Disclaimer
This may be a typical scenario... I am submitting on behalf of an entity that does not allow me to provide log files (or names/locations of artifacts). Instead, I am providing high-level information. I'm hoping if you have questions, I can answer them sufficiently to resolve the issue.
Environment
Maven plugin version 6.3.0
Maven version: 3.5.4
Error
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (3 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (1 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[WARNING] An unexpected error occurred during analysis of 'C:\Users\user\AppData\Local\Temp\dctemp3ec479f5-b342-4ff2-8ce0-f5a7c6bd201b\check6697043323940996811tmp\255\pom.xml' (False Positive Analyzer): null
[ERROR]
java.util.ConcurrentModificationException
at java.util.TreeMap$KeySpliterator.forEachRemaining (TreeMap.java:2753)
at java.util.stream.AbstractPipeline.copyInto (AbstractPipeline.java:512)
at java.util.stream.AbstractPipeline.wrapAndCopyInto (AbstractPipeline.java:502)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential (ForEachOps.java:151)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential (ForEachOps.java:174)
at java.util.stream.AbstractPipeline.evaluate (AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.forEach (ReferencePipeline.java:418)
at org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.addFalseNegativeCPEs (FalsePositiveAnalyzer.java:420)
at org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.analyzeDependency (FalsePositiveAnalyzer.java:144)
at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze (AbstractAnalyzer.java:131)
at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:88)
at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:37)
at java.util.concurrent.FutureTask.run (FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:617)
at java.lang.Thread.run (Thread.java:745)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
00:00 INFO: Vulnerability found: jquery below 1.9.0b1
00:00 INFO: Vulnerability found: jquery below 1.9.0b1
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery-ui-dialog below 1.10.0
00:00 INFO: Vulnerability found: jquery-ui-dialog below 1.12.0
00:00 INFO: Vulnerability found: jquery-ui-dialog below 1.10.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery-ui-dialog below 1.12.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
[INFO] Finished RetireJS Analyzer (1 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (21 seconds)
[INFO] Writing report to: C:\temp\build\app\target\dependency-check-report.html
Disclaimer
This may be a typical scenario... I am submitting on behalf of an entity that does not allow me to provide log files (or names/locations of artifacts). Instead, I am providing high-level information. I'm hoping if you have questions, I can answer them sufficiently to resolve the issue.
Environment
Maven plugin version 6.3.0
Maven version: 3.5.4
Error