Dependency check analyze is stuck at 0 percent, gives no error

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://owasp.org/www-project-dependency-check/

Apache License 2.0

6.32k stars 1.26k forks source link

Dependency check analyze is stuck at 0 percent, gives no error #4740

Closed RaviFis1 closed 1 year ago

RaviFis1 commented 2 years ago

When running ./gradlew dependencyCheckAnalyze, nothing is happening, no error, no progress

BillyBolton commented 2 years ago

Same issue here.

<-------------> 0% EXECUTING [12m 4s]
> :internalAPI:dependencyCheckAnalyze

I solved it by updating to the most current plugin version: https://plugins.gradle.org/plugin/org.owasp.dependencycheck

mhoennig commented 2 years ago

We have version 'org.owasp:dependency-check-maven:7.1.1' running. It worked up until we added these dependencies to our project:

    plugin: id 'io.openapiprocessor.openapi-processor' version '2022.2'
    implementation 'org.openapitools:jackson-databind-nullable:0.2.3'
    implementation 'org.modelmapper:modelmapper:3.1.0'
    testImplementation 'io.rest-assured:spring-mock-mvc'

Now it gets stuck at 17%:

> Task :dependencyCheckAnalyze
Verifying dependencies for project hsadmin-ng
Checking for updates and analyzing dependencies for vulnerabilities
<==-----------> 17% EXECUTING [1m 13s]
> :dependencyCheckAnalyze

Purging the database did not help.

mhoennig commented 2 years ago

Today it's working like a charm - without any change. Maybe it got stuck fetching some resource? In that case it would be a good idea to have shorter timeouts and stop fetching with a clear error message.

aikebah commented 1 year ago

Likely the build was stuck on a stale writelock and would've errorred out after 40 minutes. See also #4910