OsvDownloadTask for the GIT ecosystem is erroring out folllowing in the logs.
“2024-06-09 20:47:47,873 INFO [OsvDownloadTask] Updating datasource with Google OSV advisories for ecosystem GIT
2024-06-09 20:48:07,444 ERROR [OsvDownloadTask] Exception while executing Http client request
java.lang.IndexOutOfBoundsException: Index 0 out of bounds for length 0
at java.base/jdk.internal.util.Preconditions.outOfBounds(Unknown Source)
at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Unknown Source)
at java.base/jdk.internal.util.Preconditions.checkIndex(Unknown Source)
at java.base/java.util.Objects.checkIndex(Unknown Source)
at java.base/java.util.ArrayList.get(Unknown Source)
at org.dependencytrack.tasks.OsvDownloadTask.calculateOSVSeverity(OsvDownloadTask.java:300)
at org.dependencytrack.tasks.OsvDownloadTask.mapAdvisoryToVulnerability(OsvDownloadTask.java:259)
at org.dependencytrack.tasks.OsvDownloadTask.updateDatasource(OsvDownloadTask.java:164)
at org.dependencytrack.tasks.OsvDownloadTask.unzipFolder(OsvDownloadTask.java:151)
at org.dependencytrack.tasks.OsvDownloadTask.inform(OsvDownloadTask.java:121)
at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)”
Steps to Reproduce
Enable OSV mirroring with the Git ecosystem.
Check the OSV mirroring logs.
Expected Behavior
OsvDownloadTask successfully completed the download.
Current Behavior
OsvDownloadTask for the GIT ecosystem is erroring out folllowing in the logs.
“2024-06-09 20:47:47,873 INFO [OsvDownloadTask] Updating datasource with Google OSV advisories for ecosystem GIT 2024-06-09 20:48:07,444 ERROR [OsvDownloadTask] Exception while executing Http client request java.lang.IndexOutOfBoundsException: Index 0 out of bounds for length 0 at java.base/jdk.internal.util.Preconditions.outOfBounds(Unknown Source) at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Unknown Source) at java.base/jdk.internal.util.Preconditions.checkIndex(Unknown Source) at java.base/java.util.Objects.checkIndex(Unknown Source) at java.base/java.util.ArrayList.get(Unknown Source) at org.dependencytrack.tasks.OsvDownloadTask.calculateOSVSeverity(OsvDownloadTask.java:300) at org.dependencytrack.tasks.OsvDownloadTask.mapAdvisoryToVulnerability(OsvDownloadTask.java:259) at org.dependencytrack.tasks.OsvDownloadTask.updateDatasource(OsvDownloadTask.java:164) at org.dependencytrack.tasks.OsvDownloadTask.unzipFolder(OsvDownloadTask.java:151) at org.dependencytrack.tasks.OsvDownloadTask.inform(OsvDownloadTask.java:121) at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source)”
Steps to Reproduce
Expected Behavior
OsvDownloadTask successfully completed the download.
Dependency-Track Version
4.11.3
Dependency-Track Distribution
Container Image
Database Server
H2
Database Server Version
No response
Browser
Google Chrome
Checklist