org.owasp.dependencycheck.utils.SeverityUtil.unscoredToSeveritytext(String) is null

murat_k · April 7, 2025, 11:16am

We have Sonarqube Version 8.9.1 and Gradle Version

"org.owasp:dependency-check-gradle:8.4"

I have no access neither for server nor for the Sonarqube but when I deploy my Spring Boot Application via Jenkins, it does not success the dependencyAnalyze step. I get the following error:

* What went wrong:
Execution failed for task ':dependencyCheckAnalyze'.
> Invocation of method 'getHighestSeverityText' in  class org.owasp.dependencycheck.dependency.Vulnerability threw exception java.lang.NullPointerException: Cannot invoke "String.toUpperCase()" because the return value of "org.owasp.dependencycheck.utils.SeverityUtil.unscoredToSeveritytext(String)" is null at templates/htmlReport.vsl[line 830, column 43]

I have a couple of other applications and the pipeline settings are all the same.
Do you have any idea why it doesn’t work?
Thanks.

Colin · April 8, 2025, 2:15pm

Hey there.

You’re probably going to want to raise an issue with GitHub - dependency-check/DependencyCheck: OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies..

Topic		Replies	Views
[Quality Gates] : Owasp Dependency check SonarQube Server / Community Build	2	487	November 13, 2023
Sonar check failing SonarQube Server / Community Build java , sonarqube	1	186	October 11, 2023
XML-Analysis aborted SonarQube Server / Community Build	1	133	March 4, 2024
OWASP Report SonarCloud ingestion? SonarQube Cloud java	3	958	May 9, 2022
Unable to run check class org.sonar.java.checks.EnumMapCheck (raise NPE) SonarQube Cloud java , sonarqube-cloud	1	1141	October 1, 2018

org.owasp.dependencycheck.utils.SeverityUtil.unscoredToSeveritytext(String) is null

Related topics