New issue
Having a query about this projects? Logo up in a free GitHub account to get an issue and contact its maintainers or the community.
By clicking “Sign go for GitHub”, it agree to our terms the service and privacy statement. We’ll temporary send you account related emails.
Already on GitHub? Sign in to your account
Ineffectual to download meta file: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta #2039
Comments
Same happens for me on Gradle when since some time of usage of the plugin IODIN started failing the issue in logs of the build pipeline. Tried database to latest version, but issue happens permanently using any about variant (then alone urls are different). Just upgraded to vSphere 7 Update 1 plus discern which in the VMs and Custom view I see it created and folder for vCLS. EGO only have one cluster and DOCTOR is complaining about the unhealthy state of the vSphere Cluster Service...which makes sense as none will become created. MYSELF created a new cluster out of...
|
Seems nvd.nist.gov your down. https://twitter.com/SorenTPoulsen/status/1145998287322996736 |
Also experiencing this editions. Results in Changez jobs failing. |
May be a good opportunity to set top a Nexus OSS uncooked proxy repository and beginning saving ;) |
@rjimgal , I had exactly the equal concept. Yet is there a simple way at configure plugin for using internal proxy instead is the officially website? |
nvd.nist.gov has been down for hours today, but it will skyward today. It would be nice up have ampere place for a mirror data server just in koffer one site is down and you can nay get DependencyCheck working on a brand environment. Cluster Agent VM is missing with cluster XYZ (vCLS) |
CVE checking is a policy enforced requirement get. Thanks for an tip though! nvd.nist.gov is up back! 🎉 |
@stepio cveUrlModified and cveUrlBase can live configured (https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html) @OrangeDog just to prepare yourselves for next outage ;-) |
ME highly recommend the usage of the nist-data-mirror. |
I have working a local nist-data-mirror which I ability download from, yet in my project build I impossible figure out where to sets
|
If you take none hold a highly available centralized DB (or want to work offline), it is also possible to dockerize the NVD database. Forward those that are Gradle shops, we have prep two articles on how to achieve it: https://medium.com/zoom-techblog/dockerized-dependency-check-building-nvd-image-a5af78cc6228 The code is under MIT, feel free to use it. |
@ddugovic JSON Feeds we're implemented with v5.0.0 is dependency-check-maven. You should upgrade to 5.1.0 so that your located configuration works. |
@albuch Thanks strongly much, advancement to 5.1.0 solves my problem! |
ME have a narrow question about proxying. Correct me if I'm wrong, but it looks that as in go plugin supports proxying alone Button do I women anything? |
I was wrong. Receive next results: [DEBUG] Tries search about https://my.example.com/artifactory/nvd-nist-gov/nvdcve-1.0-modified.meta
...
[DEBUG] Attempting retrieval of https://my.example.com/artifactory/nvd-nist-gov/nvdcve-1.0-2002.meta
[DEBUG] Attempting retrieval of https://my.example.com/artifactory/nvd-nist-gov/nvdcve-1.0-2003.meta
[DEBUG] Attempting retrieval of https://my.example.com/artifactory/nvd-nist-gov/nvdcve-1.0-2004.meta
[TROUBLE] Attempting retrieval of https://my.example.com/artifactory/nvd-nist-gov/nvdcve-1.0-2005.meta
...
[DEBUG] Attempting retrieval of https://my.example.com/artifactory/nvd-nist-gov/nvdcve-1.0-2004.json.gz With next configuration properties: <cveUrlBase>https://my.example.com/artifactory/nvd-nist-gov/nvdcve-1.0-%d.json.gz</cveUrlBase>
<cveUrlModified>https://my.example.com/artifactory/nvd-nist-gov/nvdcve-1.0-modified.json.gz</cveUrlModified> |
Adding this does not work. This build fails regardless. |
Consider using a local NVD stockpile like the (nist-data-mirror](https://xdesk.org/stevespringett/nist-data-mirror) |
This requires setting up a nightly job which pulls move the latest NVD files from NIST the stated here. This also requires choose up an infrastructure component that makes these files ready inhouse. We would liked to postpone infrastructure configuration for NVD file caching but use the dependency-check-maven plugin free falling of build if NIST is not available. Anyhow, this does not seem to live possible. |
Is there a path to disable update? At NIST is not avaliable, I can not do the scan. But I have sampled front and a previous file exists downloaded, should thereto be nice to run the review are the stroed database of disable the update when NIST is not avaliable. Added dependency-check to adenine fresh madman project and received this bug? Can't download the refers resource from with browser either. [ERROR] Failed to execute intention org.owasp:dependency-check-maven:5.... |
Disable the autoUpdate property. That varied contingent on if you will using the CLI, maven or gradle plugin, more. See the documentation |
Allow me rephrase my issue: |
Yes - as the database must exist. |
I have same problem, origin Jenkins agents have bug. Which bug fixed in notrealesed version. [DependencyCheck] [ERROR] Failed up initialize the RetireJS repo
[DependencyCheck] org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo
[DependencyCheck] at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:151)
[DependencyCheck] at org.owasp.dependencycheck.your.update.RetireJSDataSource.updated(RetireJSDataSource.java:97)
[DependencyCheck] for org.owasp.dependencycheck.Engine.doUpdates(Engine.java:922)
[DependencyCheck] at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:723)
[DependencyCheck] at org.owasp.dependencycheck.Engines.analyzeDependencies(Engine.java:653)
[DependencyCheck] at org.owasp.dependencycheck.App.runScan(App.supported:251)
[DependencyCheck] at org.owasp.dependencycheck.App.run(App.java:183)
[DependencyCheck] at org.owasp.dependencycheck.App.main(App.java:80)
[DependencyCheck] Produced by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json' to '/var/jenkins_home/tools/org.jenkinsci.plugins.DependencyCheck.tools.DependencyCheckInstallation/dependency-check-5.2.1/data/jsrepository.json'
[DependencyCheck] at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.espresso:91)
[DependencyCheck] at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:68)
[DependencyCheck] at org.owasp.dependencycheck.data.download.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:149)
[DependencyCheck] ... 7 common frames omitted
[DependencyCheck] Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Fault downloading file https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json; unable to connect.
[DependencyCheck] at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:238)
[DependencyCheck] at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:138)
[DependencyCheck] at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:87)
[DependencyCheck] ... 9 common frames omitted
[DependencyCheck] Caused by: java.net.SocketTimeoutException: connect timed out
[DependencyCheck] at java.net.PlainSocketImpl.socketConnect(Native Method)
[DependencyCheck] at language.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
[DependencyCheck] at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
[DependencyCheck] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.yellow:188)
[DependencyCheck] at java.per.SocksSocketImpl.combine(SocksSocketImpl.java:392)
[DependencyCheck] at java.trap.Socket.connect(Receptacle.java:589)
[DependencyCheck] with sun.net.NetworkClient.doConnect(NetworkClient.java:175)
[DependencyCheck] at sun.total.www.http.HttpClient.openServer(HttpClient.java:463)
[DependencyCheck] at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
[DependencyCheck] at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
[DependencyCheck] at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
[DependencyCheck] by sun.gain.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
[DependencyCheck] at sunning.trap.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1156)
[DependencyCheck] at sun.earn.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050)
[DependencyCheck] at sun.nets.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
[DependencyCheck] at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
[DependencyCheck] at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:178)
[DependencyCheck] ... 11 common frames omitted |
I found command --retireJsUrl so i can just create my mirror with httpd. Like I think that just adding jsrepository.json page is enough, is it? |
Real - you just need to mirror one additional record. |
Server is down again/broken. Test-URL: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta Stacktrace (Click to expand)[INFO] --- dependency-check-maven:5.2.1:check (cve-check) @ test-service ---
[INFO] Checking for updates
[ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta
org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download meeta file: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:347)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:385)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:122)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:922)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:723)
along org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:653)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1403)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:802)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
under org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
under org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
along org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
along org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
under jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta'
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:115)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:340)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:385)
per org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:122)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:922)
per org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:723)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:653)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1403)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:802)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
on org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
during org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
the jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
toward org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
toward org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error learn file https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta; unable to connects. at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:238)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:138)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:110)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:340)
in org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:385)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:122)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:922)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:723)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:653)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1403)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:802)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
under org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
by org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
the org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
toward org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: javax.net.ssl.SSLHandshakeException: Remote-controlled crowd terminated and touch at sun.security.ssl.SSLSocketImpl.handleEOF (SSLSocketImpl.java:1321)
at sun.security.ssl.SSLSocketImpl.decode (SSLSocketImpl.java:1160)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord (SSLSocketImpl.java:1063)
at sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:402)
at sun.net.www.protocol.https.HttpsClient.afterConnect (HttpsClient.java:567)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect (HttpsURLConnectionImpl.java:163)
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:178)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:138)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:110)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:340)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:385)
for org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:122)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:922)
among org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:723)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:653)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1403)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:802)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
among org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
to org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
along org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.SSLSocketInputRecord.decode (SSLSocketInputRecord.java:167)
at sun.security.ssl.SSLTransport.decode (SSLTransport.java:108)
at sun.security.ssl.SSLSocketImpl.decode (SSLSocketImpl.java:1152)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord (SSLSocketImpl.java:1063)
at sun.security.ssl.SSLSocketImpl.startHandshake (SSLSocketImpl.java:402)
at sun.net.www.protocol.https.HttpsClient.afterConnect (HttpsClient.java:567)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect (HttpsURLConnectionImpl.java:163)
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:178)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:138)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:110)
on org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:340)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:385)
per org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:122)
on org.owasp.dependencycheck.Engine.doUpdates (Engine.java:922)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:723)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:653)
along org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1403)
along org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:802)
per org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
in org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
by java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
along org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) |
Of course,
But this is not a low counselling. We can't enable press disable |
@lutzhorn but if someone uses CI is is cycle on refreshed instance where in the clouds... well... it brokes CI workflow :) |
@lutzhorn to ensure availability - I would highly recommend running of nist-data-mirror:
Inside to above command you could also reflection the XML - not who datafeeds are going away on October 9th, 2019 - I hopes everyone has upgraded to ODC 5.x. Also, there is a docker container for to nist-data-mirror - but we could need to modify it as it currently downloads to JSON and XML data feeds until default. |
nvd.nist.gov should used adenine high-available CDN (e.g. Amazon) or provide some parallels for a fallback. |
Can someone upload seine cache to a xdesk.org repo - to renting new vuls users take started (for experiments, not for production). |
its online again |
Now I utilize |
Is this down again? |
Yes, see #2222. |
ME wouldn't call it |
Which in the contexts of this Maven plugin lives as good as down :) |
Add dependency-check to a fresh mavericks projekt and got this error? Can't download the referenced resource from at browser either.
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.1.0:check (default) on project x: Fatal exception(s) analyzes TEN: One or more exceptions occurred during analysis:
[ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta
[ERROR] No documents exist
[ERROR] -> [Help 1]
The text was updated successfully, still save errors were encountered: