Comments (5)
Sometimes the NVD API, not owned by this project, will throttle requests and/or have bandwidth issues. We highly recommend either mirroring the NVD or keeping the data directory in tact between scans. See:
- https://jeremylong.github.io/DependencyCheck/data/cacheh2.html
- https://jeremylong.github.io/DependencyCheck/data/mirrornvd.html
from dependencycheck.
Thanks @jeremylong.
In fact this is my mirroring job ("update-only" goal of the Maven plugin) which has been failing for nearly a week. This job updates a PGSQL Database. The analyze jobs using the DB in read-only only do not fail.
Usually, when problems do not come from my side, I see here other people complaining but as I see no-one but myself complaining right now, I fear I have a problem.
from dependencycheck.
from dependencycheck.
Validate your api key is still valid.
it is... I tested it with the curl command and I got correct answer, while if I change any character in the key I got "invalid key" (or similar).
I'm missing something but what ?...
from dependencycheck.
Problem solved, sorry, this was a problem with my company's firewall (Palo alto) which auto updated and was refusing the connection to nvd.nist.gov because it detected something...
My Dependency Track instance suffered from the same problem silently...
Beware the firewalls... :/
Thanks for your support Jeremy and sorry for the false problem.
from dependencycheck.
Related Issues (20)
- java.lang.NullPointerException during mvn org.owasp:dependency-check-maven:aggregate HOT 10
- Different result when running owasp dependency check on java maven project HOT 8
- [FP]: ejs 3.1.10 for CVE-2023-29827 HOT 2
- Running SonarQube on localhost, DependencyCheck cannot find HTML report HOT 6
- [INFO] Checking for updates [WARN] An NVD API Key was not provided - it is highly recommended to use an NVD API key as the update can take a VERY long time without an API Key [ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error HOT 3
- [FP]: org.tukaani:xz:1.9 HOT 3
- [FP]: bcpg-fips 1.0.7.1 flagged for CVE-2020-26939 HOT 4
- Failed to process CVE-2024-8033 HOT 1
- Require maven 3.6.3 or above for the Maven plugin HOT 2
- Error when using --cveUrlModified parameter. How should I rather provide local cveURLModified? HOT 3
- Failed to process CVE-2024-8033 - Java nulle HOT 1
- Failed to process CVE-2024-8033 - java.lang.NullPointerException HOT 3
- How to determine the location of an outdated dependency definition HOT 2
- External database configuration should not require specification of a Database Driver class
- The certificate for nvd.nist.gov expired on 01/09/2024. HOT 3
- get TLS Certificate errors while executing dependency-check.bat for my repo HOT 6
- [FP]: False positive with Gradle Gretty plugin HOT 4
- stanford-corenlp-4.5.1.jar false positive HOT 5
- Export reports from Sonarqube HOT 1
- [Question] What's the difference between this tool and owasp-dep-scan HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependencycheck.