diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzer.java index 7b259ad661f..e04066201f9 100644 --- a/core/src/main/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzer.java +++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzer.java @@ -134,7 +134,8 @@ protected void prepareAnalyzer(Engine engine) throws InitializationException { synchronized (FETCH_MUTIX) { if (StringUtils.isEmpty(getSettings().getString(KEYS.ANALYZER_OSSINDEX_USER, StringUtils.EMPTY)) || StringUtils.isEmpty(getSettings().getString(KEYS.ANALYZER_OSSINDEX_PASSWORD, StringUtils.EMPTY))) { - throw new InitializationException("Error initializing OSS Index analyzer due to missing user/password credentials. Authentication is now required: https://ossindex.sonatype.org/doc/auth-required"); + LOG.warn("Disabling OSS Index analyzer due to missing user/password credentials. Authentication is now required: https://ossindex.sonatype.org/doc/auth-required"); + setEnabled(false); } } } diff --git a/core/src/test/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest.java b/core/src/test/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest.java index 8b8c34492ad..4f4ad4c8f0f 100644 --- a/core/src/test/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest.java +++ b/core/src/test/java/org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest.java @@ -8,7 +8,6 @@ import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.naming.Identifier; import org.owasp.dependencycheck.dependency.naming.PurlIdentifier; -import org.owasp.dependencycheck.exception.InitializationException; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.Settings.KEYS; @@ -30,7 +29,7 @@ import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; class OssIndexAnalyzerTest extends BaseTest { @@ -252,18 +251,21 @@ void should_analyzeDependency_fail_when_socket_error_from_sonatype() throws Exce } @Test - void should_prepareAnalyzer_fail_when_credentials_not_set() throws Exception { + void should_prepareAnalyzer_disable_when_credentials_not_set() throws Exception { + // Given OssIndexAnalyzer analyzer = new OssIndexAnalyzer(); Settings settings = getSettings(); Engine engine = new Engine(settings); analyzer.initialize(settings); - try { - analyzer.prepareAnalyzer(engine); - assertThrows(InitializationException.class, () -> analyzer.prepareAnalyzer(engine)); - } catch (InitializationException e) { - analyzer.close(); - engine.close(); - } + + // When + analyzer.prepareAnalyzer(engine); + + // Then + boolean enabled = analyzer.isEnabled(); + analyzer.close(); + engine.close(); + assertFalse(enabled); } private static void setCredentials(final Settings settings) { diff --git a/src/site/markdown/analyzers/oss-index-analyzer.md b/src/site/markdown/analyzers/oss-index-analyzer.md index 65636da4f67..1cd259e1f3d 100644 --- a/src/site/markdown/analyzers/oss-index-analyzer.md +++ b/src/site/markdown/analyzers/oss-index-analyzer.md @@ -13,4 +13,6 @@ Sonatype [announced](https://ossindex.sonatype.org/doc/auth-required) that OSS I You can get an API Token following these steps: 1. [Sign In](https://ossindex.sonatype.org/user/signin) or [Sign Up](https://ossindex.sonatype.org/user/register) for free. -2. Get the API Token from user Settings. \ No newline at end of file +2. Get the API Token from user Settings. + +If no credentials are provided, this analyzer will be disabled.