Facing issue with the MVN Dependency Check Could not find goal '' in plugin org.owasp:dependency-check-maven:6.1.6

Course Video: DevSecOps - Kubernetes DevOps & Security - KodeKloud

Error :

  • mvn dependency-check: check
    WARNING: An illegal reflective access operation has occurred
    WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/usr/share/maven/lib/guice.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
    WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
    WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
    WARNING: All illegal access operations will be denied in a future release
    [e[1;34mINFOe[m] Scanning for projects…
    [e[1;34mINFOe[m] e[1m------------------------------------------------------------------------e[m
    [e[1;34mINFOe[m] e[1;31mBUILD FAILUREe[m
    [e[1;34mINFOe[m] e[1m------------------------------------------------------------------------e[m
    [e[1;34mINFOe[m] Total time: 0.518 s
    [e[1;34mINFOe[m] Finished at: 2023-01-28T12:17:41Z
    [e[1;34mINFOe[m] e[1m------------------------------------------------------------------------e[m
    [e[1;31mERRORe[m] Could not find goal ‘’ in plugin org.owasp:dependency-check-maven:6.1.6 among available goals aggregate, check, help, purge, update-only → e[1m[Help 1]e[m
    [e[1;31mERRORe[m] To see the full stack trace of the errors, re-run Maven with the e[1m-ee[m switch.
    [e[1;31mERRORe[m] Re-run Maven using the e[1m-Xe[m switch to enable full debug logging.
    [e[1;31mERRORe[m] For more information about the errors and possible solutions, please read the following articles:
    [e[1;31mERRORe[m] e[1m[Help 1]e[m MojoNotFoundException - Apache Maven - Apache Software Foundation
    Post stage

tried with different versions too 6.2.0 , 8.0.1 same error.

pom.xml :slight_smile:

				<!-- fail the build for CVSS greater than or equal to 5 -->
		                                  use internal mirroring of CVE
		                                  Suppress files 
				a company-wide suppression file and local project file 

Jenkins file snippet :

stage(‘Vulnerability Scan - Docker’) {
steps {
sh “mvn dependency-check: check”
post {
always {
dependencyCheckPublisher pattern: ‘target/dependecy-check-report.xml’

Did you use your project or from a lab ? If you use lab, please provide us the lab link and question.

Whatever, the value on failBuildOnCVSS is too high the maximum CVSS is 10 NVD - Vulnerability Metrics