Solutions to Common Problems 6.4.0
This page lists and describes problems, possible causes, and solutions.
WARNING: An illegal reflective access operation has occurred
Symptom
A block of warnings may appear in Synopsys Detect's logs similar to the following:
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (file:/Users/myuser/.gradle/caches/modules-2/files-2.1/org.codehaus.groovy/groovy-all/2.4.12/760afc568cbd94c09d78f801ce51aed1326710af/groovy-all-2.4.12.jar) to method java.lang.Object.finalize()
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release |
Possible cause
Running Synopsys Detect with Java 11 can cause these warnings.
This is a known issue with Apache since Groovy 2.4.11. See GROOVY-8339.
Synopsys Detect's use of Groovy 2 is the result of using Spring Boot 2.2.4.RELEASE which currently depends on Groovy 2.
Solution
Currently, we have observed no adverse effects on Synopsys Detect as a result of these warnings.
The issue is fixed in Groovy 3 as per GROOVY-8339.
Clients running Synopsys Detect with Java 11 will see these warnings until the Spring Boot project upgrades its Groovy dependencies to Groovy 3 and Synopsys Detect upgrades Spring Boot.
Source Code
The relevant source code within Synopsys Detect.
synopsys-detect/build.gradle#L15)
The relevant source code within Spring Boot.
spring-boot-dependencies/pom.xml#L69
DETECT_SOURCE was not set or computed correctly
Symptom
detect.sh fails with the following: DETECT_SOURCE was not set or computed correctly, please check your configuration and environment.
Possible cause
detect.sh is trying to execute this command:
curl --silent --header \"X-Result-Detail: info\" https://sig-repo.synopsys.com/api/storage/bds-integrations-release/com/synopsys/integration/synopsys-detect?properties=DETECT_LATEST |
The response to this command should be similar to the following:
{
"properties" : {
"DETECT_LATEST" : [ "https://sig-repo.synopsys.com/bds-integrations-release/com/synopsys/integration/synopsys-detect/5.6.1/synopsys-detect-5.6.1.jar" ]
},
"uri" : "https://sig-repo.synopsys.com/api/storage/bds-integrations-release/com/synopsys/integration/synopsys-detect"
} |
When that command does not successfully return a value for property DETECT_LATEST, detect.sh reports:
Solution
If the curl command described above does not successfully return a value for property DETECT_LATEST, you must determine why, and make the changes necessary so that curl command works.
Synopsys Detect succeeds, but the results are incomplete because package managers or sub-projects were overlooked
Symptom
In this scenario, everything succeeds, but many or all components are missed. The log shows that package managers were not recognized and/or sub-projects were overlooked.
Possible cause
The detector search depth needs to be increased. The default value (0
) limits the search for package manager files to the project directory. If project manager files are located in subdirectories and/or there are sub-projects, this depth should be increased to enable Synopsys Detect to find the relevant files, so it will run the appropriate detector(s).
Refer to detector search depth for more details.
Docker Inspector error fails after logging: "The Black Duck URL must be specified"
Symptom
When running a version of Synopsys Detect prior to Synopsys Detect version 5.6.0, the Synopsys Detect Status block reports DOCKER: FAILURE, and the following error appears in the Docker Inspector log: Docker Inspector error: Error inspecting image: The Black Duck url must be specified. Either an API token or a username/password must be specified.
Possible cause
Synopsys Detect 5.5.1 and earlier have a bug that prevents them from working with Docker Inspector 8.2.0 and newer. The fix is in Synopsys Detect 5.6.0.
Solution
There are two possible solutions:
Upgrade to Synopsys Detect 5.6.0 or newer,
OrConfigure Synopsys Detect to use Docker Inspector 8.1.6 with the argument:
--detect.docker.inspector.version=8.1.6
Synopsys Detect fails and a TRACE log shows an HTTP response from Black Duck of "402 Payment Required" or "502 Bad Gateway"
Symptom
Synopsys Detect fails, and a TRACE log contains "402 Payment Required" or "502 Bad Gateway".
Possible cause
Black Duck does not have a required feature (notifications, binary analysis, etc.) enabled.
Solution
Enable the required feature on the Black Duck server.
Unexpected behavior running Synopsys Detect on a project that uses Spring Boot
Symptom
Unexpected behavior, and/or unexpected property values are shown in the log.
Possible cause
If your source directory contains Spring Framework configuration files named application.properties, application.yml, or application.xml that are written for any application other than Synopsys Detect, you should not run Synopsys Detect from your source directory.
Solution
To prevent Synopsys Detect from reading those files, run Synopsys Detect from a different directory. Use the following property to point to your source directory.
PKIX error connecting to Black Duck
Symptom
Exception: Could not communicate with Black Duck: Could not perform the authorization request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Possible cause
The Black Duck server certificate is not in Java's keystore.
Solution
Acquire the certificate file for your Black Duck server.
Determine which java executable is being used to run Synopsys Detect. If you run
detect.sh
ordetect.sh
, that is either$JAVA_HOME/bin/java
(the default) or the first java found on your$PATH
.Determine the Java home directory for that java executable.
Run keytool to install the Black Duck server certificate into the keystore in that Java home directory.
Although not recommended, it is possible to disable the certificate check with the trust cert property.
Not Extractable: NUGET - Solution INFO [main] -- Exception occurred: java.nio.file.InvalidPathException
Symptom
Running Synopsys Detect on a NuGet project on Windows, a message similar to the following appears in the Synopsys Detect log:
Possible cause
The value of $PATH contains a whitespace character after a semicolon and the path mentioned in the log message.
Solution
Remove spaces immediately following semicolons in the value of $PATH.
No project name/version provided or derived
Symptom
Upload to Black Duck fails with a message similar to the following in the log:
Possible cause
No project name and version were provided via properties and no Synopsys Detect tool capable of deriving a project name and version was included in the run. For example, you will get this (or a similar) error if you run with --detect.tools.BINARY_SCANNER and do not set --detect.project.name or --detect.project.version.name.
Solution
Set --detect.project.name and --detect.project.version.name.
©2018 Synopsys, Inc. All Rights Reserved