
This particular error sounds like related to your JVM version. Not sure if gradle 7 supports java 8.
Could you use the scan docker image if you aren't in a position to change the jvm version in your machine?
docker run --rm -e "WORKSPACE=${PWD}" -v "$PWD:/app" shiftleft/scan scan -t depscan
This would produce a bom as well as perform dependency scan.
from cdxgen.
Thanks for quick response @prabhu .
On Windows, the command changes slightly depending on the terminal.
cmddocker run --rm -e "WORKSPACE=%cd%" -e "GITHUB_TOKEN=%GITHUB_TOKEN%" -v "%cd%:/app:cached" shiftleft/scan scan
I only found above command for windows cmd with github. However,I need to run a test on local directory of windows machine or may be on bitbucket pipeline. can you please help me tailer the command to my need here?
from cdxgen.
@Masireddy65 You can find bitbucket pipeline instruction here - https://slscan.io/en/latest/integrations/bitbucket/
from cdxgen.
Thanks @prabhu. Now, I have both bitbucket pipeline instruction and windows cmd docker run. Trying both only does SAST SCAN, Secrets audit etc. No dependency scan even with -depscan argument and obviously no BOM file saved at /reports.
Also,In terms of bitbucket i tried Docker version and received error in final step to find the file.
Windows cmd Attempts:
docker run --rm -v "%cd%:/app:cached" shiftleft/scan scan --type depscan
docker run --rm -v "%cd%:/app:cached" shiftleft/scan scan --type depscan,bom
Please find attached screenshots for all attempts and guide me accordingly. Appreciate your prompt response so far.
from cdxgen.
@ruckc elasticsearch repo appears to be requiring java 16. With java 16, gradlew dependencies is not returning the full tree for me so not sure how to make this work
/mnt/work/sandbox/elasticsearch master ./gradlew dependencies 1 err 25m 37s
=======================================
Elasticsearch Build Hamster says Hello!
Gradle Version : 7.2
OS Info : Linux 5.13.13-051313-generic (amd64)
JDK Version : 16.0.2 (GraalVM Community)
JAVA_HOME : /home/prabhu/.sdkman/candidates/java/21.2.0.r16-grl
Random Testing Seed : 956BF8F9EB026B6A
In FIPS 140 mode : false
=======================================
> Task :dependencies
------------------------------------------------------------
Root project 'elasticsearch'
------------------------------------------------------------
es_distro_extracted_local
No dependencies
es_distro_file_local
No dependencies
jdk_provisioned_runtime
\--- adoptium_17:linux:17
A web-based, searchable dependency report is available by adding the --scan option.
BUILD SUCCESSFUL in 4s
20 actionable tasks: 1 executed, 19 up-to-date
Any ideas?
from cdxgen.
@ruckc I've added support for gradle multi-project apps such as elasticsearch in master. Below is the command used to test this.
GRADLE_MULTI_PROJECT_MODE=true SCAN_DEBUG_MODE=debug bin/cdxgen /mnt/work/sandbox/elasticsearch
For elasticsearch you need java 16. Could you kindly test and let me know how it looks so that I can release this feature?
from cdxgen.
Why did I report this error when analyzing the Grale project
from cdxgen.
@wujunhuge this must be due to the presence of space and brackets in the directory name. We have an existing issue like this for windows. Could you rename that project directory and try?
from cdxgen.
Thank you for your reply. I'll give it a try
from cdxgen.
Related Issues (20)
- [python] Atom slicing issues
- [container] --deep mode for containers
- [python] support for specifying pip extras_require
- [validation] Improve iri validation logic
- Add support for NPM, Golang, Rust and Nuget indexes as environment variable HOT 2
- Spec version 1.5 and 1.6 causing error HOT 5
- [security] formulation.source.ref inadvertently could include CI secrets HOT 1
- Support for pixi.lock format
- Arg `--required-only` ignored HOT 5
- --exclude-type doesn't work HOT 5
- Support for regex in filter object while running /sbom HOT 9
- Long (ever?) running process when combining FETCH_LICENSE=true and PREFER_MAVEN_DEPS_TREE=true HOT 13
- [windows] universal mode results in numerous oci errors
- docs: update server arguments
- spec: update default specVersion to v1.6 HOT 2
- [evinse] Occurrence evidence is empty for blint repo HOT 1
- docs: remove duplication between README and website
- Support for Spack
- How exclude bazel
- Pom.xml build failed when trying to create a jar file using jenkins HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cdxgen.