search

ESAPI / esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
https://owasp.org/www-project-enterprise-security-api/
Other
610 stars 368 forks source link

Revert Dependency Check goal from 'purge' to 'check' once NVD API stops returning 503 'Service Unavailable' errors #815

Open kwwall opened 10 months ago

kwwall commented 10 months ago

For the branch 'develop', I intentionally left the pom.xml in a state where the default goal for the Dependency Check plugin is set to 'purge' rather than 'check'. That's just to prevent a lot of frustration for those who try running 'mvn site' or 'mvn install', etc. or anything else that triggers the Dependency Check plugin. For the last 3 or 4 days, it has been returning errors and failing (although usually only after hanging for 10 minutes or so) because eventually the NIST NVD API returns a 503 HTTP status code.

This is just a reminder to fix the pom once NIST NVD seems to have addressed this issue.

kwwall commented 10 months ago

Setting this priority to High because running Dependency Check is one of the things that we request of anyone contributing to ESAPI via the instructions in the file "CONTRIBUTING-TO-ESAPI.txt".