Custom Artifactory Setup : ERROR - Cannot extract the Maven information from the path retrieved in Artifactory

[obristp]

Describe the bug
We have setup Dependency-Check to use our Artifactory through a property file using the following options:

analyzer.artifactory.enabled=true
analyzer.artifactory.url=artifactoy-instance

During certain scans we got such kind of error:

2023-08-08 10:34:43,354 org.owasp.dependencycheck.App:213 ERROR - Cannot extract the Maven information from the path retrieved in Artifactory /download/postgresql-42.6.0.jar 2023-08-08 10:34:43,354 org.owasp.dependencycheck.App:214 DEBUG - unexpected error java.lang.IllegalStateException: Cannot extract the Maven information from the path retrieved in Artifactory /download/postgresql-42.6.0.jar at org.owasp.dependencycheck.data.artifactory.ArtifactorySearch.processResponse(ArtifactorySearch.java:223) at org.owasp.dependencycheck.data.artifactory.ArtifactorySearch.search(ArtifactorySearch.java:143) at org.owasp.dependencycheck.analyzer.ArtifactoryAnalyzer.analyzeDependency(ArtifactoryAnalyzer.java:199) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) at java.base/java.lang.Thread.run(Thread.java:1589) 2023-08-08 10:34:43,354 org.owasp.dependencycheck.utils.Settings:895

Into our Artifactory, the content related to this file is the following:

{
"results": [
{
"uri": "/api/storage/postgresql.org-cache/download/postgresql-42.6.0.jar"
},
{
"uri": "/api/storage/repo1.mvn-cache/org/postgresql/postgresql/42.6.0/postgresql-42.6.0.jar"
}
]
}

It seems that the system is taking the first element found in the list and error appears because of the pattern format that does not match with what is expected.
We can solve this problem if we remove the reference of the first element into our Artifactory.

Version of dependency-check used
The problem occurs using version 8.3.1 through CLI

Expected behavior
I would like to have a way to handle this error.
One solution I see is to add an option to include a list of repositories where the search of the file is made into Artifactory.
With the API used, https://jfrog.com/help/r/jfrog-rest-apis/checksum-search this seems to be possible.
Or a way to configure this generated error as a warning instead an error?

Additional context
I am using a property file to setup the default configuration. Ideally it would be good as well to get an additional option from the command line to offer the possibility to disable the usage of Artifactory.
Right now, it is only possible to enable it.

[aikebah]

@obristp Given that Artifactory REST Api requires access to an Artifactory Pro instance, which requires a paid license would you be able to assist me in testing a resolution once I've completed coding?