After the CVSS v4.0 is added to NVD Jenkins dependency-check-plugin cannot parse xml output of OWASP dependency-check in version 10.0.1.
Error:
[Pipeline] dependencyCheckPublisher
[DependencyCheck] Collecting Dependency-Check artifact
[DependencyCheck] Parsing file <report_file>.xml
[DependencyCheck] Unable to parse <report_file>.xml
[DependencyCheck] Unsupported Dependency-Check schema version detected
I tried to use OWASP dependency-check v10.0.1 to only download database and v9.2.0 to produce the output from downloaded data. It make the OWASP issues appear in Jenkins but I am not sure that there would be no bugs in an output produced by older version, when the never version is downloading the database.
It would be great to see the relevant OWASP findings in Jenkins UI and be sure that they are parsed correctly.
Is anyone aware of possible reliable workaround? Or maybe the one I mentioned can be tested and proven to be reliable?
UPDATE 08.07.2024
No changes after release of dependency-check 10.0.2. Xml generated by using this version only also fails to be loaded and displayed in Jenkins. Error is the same.
had the same issue. upgrading the OWASP Dependency-Check-jenkins-plugin to 5.5.1 did the trick