Re: OWASP dependency check plugin - resolve java classpath issues
Hi, I missed the original mail but I often find it is better to run these commands externally regardless so that you release all the memory when the task is done. The speed up you get for running things inline in the buildr jvm is usually only an advantage if there is a lot of classes to load and the task is called multiple times. On Thu, Sep 20, 2018 at 4:24 PM Sathwik B P wrote: > > I could not find a way to make this work, beacuse Jetty puts the SLF4J > ahead in the classpath. OWASP Ant task will not work with this :( > > I also tried with buildr 1.5.6, but it created more complications in the > ODE build, OPENJPA enhance ant tasks went down :( > > Finally I had to look for the command line options of OWASP, runnig an > independent java process in buildr. This works perfectly. > I have replaced the ANT task with CMD plugin > https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake > > regards, > sathwik > > > > On Fri, Sep 14, 2018 at 4:03 PM Sathwik B P wrote: > > > Hi Guys, > > > > Here is the sample OWASP dependecy check plugin > > https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake > > > > I am encountering a java classpath issue. In the Rakefile when I enable > > jetty addon > > https://github.com/sathwik/dependency-check/blob/master/Rakefile#L20 > > > > We encoutner this error: > > E, [2018-09-14T10:20:50.646287 #166] ERROR -- : Error instantiating > > 'dependency_check' task: Could not create type dependency_check due to > > java.lang.NoSuchMethodError: > > org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder; > > Buildr aborted! > > Java::OrgApacheToolsAnt::BuildException : Could not create type > > dependency_check due to java.lang.NoSuchMethodError: > > org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder; > > > > This is because jetty.rb puts SLF4J_VERSION = "1.4.3" into the java > > classpath and the owasp plugin requires SLF4J 1.7.12 > > > > I did try to override the version of SLF4j required by jetty in the > > Rakefile, but it did not help. > > Buildr::Jetty::SLF4J_VERSION="1.7.12" > > > > I could get it working with adding Java.classpath << REQUIRES in > > owasp.rake file but when I use this owasp.rake in Apache ODE build, it > > creates a lot of other classpath issues. > > > > Any ideas, to get this thing working? > > > > regards, > > sathwik > > -- Cheers, Peter Donald
Re: OWASP dependency check plugin - resolve java classpath issues
I could not find a way to make this work, beacuse Jetty puts the SLF4J ahead in the classpath. OWASP Ant task will not work with this :( I also tried with buildr 1.5.6, but it created more complications in the ODE build, OPENJPA enhance ant tasks went down :( Finally I had to look for the command line options of OWASP, runnig an independent java process in buildr. This works perfectly. I have replaced the ANT task with CMD plugin https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake regards, sathwik On Fri, Sep 14, 2018 at 4:03 PM Sathwik B P wrote: > Hi Guys, > > Here is the sample OWASP dependecy check plugin > https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake > > I am encountering a java classpath issue. In the Rakefile when I enable > jetty addon > https://github.com/sathwik/dependency-check/blob/master/Rakefile#L20 > > We encoutner this error: > E, [2018-09-14T10:20:50.646287 #166] ERROR -- : Error instantiating > 'dependency_check' task: Could not create type dependency_check due to > java.lang.NoSuchMethodError: > org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder; > Buildr aborted! > Java::OrgApacheToolsAnt::BuildException : Could not create type > dependency_check due to java.lang.NoSuchMethodError: > org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder; > > This is because jetty.rb puts SLF4J_VERSION = "1.4.3" into the java > classpath and the owasp plugin requires SLF4J 1.7.12 > > I did try to override the version of SLF4j required by jetty in the > Rakefile, but it did not help. > Buildr::Jetty::SLF4J_VERSION="1.7.12" > > I could get it working with adding Java.classpath << REQUIRES in > owasp.rake file but when I use this owasp.rake in Apache ODE build, it > creates a lot of other classpath issues. > > Any ideas, to get this thing working? > > regards, > sathwik >
OWASP dependency check plugin - resolve java classpath issues
Hi Guys, Here is the sample OWASP dependecy check plugin https://github.com/sathwik/dependency-check/blob/master/tasks/owasp.rake I am encountering a java classpath issue. In the Rakefile when I enable jetty addon https://github.com/sathwik/dependency-check/blob/master/Rakefile#L20 We encoutner this error: E, [2018-09-14T10:20:50.646287 #166] ERROR -- : Error instantiating 'dependency_check' task: Could not create type dependency_check due to java.lang.NoSuchMethodError: org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder; Buildr aborted! Java::OrgApacheToolsAnt::BuildException : Could not create type dependency_check due to java.lang.NoSuchMethodError: org.slf4j.impl.StaticLoggerBinder.getSingleton()Lorg/slf4j/impl/StaticLoggerBinder; This is because jetty.rb puts SLF4J_VERSION = "1.4.3" into the java classpath and the owasp plugin requires SLF4J 1.7.12 I did try to override the version of SLF4j required by jetty in the Rakefile, but it did not help. Buildr::Jetty::SLF4J_VERSION="1.7.12" I could get it working with adding Java.classpath << REQUIRES in owasp.rake file but when I use this owasp.rake in Apache ODE build, it creates a lot of other classpath issues. Any ideas, to get this thing working? regards, sathwik