Course Video: DevSecOps – Kubernetes DevOps & Security | KodeKloud
Error :
- mvn dependency-check: check
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/usr/share/maven/lib/guice.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[e[1;34mINFOe[m] Scanning for projects…
[e[1;34mINFOe[m] e[1m------------------------------------------------------------------------e[m
[e[1;34mINFOe[m] e[1;31mBUILD FAILUREe[m
[e[1;34mINFOe[m] e[1m------------------------------------------------------------------------e[m
[e[1;34mINFOe[m] Total time: 0.518 s
[e[1;34mINFOe[m] Finished at: 2023-01-28T12:17:41Z
[e[1;34mINFOe[m] e[1m------------------------------------------------------------------------e[m
[e[1;31mERRORe[m] Could not find goal ‘’ in plugin org.owasp:dependency-check-maven:6.1.6 among available goals aggregate, check, help, purge, update-only → e[1m[Help 1]e[m
[e[1;31mERRORe[m]
[e[1;31mERRORe[m] To see the full stack trace of the errors, re-run Maven with the e[1m-ee[m switch.
[e[1;31mERRORe[m] Re-run Maven using the e[1m-Xe[m switch to enable full debug logging.
[e[1;31mERRORe[m]
[e[1;31mERRORe[m] For more information about the errors and possible solutions, please read the following articles:
[e[1;31mERRORe[m] e[1m[Help 1]e[m MojoNotFoundException - Apache Maven - Apache Software Foundation
Post stage
tried with different versions too 6.2.0 , 8.0.1 same error.
pom.xml 
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.1.6</version>
<configuration>
<format>ALL</format>
<failBuildOnCVSS>40</failBuildOnCVSS>
<!-- fail the build for CVSS greater than or equal to 5 -->
<!--
use internal mirroring of CVE
contents
Suppress files
E.g.
a company-wide suppression file and local project file
-->
<!--
<cveUrlModified>http://internal-mirror.mycorp.com/nvdcve-1.1-modified.json.gz</cveUrlModified>
<cveUrlBase>http://internal-mirror.mycorp.com/nvdcve-1.1-%d.json.gz</cveUrlBase>
<suppressionFiles>
<suppressionFile>http://example.org/suppression.xml</suppressionFile>
<suppressionFile>project-suppression.xml</suppressionFile>
</suppressionFiles>
-->
</configuration>
</plugin>
Jenkins file snippet :
stage(‘Vulnerability Scan - Docker’) {
steps {
sh “mvn dependency-check: check”
}
post {
always {
dependencyCheckPublisher pattern: ‘target/dependecy-check-report.xml’
}
}
}