Describe the bug
The jf audit command exit status 1 when running on maven project caused by failed to generate SBOM
Current behavior
running jf audit on maven project get the error response:
10:20:07 [🔵Info] Trace ID for JFrog Platform logs: cd8da54d7de5b9ce
10:20:07 [🚨Error] target '/Users/myuser/myproject [maven]' errors:
failed to generate SBOM for /Users/545032/projects/cig-spring-boot: failed to build dependency tree: failed while building 'maven' dependency tree: failed running command 'mvn org.apache.maven.plugins:maven-install-plugin:3.1.1:install-file -Dfile=/var/folders/_h/sn8zbv317h9b6zjc23dgp4140000gq/T/jfrog.cli.temp.-1776359984-34666857/maven-dep-tree.jar -B': exit status 1
Reproduction steps
Create a new maven project. The install plugin version 3.1.4 and override dependency plexus-util:4.0.3
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>3.1.4</version>
<dependencies>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>4.0.3</version>
</dependency>
</dependencies>
</plugin>
run jf audit
Expected behavior
This is caused by jf audit restrict the maven-install-plugin at version 3.1.1 which is not compatible with new plexus-util versions. The previous versions of plexus-util has high vulunerability issue.
I would suggest not restrict the maven-install-plugin version and let the target maven project to maintain the dependencies.
The code related to this is:
|
return []string{"org.apache.maven.plugins:maven-install-plugin:3.1.1:install-file", "-Dfile=" + pluginPath, "-B"} |
The error trace of maven:
[INFO] --- install:3.1.1:install-file (default-cli) @ cig-spring-boot-parent ---
[WARNING] Error injecting: org.apache.maven.plugins.install.InstallFileMojo
java.lang.NoClassDefFoundError: org/codehaus/plexus/util/xml/XmlStreamWriter
at java.lang.Class.getDeclaredConstructors0 (Native Method)
at java.lang.Class.privateGetDeclaredConstructors (Class.java:2985)
at java.lang.Class.getDeclaredConstructors (Class.java:2354)
at com.google.inject.spi.InjectionPoint.forConstructorOf (InjectionPoint.java:299)
at com.google.inject.internal.ConstructorBindingImpl.create (ConstructorBindingImpl.java:121)
at com.google.inject.internal.InjectorImpl.createUninitializedBinding (InjectorImpl.java:715)
at com.google.inject.internal.InjectorImpl.createJustInTimeBinding (InjectorImpl.java:941)
at com.google.inject.internal.InjectorImpl.createJustInTimeBindingRecursive (InjectorImpl.java:863)
at com.google.inject.internal.InjectorImpl.getJustInTimeBinding (InjectorImpl.java:300)
at com.google.inject.internal.InjectorImpl.getBindingOrThrow (InjectorImpl.java:223)
at com.google.inject.internal.InjectorImpl.getProviderOrThrow (InjectorImpl.java:1093)
at com.google.inject.internal.InjectorImpl.getProvider (InjectorImpl.java:1122)
at com.google.inject.internal.InjectorImpl.getProvider (InjectorImpl.java:1087)
at com.google.inject.internal.InjectorImpl.getInstance (InjectorImpl.java:1139)
at org.eclipse.sisu.space.AbstractDeferredClass.get (AbstractDeferredClass.java:50)
at com.google.inject.internal.ProviderInternalFactory.provision (ProviderInternalFactory.java:86)
at com.google.inject.internal.InternalFactoryToInitializableAdapter.provision (InternalFactoryToInitializableAdapter.java:57)
at com.google.inject.internal.ProviderInternalFactory$1.call (ProviderInternalFactory.java:67)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision (ProvisionListenerStackCallback.java:109)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision (ProvisionListenerStackCallback.java:124)
at com.google.inject.internal.ProvisionListenerStackCallback.provision (ProvisionListenerStackCallback.java:66)
at com.google.inject.internal.ProviderInternalFactory.circularGet (ProviderInternalFactory.java:62)
at com.google.inject.internal.InternalFactoryToInitializableAdapter.get (InternalFactoryToInitializableAdapter.java:47)
at com.google.inject.internal.InjectorImpl$1.get (InjectorImpl.java:1101)
at org.eclipse.sisu.inject.Guice4$2.get (Guice4.java:235)
at org.eclipse.sisu.inject.LazyBeanEntry.getValue (LazyBeanEntry.java:83)
at org.eclipse.sisu.plexus.LazyPlexusBean.getValue (LazyPlexusBean.java:53)
at org.codehaus.plexus.DefaultPlexusContainer.lookup (DefaultPlexusContainer.java:267)
at org.codehaus.plexus.DefaultPlexusContainer.lookup (DefaultPlexusContainer.java:259)
at org.apache.maven.plugin.internal.DefaultMavenPluginManager.getConfiguredMojo (DefaultMavenPluginManager.java:491)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:114)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:104)
at java.lang.reflect.Method.invoke (Method.java:565)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314)
Caused by: java.lang.ClassNotFoundException: org.codehaus.plexus.util.xml.XmlStreamWriter
at org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy.loadClass (SelfFirstStrategy.java:42)
at org.codehaus.plexus.classworlds.realm.ClassRealm.unsynchronizedLoadClass (ClassRealm.java:225)
at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass (ClassRealm.java:210)
at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass (ClassRealm.java:205)
at java.lang.Class.getDeclaredConstructors0 (Native Method)
at java.lang.Class.privateGetDeclaredConstructors (Class.java:2985)
at java.lang.Class.getDeclaredConstructors (Class.java:2354)
at com.google.inject.spi.InjectionPoint.forConstructorOf (InjectionPoint.java:299)
at com.google.inject.internal.ConstructorBindingImpl.create (ConstructorBindingImpl.java:121)
at com.google.inject.internal.InjectorImpl.createUninitializedBinding (InjectorImpl.java:715)
at com.google.inject.internal.InjectorImpl.createJustInTimeBinding (InjectorImpl.java:941)
at com.google.inject.internal.InjectorImpl.createJustInTimeBindingRecursive (InjectorImpl.java:863)
at com.google.inject.internal.InjectorImpl.getJustInTimeBinding (InjectorImpl.java:300)
at com.google.inject.internal.InjectorImpl.getBindingOrThrow (InjectorImpl.java:223)
at com.google.inject.internal.InjectorImpl.getProviderOrThrow (InjectorImpl.java:1093)
at com.google.inject.internal.InjectorImpl.getProvider (InjectorImpl.java:1122)
at com.google.inject.internal.InjectorImpl.getProvider (InjectorImpl.java:1087)
at com.google.inject.internal.InjectorImpl.getInstance (InjectorImpl.java:1139)
at org.eclipse.sisu.space.AbstractDeferredClass.get (AbstractDeferredClass.java:50)
at com.google.inject.internal.ProviderInternalFactory.provision (ProviderInternalFactory.java:86)
at com.google.inject.internal.InternalFactoryToInitializableAdapter.provision (InternalFactoryToInitializableAdapter.java:57)
at com.google.inject.internal.ProviderInternalFactory$1.call (ProviderInternalFactory.java:67)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision (ProvisionListenerStackCallback.java:109)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision (ProvisionListenerStackCallback.java:124)
at com.google.inject.internal.ProvisionListenerStackCallback.provision (ProvisionListenerStackCallback.java:66)
at com.google.inject.internal.ProviderInternalFactory.circularGet (ProviderInternalFactory.java:62)
at com.google.inject.internal.InternalFactoryToInitializableAdapter.get (InternalFactoryToInitializableAdapter.java:47)
at com.google.inject.internal.InjectorImpl$1.get (InjectorImpl.java:1101)
at org.eclipse.sisu.inject.Guice4$2.get (Guice4.java:235)
at org.eclipse.sisu.inject.LazyBeanEntry.getValue (LazyBeanEntry.java:83)
at org.eclipse.sisu.plexus.LazyPlexusBean.getValue (LazyPlexusBean.java:53)
at org.codehaus.plexus.DefaultPlexusContainer.lookup (DefaultPlexusContainer.java:267)
at org.codehaus.plexus.DefaultPlexusContainer.lookup (DefaultPlexusContainer.java:259)
at org.apache.maven.plugin.internal.DefaultMavenPluginManager.getConfiguredMojo (DefaultMavenPluginManager.java:491)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:114)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:104)
at java.lang.reflect.Method.invoke (Method.java:565)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314)
[INFO] ------------------------------------------------------------------------
JFrog CLI-Security version
1.27.0
JFrog CLI version (if applicable)
2.100.0
Operating system type and version
MacOS 26.4.1
JFrog Xray version
No response
Describe the bug
The
jf auditcommandexit status 1when running on maven project caused byfailed to generate SBOMCurrent behavior
running
jf auditon maven project get the error response:10:20:07 [🔵Info] Trace ID for JFrog Platform logs: cd8da54d7de5b9ce
10:20:07 [🚨Error] target '/Users/myuser/myproject [maven]' errors:
failed to generate SBOM for /Users/545032/projects/cig-spring-boot: failed to build dependency tree: failed while building 'maven' dependency tree: failed running command 'mvn org.apache.maven.plugins:maven-install-plugin:3.1.1:install-file -Dfile=/var/folders/_h/sn8zbv317h9b6zjc23dgp4140000gq/T/jfrog.cli.temp.-1776359984-34666857/maven-dep-tree.jar -B': exit status 1
Reproduction steps
Create a new maven project. The install plugin version 3.1.4 and override dependency plexus-util:4.0.3
run
jf auditExpected behavior
This is caused by jf audit restrict the maven-install-plugin at version 3.1.1 which is not compatible with new plexus-util versions. The previous versions of plexus-util has high vulunerability issue.
I would suggest not restrict the maven-install-plugin version and let the target maven project to maintain the dependencies.
The code related to this is:
jfrog-cli-security/sca/bom/buildinfo/technologies/java/mvn.go
Line 128 in 6d931c9
The error trace of maven:
[INFO] --- install:3.1.1:install-file (default-cli) @ cig-spring-boot-parent ---
[WARNING] Error injecting: org.apache.maven.plugins.install.InstallFileMojo
java.lang.NoClassDefFoundError: org/codehaus/plexus/util/xml/XmlStreamWriter
at java.lang.Class.getDeclaredConstructors0 (Native Method)
at java.lang.Class.privateGetDeclaredConstructors (Class.java:2985)
at java.lang.Class.getDeclaredConstructors (Class.java:2354)
at com.google.inject.spi.InjectionPoint.forConstructorOf (InjectionPoint.java:299)
at com.google.inject.internal.ConstructorBindingImpl.create (ConstructorBindingImpl.java:121)
at com.google.inject.internal.InjectorImpl.createUninitializedBinding (InjectorImpl.java:715)
at com.google.inject.internal.InjectorImpl.createJustInTimeBinding (InjectorImpl.java:941)
at com.google.inject.internal.InjectorImpl.createJustInTimeBindingRecursive (InjectorImpl.java:863)
at com.google.inject.internal.InjectorImpl.getJustInTimeBinding (InjectorImpl.java:300)
at com.google.inject.internal.InjectorImpl.getBindingOrThrow (InjectorImpl.java:223)
at com.google.inject.internal.InjectorImpl.getProviderOrThrow (InjectorImpl.java:1093)
at com.google.inject.internal.InjectorImpl.getProvider (InjectorImpl.java:1122)
at com.google.inject.internal.InjectorImpl.getProvider (InjectorImpl.java:1087)
at com.google.inject.internal.InjectorImpl.getInstance (InjectorImpl.java:1139)
at org.eclipse.sisu.space.AbstractDeferredClass.get (AbstractDeferredClass.java:50)
at com.google.inject.internal.ProviderInternalFactory.provision (ProviderInternalFactory.java:86)
at com.google.inject.internal.InternalFactoryToInitializableAdapter.provision (InternalFactoryToInitializableAdapter.java:57)
at com.google.inject.internal.ProviderInternalFactory$1.call (ProviderInternalFactory.java:67)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision (ProvisionListenerStackCallback.java:109)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision (ProvisionListenerStackCallback.java:124)
at com.google.inject.internal.ProvisionListenerStackCallback.provision (ProvisionListenerStackCallback.java:66)
at com.google.inject.internal.ProviderInternalFactory.circularGet (ProviderInternalFactory.java:62)
at com.google.inject.internal.InternalFactoryToInitializableAdapter.get (InternalFactoryToInitializableAdapter.java:47)
at com.google.inject.internal.InjectorImpl$1.get (InjectorImpl.java:1101)
at org.eclipse.sisu.inject.Guice4$2.get (Guice4.java:235)
at org.eclipse.sisu.inject.LazyBeanEntry.getValue (LazyBeanEntry.java:83)
at org.eclipse.sisu.plexus.LazyPlexusBean.getValue (LazyPlexusBean.java:53)
at org.codehaus.plexus.DefaultPlexusContainer.lookup (DefaultPlexusContainer.java:267)
at org.codehaus.plexus.DefaultPlexusContainer.lookup (DefaultPlexusContainer.java:259)
at org.apache.maven.plugin.internal.DefaultMavenPluginManager.getConfiguredMojo (DefaultMavenPluginManager.java:491)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:114)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:104)
at java.lang.reflect.Method.invoke (Method.java:565)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314)
Caused by: java.lang.ClassNotFoundException: org.codehaus.plexus.util.xml.XmlStreamWriter
at org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy.loadClass (SelfFirstStrategy.java:42)
at org.codehaus.plexus.classworlds.realm.ClassRealm.unsynchronizedLoadClass (ClassRealm.java:225)
at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass (ClassRealm.java:210)
at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass (ClassRealm.java:205)
at java.lang.Class.getDeclaredConstructors0 (Native Method)
at java.lang.Class.privateGetDeclaredConstructors (Class.java:2985)
at java.lang.Class.getDeclaredConstructors (Class.java:2354)
at com.google.inject.spi.InjectionPoint.forConstructorOf (InjectionPoint.java:299)
at com.google.inject.internal.ConstructorBindingImpl.create (ConstructorBindingImpl.java:121)
at com.google.inject.internal.InjectorImpl.createUninitializedBinding (InjectorImpl.java:715)
at com.google.inject.internal.InjectorImpl.createJustInTimeBinding (InjectorImpl.java:941)
at com.google.inject.internal.InjectorImpl.createJustInTimeBindingRecursive (InjectorImpl.java:863)
at com.google.inject.internal.InjectorImpl.getJustInTimeBinding (InjectorImpl.java:300)
at com.google.inject.internal.InjectorImpl.getBindingOrThrow (InjectorImpl.java:223)
at com.google.inject.internal.InjectorImpl.getProviderOrThrow (InjectorImpl.java:1093)
at com.google.inject.internal.InjectorImpl.getProvider (InjectorImpl.java:1122)
at com.google.inject.internal.InjectorImpl.getProvider (InjectorImpl.java:1087)
at com.google.inject.internal.InjectorImpl.getInstance (InjectorImpl.java:1139)
at org.eclipse.sisu.space.AbstractDeferredClass.get (AbstractDeferredClass.java:50)
at com.google.inject.internal.ProviderInternalFactory.provision (ProviderInternalFactory.java:86)
at com.google.inject.internal.InternalFactoryToInitializableAdapter.provision (InternalFactoryToInitializableAdapter.java:57)
at com.google.inject.internal.ProviderInternalFactory$1.call (ProviderInternalFactory.java:67)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision (ProvisionListenerStackCallback.java:109)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision (ProvisionListenerStackCallback.java:124)
at com.google.inject.internal.ProvisionListenerStackCallback.provision (ProvisionListenerStackCallback.java:66)
at com.google.inject.internal.ProviderInternalFactory.circularGet (ProviderInternalFactory.java:62)
at com.google.inject.internal.InternalFactoryToInitializableAdapter.get (InternalFactoryToInitializableAdapter.java:47)
at com.google.inject.internal.InjectorImpl$1.get (InjectorImpl.java:1101)
at org.eclipse.sisu.inject.Guice4$2.get (Guice4.java:235)
at org.eclipse.sisu.inject.LazyBeanEntry.getValue (LazyBeanEntry.java:83)
at org.eclipse.sisu.plexus.LazyPlexusBean.getValue (LazyPlexusBean.java:53)
at org.codehaus.plexus.DefaultPlexusContainer.lookup (DefaultPlexusContainer.java:267)
at org.codehaus.plexus.DefaultPlexusContainer.lookup (DefaultPlexusContainer.java:259)
at org.apache.maven.plugin.internal.DefaultMavenPluginManager.getConfiguredMojo (DefaultMavenPluginManager.java:491)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:114)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:104)
at java.lang.reflect.Method.invoke (Method.java:565)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314)
[INFO] ------------------------------------------------------------------------
JFrog CLI-Security version
1.27.0
JFrog CLI version (if applicable)
2.100.0
Operating system type and version
MacOS 26.4.1
JFrog Xray version
No response