ERROR: Job failed: exit code 242

[jadjbr]

Hello,
I'm using Gitlab CI and i want to add a dependecy-check stage in my pipeline but i got this error all the time, can any one help me with this error ?

This the error:

[INFO] Analysis Started [INFO] Finished Archive Analyzer (3 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Central Analyzer (1 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Created CPE Index (7 seconds) [WARN] Unable to parse suppression xml file 'dependency_check_suppressions.xml' [WARN] org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=6, Column=99: cvc-elt.1.a: Cannot find the declaration of element 'xs:schema'. [ERROR] Exception occurred initializing CPE Analyzer. [INFO] Finished CPE Analyzer (8 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished RetireJS Analyzer (2 seconds) [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) [WARN] Unable to parse suppression xml file 'dependency_check_suppressions.xml' [WARN] org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=6, Column=99: cvc-elt.1.a: Cannot find the declaration of element 'xs:schema'. [ERROR] Exception occurred initializing Vulnerability Suppression Analyzer. [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Analysis Complete (15 seconds) [ERROR] Warn initializing the suppression analyzer: Failed to load dependency_check_suppressions.xml, caused by org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=6, Column=99: cvc-elt.1.a: Cannot find the declaration of element 'xs:schema'.. [ERROR] Warn initializing the suppression analyzer: Failed to load dependency_check_suppressions.xml, caused by org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=6, Column=99: cvc-elt.1.a: Cannot find the declaration of element 'xs:schema'.. Uploading artifacts... dependency-check-out/dependency-check-report.*: found 4 matching files Uploading artifacts to coordinator... ok id=2009442 responseStatus=201 Created token=TunH7rgy ERROR: Job failed: exit code 242

And this is my script:

`dependency-check:
stage: pre-analysis
allow_failure: true
image:
name: owasp/dependency-check
entrypoint: [""]
before_script:
- mkdir /usr/share/dependency-check/datas || true
- mkdir -p dependency-check/datas
- mkdir -p dependency-check-out
- PROXY_HOST=$(echo ${http_proxy} | sed -e "s/[^/]//([^@]@)?([^:/])./\2/")
- PROXY_PORT=$(echo ${http_proxy} | sed -e 's,^.:,:,g' -e 's,.:([0-9]).,\1,g' -e 's,[^0-9],,g')
script:
- /usr/share/dependency-check/bin/dependency-check.sh
--scan .
--format 'ALL'
--project "$CI_PROJECT_NAME"
--failOnCVSS 7
--disableNodeJS
--disableNodeAudit
--suppression=dependency_check_suppressions.xml
--data=dependency-check/datas
--out=dependency-check-out
--proxyserver=${PROXY_HOST}
--proxyport=${PROXY_PORT}
artifacts:
name: "${CI_JOB_ID}_${CI_JOB_NAME}"
when: always
expire_in: 1 week
paths:
- dependency-check-out/dependency-check-report.*
cache:
key: dependency-check-data
paths:
- dependency-check/datas

only:
refs:
- master
except:
variables:
- $DISABLE_DEP_CHECK`

i'm using the dependency_check_suppressions.xml
Link: https://github.com/jeremylong/DependencyCheck/blob/master/core/src/main/resources/schema/dependency-suppression.1.1.xsd

Many thanks !

[dgknght]

It looks to me like there is an error parsing the suppressions.xml file, which appears to be a schema file, rather than a proper suppression file.

Cannot find the declaration of element 'xs:schema'

I believe what you need is to pass a reference to a suppression xml file that conforms to that schema that you specified, rather than passing the schema document itself. If you're not sure what to put in the suppression file, it can be omitted.

I hope that helps!