Build getting killed


When using a CentOS or Ubuntu based build image, our build is getting killed:

[INFO] NVD CVE requires several updates; this could take a couple of minutes.
... snip ...
[INFO] Processing Complete for NVD CVE - 2009  (8987 ms)
[INFO] Processing Started for NVD CVE - 2010
Received 'killed' signal

This happens when the OWASP Dependency Check Maven plugin is analyzing our dependencies for known CVEs.

Here’s the configuration for that plugin:


The build doesn’t get killed if using an Alpine based image, but we have other problems building w/ an Alpine image. This Dockerfile is sufficient to cause the problem:

FROM centos:7


RUN yum -y install java-1.8.0-openjdk-devel \
                   git \
                   unzip \
                   which && \
    yum clean all && \
    alternatives --install /usr/bin/java java /usr/java/latest/bin/java 1 && \
    alternatives --auto java

RUN cd /tmp && \
    curl "" -o "apache-maven-3.3.9-bin.tar.gz" --progress-bar && \
    tar xzf apache-maven-3.3.9-bin.tar.gz && \
    mkdir /usr/local/maven && \
    mv apache-maven-3.3.9 /usr/local/maven && \
    alternatives --install /usr/bin/mvn mvn /usr/local/maven/apache-maven-3.3.9/bin/mvn 1 && \
    alternatives --auto mvn && \
    rm apache-maven-3.3.9-bin.tar.gz

CMD ["/bin/bash"]

Any help would be appreciated.


Are you passing any Java args to restrict the memory? If not, you should.


No, we aren’t. Recommendations?

edit: this seems to have fixed it:

  - image: our-custom-build-image
      MAVEN_OPTS: "-Xms256m -Xmx1024m"

Thanks for the suggestion.


I should also note that if I run this build image locally, the build completes successfully.


This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.