You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using ClearlyDefined as curation provider I get a SSLHandshakeException
To Reproduce
Steps to reproduce the behavior:
put a config.yml into your repo under <Repo-Root>/.ort/config/config.yml
add the content below
run docker run -v $PWD/:/project -v $PWD/.ort:/home/ort/.ort --rm ghcr.io/oss-review-toolkit/ort --info analyze -f JSON -i /project/src -o /project/ORT
See error
Expected behavior
No error. Curations are loaded correctly.
Console / log output
Add console and / or log output that shows the error and additional context.
No screenshots of plain text please, to keep text searchable.
09:55:28.503 [main] WARN org.ossreviewtoolkit.plugins.packagecurationproviders.clearlydefined.ClearlyDefinedPackageCurationProvider - Querying curations failed: SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: SunCertPathBuilderException: unable to find valid certification path to requested target
09:55:28.504 [main] INFO org.ossreviewtoolkit.model.utils.ConfigurationResolver - Getting 0 package curation(s) from provider 'ClearlyDefined' took 420.417503ms.
Wrote analyzer result to '/project/ORT/analyzer-result.json' (0.02 MiB) in 505.252100ms.
The analysis took 9.722949524s.
Found 2 project(s) and 2 package(s) in total (not counting excluded ones).
Applied 0 curation(s)
Environment
Output of the ort requirements command:
Default latest docker image.
______________________________
/ \_______ \__ ___/ The OSS Review Toolkit, version 22.6.0,
| | | | _/ | | built with JDK 11.0.23+9, running under Java 17
| | | | | \ | | Executing 'requirements' as 'ort' on Linux
\________/ |____|___/ |____| with 12 CPUs and a maximum of 3954 MiB of memor
Environment variables:
ORT_CONFIG_DIR = /home/ort/.ort/config
ORT_DATA_DIR = /home/ort/.ort
HOME = /home/ort
JAVA_HOME = /opt/java/openjdk
ANDROID_HOME = /opt/android-sdk
Looking for ORT configuration in the following file:
/home/ort/.ort/config/config.yml (does not exist)
AdviceProviderFactory plugins:
* GitHubDefects
* NexusIQ
* OssIndex
* OSV
* VulnerableCode
OrtCommand plugins:
* advise
* analyze
* compare
* config
* download
* evaluate
* migrate
* notify
* report
* requirements
* scan
* upload-curations
* upload-result-to-postgres
* upload-result-to-sw360
PackageConfigurationProviderFactory plugins:
* DefaultDir
* Dir
* OrtConfig
PackageCurationProviderFactory plugins:
* ClearlyDefined
* DefaultDir
* DefaultFile
* File
* OrtConfig
* SW360
PackageManagerFactory plugins:
* Bazel
* Bower
* Bundler
* Cargo
* Carthage
* CocoaPods
* Composer
* Conan
* GoMod
* Gradle
* GradleInspector
* Maven
* NPM
* NuGet
* PIP
* Pipenv
* PNPM
* Poetry
* Pub
* SBT
* SpdxDocumentFile
* Stack
* SwiftPM
* Unmanaged
* Yarn
* Yarn2
Reporter plugins:
* CtrlXAutomation
* CycloneDx
* DocBookTemplate
* EvaluatedModel
* FossId
* FossIdSnippet
* GitLabLicenseModel
* HtmlTemplate
* ManPageTemplate
* Opossum
* PdfTemplate
* PlainTextTemplate
* SpdxDocument
* StaticHtml
* TrustSource
* WebApp
ScannerWrapperFactory plugins:
* Askalono
* BoyterLc
* FossId
* Licensee
* ScanCode
* SCANOSS
VersionControlSystem plugins:
* Git
* GitRepo
* Mercurial
* Subversion
Scanners:
- Askalono: Requires 'askalono' in no specific version. Tool not found.
- BoyterLc: Requires 'lc' in no specific version. Tool not found.
- Licensee: Requires 'licensee' in no specific version. Tool not found.
* ScanCode: Requires 'scancode' in version >=3.0.0. Found version 32.1.0.
PackageManagers:
* Bazel: Requires 'bazel' in version >=7.0.0. Found version 7.0.1.
* Bower: Requires 'bower' in version >=1.8.8. Found version 1.8.14.
* Cargo: Requires 'cargo' in no specific version. Found version 1.72.0.
* CocoaPods: Requires 'pod' in version >=1.11.0. Found version 1.15.2.
* Composer: Requires 'composer' in version >=1.5.0. Found version 2.2.23.
* Conan: Requires 'conan' in version >=1.18.0. Found version 1.63.0.
* GoMod: Requires 'go' in version >=1.21.1. Found version 1.22.2.
* Npm: Requires 'npm' in version >=6.0.0 and <11.0.0. Found version 10.5.0.
+ NuGetInspector: Requires 'nuget-inspector' in no specific version. Could not determine the version.
* Pipenv: Requires 'pipenv' in version >=2018.10.9. Found version 2023.12.1.
* Pnpm: Requires 'pnpm' in version >=5.0.0 and <9.0.0. Found version 8.10.3.
* Poetry: Requires 'poetry' in no specific version. Found version 1.8.3.
* Pub: Requires 'dart' in version >=2.10.0. Found version 2.18.4.
* PythonInspector: Requires 'python-inspector' in version >=0.9.2. Found version 0.10.0.
+ Sbt: Requires 'sbt' in version >=0.13.0. Could not determine the version.
* Stack: Requires 'stack' in version >=2.1.1. Found version 2.15.7.
* SwiftPm: Requires 'swift' in no specific version. Found version 5.9.2.
* Yarn: Requires 'yarn' in version >=1.3.0 and <1.23.0. Found version 1.22.19.
VersionControlSystems:
* GitCommand: Requires 'git' in version >=2.29.0. Found version 2.34.1.
* GitRepo: Requires 'repo' in no specific version. Found version 2.45 (launcher).
* MercurialCommand: Requires 'hg' in no specific version. Found version 6.7.3.
And specify (relevant parts of) your ORT configuration (config.yml):
Caused by: ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: SunCertPathBuilderException: unable to find valid certification path to requested target
means that the JVM that runs ORT is lacking the proper SSL certificates. The Docker image build should actually ensure to have up-to-date SSL certifictes (also see scripts/import_certificates.sh), so we need to look what's going on.
Describe the bug
When using ClearlyDefined as curation provider I get a SSLHandshakeException
To Reproduce
Steps to reproduce the behavior:
config.yml
into your repo under<Repo-Root>/.ort/config/config.yml
docker run -v $PWD/:/project -v $PWD/.ort:/home/ort/.ort --rm ghcr.io/oss-review-toolkit/ort --info analyze -f JSON -i /project/src -o /project/ORT
Expected behavior
No error. Curations are loaded correctly.
Console / log output
Add console and / or log output that shows the error and additional context.
No screenshots of plain text please, to keep text searchable.
Environment
Output of the
ort requirements
command:Default latest docker image.
And specify (relevant parts of) your ORT configuration (
config.yml
):The text was updated successfully, but these errors were encountered: