mastermc0
commented
7 months ago Closed PAKalucki closed 7 months ago
mastermc0
commented
7 months ago mastermc0
commented
7 months ago You can add dependencyCheckVersion: 8.4.3 to work around this until the NVD API is working as expected. Just make sure to remove the additionalArguments with your API key. See below.
Please note though that this will only work as long as the JSON feeds are up which are due to be retired on the 15th December.
# Latest Dependency Check CLI Doesn't Work due to NVD API Issues
# - task: dependency-check-build-task@6
# inputs:
# projectName: 'Test'
# scanPath: '**'
# format: 'HTML'
# additionalArguments: '--nvdApiKey ********-****-****-****-************'
# displayName: Get OWASP Vulnerabilities Files
# Pin to 8.4.3 to workaround this
- task: dependency-check-build-task@6
inputs:
dependencyCheckVersion: 8.4.3
projectName: 'Test'
scanPath: '**'
format: 'HTML'
displayName: Get OWASP Vulnerabilities Files 
venkatest
commented
7 months ago Did any one test it in new version 9.0.1 [ reference : https://github.com/jeremylong/DependencyCheck/issues/6107] ? I am getting below error [WARN] NVD API request failures are occurring; retrying request for the 5 time [INFO] NVD API has 171,546 records in this update [WARN] NVD API request failures are occurring; retrying request for the 5 time [WARN] NVD API request failures are occurring; retrying request for the 5 time [WARN] NVD API request failures are occurring; retrying request for the 5 time [WARN] NVD API request failures are occurring; retrying request for the 5 time [WARN] NVD API request failures are occurring; retrying request for the 6 time [WARN] NVD API request failures are occurring; retrying request for the 6 time [WARN] NVD API request failures are occurring; retrying request for the 6 time [WARN] NVD API request failures are occurring; retrying request for the 6 time [ERROR] Error updating the NVD Data org.owasp.dependencycheck.data.update.exception.UpdateException: Error updating the NVD Data at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:338) at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:110) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:904) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:709) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:635) at org.owasp.dependencycheck.App.runScan(App.java:261) at org.owasp.dependencycheck.App.run(App.java:193) at org.owasp.dependencycheck.App.main(App.java:88) Caused by: io.github.jeremylong.openvulnerability.client.nvd.NvdApiException: NVD Returned Status Code: 502 at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:346) at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:317) ... 7 common frames omitted
pippolino
commented
7 months ago The issue has been resolved with version 9.0.2 of DependencyCheck. The task automatically use the latest version of the DependencyCheck tool.
From version 9.0.0 of DependencyCheck you need to use --nvdApiKey to indicate the NVD API Key, see https://nvd.nist.gov/developers/request-an-api-key
Azure DevOps OWASP Dependency Check started failing in pipeline with following error:
I'm running on Azure hosted agents.
My pipeline:
Full log: owasp.log