cyclonedx-maven-plugin icon indicating copy to clipboard operation
cyclonedx-maven-plugin copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

includeProvidedScope=false not working, Could not transfer artifact, status: 401

Open hohwille opened this issue 2 years ago • 2 comments

I want to build SBOMs on my project.

mvn install

can collect all dependencies and gives me success:

[INFO] BUILD SUCCESS

However running your plugin like this:

mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.0:makeBom -DincludeProvidedScope=false

Gives me the following error:

[ERROR] Failed to execute goal org.cyclonedx:cyclonedx-maven-plugin:2.7.0:makeBom (default-cli) on project devon4j-json: An error occurred building dependency graph: Could not collect dependencies: com.devonfw.java.modules:devon4j-json:jar:2020.12.002-SNAPSHOT: Failed to collect dependencies at org.springframework.data:spring-data-commons:jar:2.3.3.RELEASE -> com.querydsl:querydsl-apt:jar:4.3.1 -> org.springframework.roo:org.springframework.roo.annotations:jar:1.2.3.RELEASE: Failed to read artifact descriptor for org.springframework.roo:org.springframework.roo.annotations:jar:1.2.3.RELEASE: Could not transfer artifact org.springframework.roo:org.springframework.roo.annotations:pom:1.2.3.RELEASE from/to spring-libs-release (https://repo.spring.io/libs-release): authentication failed for https://repo.spring.io/libs-release/org/springframework/roo/org.springframework.roo.annotations/1.2.3.RELEASE/org.springframework.roo.annotations-1.2.3.RELEASE.pom, status: 401 Unauthorized -> [Help 1]

However, when I look at the according POM querydsl-apt-4.3.1, I can see this:

dependency>
<groupId>org.springframework.roo</groupId>
<artifactId>org.springframework.roo.annotations</artifactId>
<version>1.2.3.RELEASE</version>
<scope>provided</scope>

As I specified includeProvidedScope=false I assume there is some bug in your plugin. Further I am confused why the download is happening from https://repo.spring.io/libs-release/org/springframework/roo/org.springframework.roo.annotations/1.2.3.RELEASE/org.springframework.roo.annotations-1.2.3.RELEASE.pom. My project is not configuring additional maven repositories so only maven central should be used. And maven central does not require authentication so I should never end up with 401.

hohwille avatar Jun 03 '22 13:06 hohwille

After version update to 2.7.0 facing issue with mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.0:makeBom Error logs:

org.springframework.boot:spring-boot-starter:jar:2.2.5.RELEASE -> org.springframework.boot:spring-boot-starter-logging:jar:2.2.5.RELEASE -> org.apache.logging.log4j:log4j-to-slf4j:jar:2.12.1 -> org.apache.logging.log4j:log4j-api:jar:2.12.1 -> org.apache.logging.log4j:log4j-api-java9:zip:2.12.1: Failed to read artifact descriptor for org.apache.logging.log4j:log4j-api-java9:zip:2.12.1: Could not transfer artifact org.apache.logging.log4j:log4j-api-java9:pom:2.12.1 from/to *** : ****authentication failed for ****/org/apache/logging/log4j/log4j-api-java9/2.12.1/log4j-api-java9-2.12.1.pom, status: 401 Unauthorized -> [Help 1]

The issue was not present when running older version mvn org.cyclonedx:cyclonedx-maven-plugin:2.6.2:makeBom

rrehman-hbk avatar Jun 21 '22 12:06 rrehman-hbk

Hello everyone , I am facing same issue as @rrehman-hbk any update on it ?

Anubhav357 avatar Jul 14 '22 13:07 Anubhav357