Looks like macos-latest executions are quite unstable

TWiStErRob commented 1 year ago

Describe the bug Recently the checks are failing on almost every execution.

Version of dependency-check used The problem occurs using version X.X.X of the ____ (cli, gradle plugin, maven plugin, etc.)

Log file

https://github.com/detekt/sarif4k/actions/runs/3697519065/jobs/6262611933

java.nio.channels.ClosedChannelException Click for full stack trace.

``` 18:10:44.4531680Z ##[group]Run ./gradlew dependencyCheckAnalyze 18:10:44.4532210Z [36;1m./gradlew dependencyCheckAnalyze[0m 18:10:44.4962230Z shell: /bin/bash -e {0} 18:10:44.4962590Z ##[endgroup] 18:10:46.0662180Z 18:10:46.0687400Z > Configure project : 18:10:46.0688390Z Signing Disabled as the PGP key was not found 18:10:48.2569900Z 18:10:48.2578390Z > Task :dependencyCheckAnalyze 18:10:48.2579920Z Verifying dependencies for project sarif4k 18:10:51.7990970Z Checking for updates and analyzing dependencies for vulnerabilities 18:14:26.9920190Z 18:14:26.9923700Z Download Failed for NVD CVE - 2019 18:14:26.9930570Z Some CVEs may not be reported. Reason: Download failed, unable to copy 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2019.json.gz' to '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/dctemp74090d11-65e8-4ad6-8b09-bdd55bef94ad/cve2019_5379886432197793257.json.gz'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2019.json.gz; unable to connect. 18:14:26.9932140Z If you are behind a proxy you may need to configure dependency-check to use the proxy. 18:14:35.1394050Z Error downloading NVD CVE - 2019 Reason: Unable to download NVD CVE 2019 18:14:50.5934240Z 18:14:50.5937410Z The execution of the download was interrupted 18:14:50.5940280Z > Task :dependencyCheckAnalyze 18:14:50.5955520Z org.owasp.dependencycheck.data.update.exception.UpdateException: The execution of the download was interrupted 18:14:50.6048670Z at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:297) 18:14:50.6049860Z at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:136) 18:14:50.6050800Z at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:900) 18:14:50.6052570Z at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:705) 18:14:50.6053560Z at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:631) 18:14:50.6054500Z at org.owasp.dependencycheck.Engine$analyzeDependencies$0.call(Unknown Source) 18:14:50.6055460Z at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47) 18:14:50.6056600Z at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125) 18:14:50.6057770Z at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:130) 18:14:50.6058860Z at org.owasp.dependencycheck.gradle.tasks.AbstractAnalyze.analyze(AbstractAnalyze.groovy:90) 18:14:50.6060140Z at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 18:14:50.6061060Z at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 18:14:50.6062310Z at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 18:14:50.6063410Z at java.lang.reflect.Method.invoke(Method.java:498) 18:14:50.6076930Z at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:125) 18:14:50.6078070Z at org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58) 18:14:50.6079510Z at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:51) 18:14:50.6082160Z at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:29) 18:14:50.6083260Z at org.gradle.api.internal.tasks.execution.TaskExecution$3.run(TaskExecution.java:236) 18:14:50.6084010Z at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29) 18:14:50.6086060Z at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26) 18:14:50.6086850Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 18:14:50.6087510Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 18:14:50.6088580Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 18:14:50.6089290Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 18:14:50.6090260Z at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:47) 18:14:50.6090950Z at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:68) 18:14:50.6091850Z at org.gradle.api.internal.tasks.execution.TaskExecution.executeAction(TaskExecution.java:221) 18:14:50.6092650Z at org.gradle.api.internal.tasks.execution.TaskExecution.executeActions(TaskExecution.java:204) 18:14:50.6093470Z at org.gradle.api.internal.tasks.execution.TaskExecution.executeWithPreviousOutputFiles(TaskExecution.java:187) 18:14:50.6094160Z at org.gradle.api.internal.tasks.execution.TaskExecution.execute(TaskExecution.java:165) 18:14:50.6094830Z at org.gradle.internal.execution.steps.ExecuteStep.executeInternal(ExecuteStep.java:89) 18:14:50.6095410Z at org.gradle.internal.execution.steps.ExecuteStep.access$000(ExecuteStep.java:40) 18:14:50.6095950Z at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:53) 18:14:50.6096440Z at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:50) 18:14:50.6097080Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) 18:14:50.6098150Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) 18:14:50.6099800Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 18:14:50.6100500Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 18:14:50.6101180Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 18:14:50.6102090Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 18:14:50.6102750Z at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) 18:14:50.6103450Z at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) 18:14:50.6104370Z at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:50) 18:14:50.6104970Z at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:40) 18:14:50.6105620Z at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:68) 18:14:50.6106330Z at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:38) 18:14:50.6107040Z at org.gradle.internal.execution.steps.CancelExecutionStep.execute(CancelExecutionStep.java:41) 18:14:50.6107740Z at org.gradle.internal.execution.steps.TimeoutStep.executeWithoutTimeout(TimeoutStep.java:74) 18:14:50.6108850Z at org.gradle.internal.execution.steps.TimeoutStep.execute(TimeoutStep.java:55) 18:14:50.6109730Z at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:51) 18:14:50.6110320Z at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:29) 18:14:50.6111590Z at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.executeDelegateBroadcastingChanges(CaptureStateAfterExecutionStep.java:124) 18:14:50.6113260Z at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:80) 18:14:50.6115510Z at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:58) 18:14:50.6116190Z at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:48) 18:14:50.6116830Z at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:36) 18:14:50.6117540Z at org.gradle.internal.execution.steps.BuildCacheStep.executeWithoutCache(BuildCacheStep.java:181) 18:14:50.6118190Z at org.gradle.internal.execution.steps.BuildCacheStep.lambda$execute$1(BuildCacheStep.java:71) 18:14:50.6118710Z at org.gradle.internal.Either$Right.fold(Either.java:175) 18:14:50.6119210Z at org.gradle.internal.execution.caching.CachingState.fold(CachingState.java:59) 18:14:50.6120050Z at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:69) 18:14:50.6121680Z at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:47) 18:14:50.6122320Z at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:36) 18:14:50.6123010Z at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:25) 18:14:50.6123670Z at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:36) 18:14:50.6124540Z at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:22) 18:14:50.6125180Z at org.gradle.internal.execution.steps.SkipUpToDateStep.executeBecause(SkipUpToDateStep.java:110) 18:14:50.6126420Z at org.gradle.internal.execution.steps.SkipUpToDateStep.lambda$execute$2(SkipUpToDateStep.java:56) 18:14:50.6127330Z at java.util.Optional.orElseGet(Optional.java:267) 18:14:50.6127910Z at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:56) 18:14:50.6128530Z at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:38) 18:14:50.6129140Z at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:73) 18:14:50.6129750Z at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:44) 18:14:50.6130520Z at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:37) 18:14:50.6131960Z at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:27) 18:14:50.6132790Z at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:89) 18:14:50.6133460Z at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:50) 18:14:50.6134100Z at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:102) 18:14:50.6135410Z at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:57) 18:14:50.6136410Z at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:76) 18:14:50.6137220Z at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:50) 18:14:50.6137990Z at org.gradle.internal.execution.steps.SkipEmptyWorkStep.executeWithNoEmptySources(SkipEmptyWorkStep.java:254) 18:14:50.6139130Z at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:91) 18:14:50.6139800Z at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:56) 18:14:50.6140510Z at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:32) 18:14:50.6141560Z at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:21) 18:14:50.6142430Z at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsStartedStep.execute(MarkSnapshottingInputsStartedStep.java:38) 18:14:50.6143250Z at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:43) 18:14:50.6144970Z at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:31) 18:14:50.6145720Z at org.gradle.internal.execution.steps.AssignWorkspaceStep.lambda$execute$0(AssignWorkspaceStep.java:40) 18:14:50.6146390Z at org.gradle.api.internal.tasks.execution.TaskExecution$4.withWorkspace(TaskExecution.java:281) 18:14:50.6147030Z at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:40) 18:14:50.6147640Z at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:30) 18:14:50.6148250Z at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:37) 18:14:50.6149430Z at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:27) 18:14:50.6150290Z at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:44) 18:14:50.6150870Z at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:33) 18:14:50.6151440Z at org.gradle.internal.execution.impl.DefaultExecutionEngine$1.execute(DefaultExecutionEngine.java:76) 18:14:50.6153120Z at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:139) 18:14:50.6154870Z at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:128) 18:14:50.6155700Z at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:77) 18:14:50.6156490Z at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46) 18:14:50.6157950Z at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:51) 18:14:50.6158940Z at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57) 18:14:50.6160330Z at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:57) 18:14:50.6161200Z at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36) 18:14:50.6162010Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77) 18:14:50.6162710Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55) 18:14:50.6163380Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52) 18:14:50.6165100Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) 18:14:50.6166870Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) 18:14:50.6167630Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 18:14:50.6168860Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 18:14:50.6169800Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 18:14:50.6170500Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 18:14:50.6171370Z at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) 18:14:50.6172480Z at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) 18:14:50.6173370Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52) 18:14:50.6174030Z at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:69) 18:14:50.6174690Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:322) 18:14:50.6175450Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:309) 18:14:50.6176600Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:302) 18:14:50.6177590Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:288) 18:14:50.6178290Z at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:462) 18:14:50.6179230Z at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:379) 18:14:50.6179870Z at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64) 18:14:50.6180450Z at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:49) 18:14:50.6181630Z at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) 18:14:50.6182190Z at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) 18:14:50.6182870Z at java.lang.Thread.run(Thread.java:750) 18:14:50.6183690Z Caused by: java.util.concurrent.ExecutionException: org.owasp.dependencycheck.utils.DownloadFailedException: Unable to download NVD CVE 2019 18:14:50.6184310Z at java.util.concurrent.FutureTask.report(FutureTask.java:122) 18:14:50.6184750Z at java.util.concurrent.FutureTask.get(FutureTask.java:192) 18:14:50.6185270Z at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:287) 18:14:50.6185910Z ... 130 more 18:14:50.6186290Z Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Unable to download NVD CVE 2019 18:14:50.6186870Z at org.owasp.dependencycheck.data.update.nvd.DownloadTask.call(DownloadTask.java:145) 18:14:50.6187410Z at org.owasp.dependencycheck.data.update.nvd.DownloadTask.call(DownloadTask.java:44) 18:14:50.6188050Z at java.util.concurrent.FutureTask.run(FutureTask.java:266) 18:14:50.6188550Z ... 3 more 18:14:50.7989400Z An internal object pool swallowed an Exception. 18:14:50.8003510Z org.h2.jdbc.JdbcSQLNonTransientException: General error: "General error: ""org.h2.mvstore.MVStoreException: Reading from file sun.nio.ch.FileChannelImpl@504c2e0 failed at 190804508 (length -1), read 0, remaining 12288 [2.1.214/1]"" [50000-214]" [50000-214] 18:14:50.8005190Z at org.h2.message.DbException.getJdbcSQLException(DbException.java:554) 18:14:50.8006550Z at org.h2.message.DbException.getJdbcSQLException(DbException.java:477) 18:14:50.8007520Z at org.h2.message.DbException.get(DbException.java:212) 18:14:50.8009800Z at org.h2.engine.Database.throwLastBackgroundException(Database.java:1782) 18:14:50.8010970Z at org.h2.engine.SessionLocal.close(SessionLocal.java:877) 18:14:50.8012060Z at org.h2.jdbc.JdbcConnection.close(JdbcConnection.java:360) 18:14:50.8012980Z at org.apache.commons.dbcp2.DelegatingConnection.closeInternal(DelegatingConnection.java:176) 18:14:50.8014850Z at org.apache.commons.dbcp2.PoolableConnection.reallyClose(PoolableConnection.java:304) 18:14:50.8015850Z at org.apache.commons.dbcp2.PoolableConnectionFactory.destroyObject(PoolableConnectionFactory.java:151) 18:14:50.8017140Z at org.apache.commons.pool2.impl.GenericObjectPool.destroy(GenericObjectPool.java:605) 18:14:50.8018080Z at org.apache.commons.pool2.impl.GenericObjectPool.clear(GenericObjectPool.java:455) 18:14:50.8018950Z at org.apache.commons.pool2.impl.GenericObjectPool.close(GenericObjectPool.java:489) 18:14:50.8019830Z at org.apache.commons.dbcp2.BasicDataSource.close(BasicDataSource.java:420) 18:14:50.8025900Z at org.owasp.dependencycheck.data.nvdcve.DatabaseManager.close(DatabaseManager.java:546) 18:14:50.8030550Z at org.owasp.dependencycheck.data.nvdcve.CveDB.close(CveDB.java:306) 18:14:50.8031740Z at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:909) 18:14:50.8032680Z at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:705) 18:14:50.8034200Z at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:631) 18:14:50.8055860Z Unable to continue dependency-check analysis. 18:14:50.8056740Z at org.owasp.dependencycheck.Engine$analyzeDependencies$0.call(Unknown Source) 18:14:50.8057720Z at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47) 18:14:50.8059260Z at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125) 18:14:50.8060870Z at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:130) 18:14:50.8061840Z at org.owasp.dependencycheck.gradle.tasks.AbstractAnalyze.analyze(AbstractAnalyze.groovy:90) 18:14:50.8062940Z at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 18:14:50.8063720Z at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 18:14:50.8065500Z at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 18:14:50.8066080Z at java.lang.reflect.Method.invoke(Method.java:498) 18:14:50.8066500Z at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:125) 18:14:50.8068070Z at org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58) 18:14:50.8068850Z at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:51) 18:14:50.8069570Z at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:29) 18:14:50.8070200Z at org.gradle.api.internal.tasks.execution.TaskExecution$3.run(TaskExecution.java:236) 18:14:50.8071210Z at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29) 18:14:50.8071860Z at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26) 18:14:50.8072540Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 18:14:50.8073380Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 18:14:50.8074060Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 18:14:50.8075640Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 18:14:50.8076630Z at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:47) 18:14:50.8077350Z at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:68) 18:14:50.8078210Z at org.gradle.api.internal.tasks.execution.TaskExecution.executeAction(TaskExecution.java:221) 18:14:50.8079870Z at org.gradle.api.internal.tasks.execution.TaskExecution.executeActions(TaskExecution.java:204) 18:14:50.8080600Z at org.gradle.api.internal.tasks.execution.TaskExecution.executeWithPreviousOutputFiles(TaskExecution.java:187) 18:14:50.8081290Z at org.gradle.api.internal.tasks.execution.TaskExecution.execute(TaskExecution.java:165) 18:14:50.8081850Z at org.gradle.internal.execution.steps.ExecuteStep.executeInternal(ExecuteStep.java:89) 18:14:50.8082390Z at org.gradle.internal.execution.steps.ExecuteStep.access$000(ExecuteStep.java:40) 18:14:50.8083360Z at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:53) 18:14:50.8083930Z at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:50) 18:14:50.8085040Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) 18:14:50.8085860Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) 18:14:50.8087290Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 18:14:50.8088240Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 18:14:50.8089440Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 18:14:50.8090660Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 18:14:50.8091550Z at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) 18:14:50.8093640Z at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) 18:14:50.8094620Z at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:50) 18:14:50.8095350Z at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:40) 18:14:50.8095940Z at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:68) 18:14:50.8096880Z at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:38) 18:14:50.8097490Z at org.gradle.internal.execution.steps.CancelExecutionStep.execute(CancelExecutionStep.java:41) 18:14:50.8098250Z at org.gradle.internal.execution.steps.TimeoutStep.executeWithoutTimeout(TimeoutStep.java:74) 18:14:50.8098970Z at org.gradle.internal.execution.steps.TimeoutStep.execute(TimeoutStep.java:55) 18:14:50.8099500Z at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:51) 18:14:50.8100060Z at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:29) 18:14:50.8101390Z at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.executeDelegateBroadcastingChanges(CaptureStateAfterExecutionStep.java:124) 18:14:50.8103790Z at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:80) 18:14:50.8104510Z at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:58) 18:14:50.8105870Z at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:48) 18:14:50.8106670Z at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:36) 18:14:50.8107340Z at org.gradle.internal.execution.steps.BuildCacheStep.executeWithoutCache(BuildCacheStep.java:181) 18:14:50.8107920Z at org.gradle.internal.execution.steps.BuildCacheStep.lambda$execute$1(BuildCacheStep.java:71) 18:14:50.8108370Z at org.gradle.internal.Either$Right.fold(Either.java:175) 18:14:50.8108790Z at org.gradle.internal.execution.caching.CachingState.fold(CachingState.java:59) 18:14:50.8111080Z at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:69) 18:14:50.8111660Z at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:47) 18:14:50.8112240Z at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:36) 18:14:50.8112880Z at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:25) 18:14:50.8113630Z at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:36) 18:14:50.8114200Z at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:22) 18:14:50.8114770Z at org.gradle.internal.execution.steps.SkipUpToDateStep.executeBecause(SkipUpToDateStep.java:110) 18:14:50.8115350Z at org.gradle.internal.execution.steps.SkipUpToDateStep.lambda$execute$2(SkipUpToDateStep.java:56) 18:14:50.8115810Z at java.util.Optional.orElseGet(Optional.java:267) 18:14:50.8116260Z at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:56) 18:14:50.8116930Z at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:38) 18:14:50.8117600Z at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:73) 18:14:50.8118670Z at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:44) 18:14:50.8119650Z at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:37) 18:14:50.8121460Z at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:27) 18:14:50.8122220Z at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:89) 18:14:50.8122850Z at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:50) 18:14:50.8123420Z at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:102) 18:14:50.8124080Z at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:57) 18:14:50.8124710Z at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:76) 18:14:50.8125570Z at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:50) 18:14:50.8126620Z at org.gradle.internal.execution.steps.SkipEmptyWorkStep.executeWithNoEmptySources(SkipEmptyWorkStep.java:254) 18:14:50.8127300Z at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:91) 18:14:50.8127940Z at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:56) 18:14:50.8128640Z at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:32) 18:14:50.8129410Z at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:21) 18:14:50.8130630Z at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsStartedStep.execute(MarkSnapshottingInputsStartedStep.java:38) 18:14:50.8131460Z at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:43) 18:14:50.8132180Z at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:31) 18:14:50.8133290Z at org.gradle.internal.execution.steps.AssignWorkspaceStep.lambda$execute$0(AssignWorkspaceStep.java:40) 18:14:50.8134040Z at org.gradle.api.internal.tasks.execution.TaskExecution$4.withWorkspace(TaskExecution.java:281) 18:14:50.8134610Z at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:40) 18:14:50.8135200Z at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:30) 18:14:50.8135770Z at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:37) 18:14:50.8136540Z at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:27) 18:14:50.8137100Z at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:44) 18:14:50.8137610Z at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:33) 18:14:50.8138150Z at org.gradle.internal.execution.impl.DefaultExecutionEngine$1.execute(DefaultExecutionEngine.java:76) 18:14:50.8138820Z at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:139) 18:14:50.8139550Z at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:128) 18:14:50.8140250Z at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:77) 18:14:50.8140960Z at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46) 18:14:50.8142190Z at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:51) 18:14:50.8142930Z at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57) 18:14:50.8143610Z at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:57) 18:14:50.8144280Z at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36) 18:14:50.8144930Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77) 18:14:50.8145540Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55) 18:14:50.8146140Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52) 18:14:50.8146820Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) 18:14:50.8147540Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) 18:14:50.8148210Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 18:14:50.8148810Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 18:14:50.8149440Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 18:14:50.8150080Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 18:14:50.8151020Z at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) 18:14:50.8151730Z at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) 18:14:50.8152380Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52) 18:14:50.8152970Z at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:69) 18:14:50.8153590Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:322) 18:14:50.8154290Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:309) 18:14:50.8154990Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:302) 18:14:50.8155730Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:288) 18:14:50.8156360Z at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:462) 18:14:50.8156900Z at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:379) 18:14:50.8157450Z at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64) 18:14:50.8157990Z at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:49) 18:14:50.8158490Z at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) 18:14:50.8158980Z at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) 18:14:50.8159440Z at java.lang.Thread.run(Thread.java:750) 18:14:50.8161200Z Caused by: org.h2.message.DbException: General error: "org.h2.mvstore.MVStoreException: Reading from file sun.nio.ch.FileChannelImpl@504c2e0 failed at 190804508 (length -1), read 0, remaining 12288 [2.1.214/1]" [50000-214] 18:14:50.8162390Z at org.h2.message.DbException.get(DbException.java:212) 18:14:50.8162770Z at org.h2.message.DbException.convert(DbException.java:395) 18:14:50.8163140Z at org.h2.mvstore.db.Store.lambda$new$0(Store.java:125) 18:14:50.8163510Z at org.h2.mvstore.MVStore.handleException(MVStore.java:3318) 18:14:50.8164000Z at org.h2.mvstore.MVStore.writeInBackground(MVStore.java:3254) 18:14:50.8164450Z at org.h2.mvstore.MVStore$BackgroundWriterThread.run(MVStore.java:3775) 18:14:50.8165690Z Caused by: org.h2.jdbc.JdbcSQLNonTransientException: General error: "org.h2.mvstore.MVStoreException: Reading from file sun.nio.ch.FileChannelImpl@504c2e0 failed at 190804508 (length -1), read 0, remaining 12288 [2.1.214/1]" [50000-214] 18:14:50.8166420Z at org.h2.message.DbException.getJdbcSQLException(DbException.java:554) 18:14:50.8166880Z at org.h2.message.DbException.getJdbcSQLException(DbException.java:477) 18:14:50.8167210Z ... 6 more 18:14:50.8167830Z Caused by: org.h2.mvstore.MVStoreException: Reading from file sun.nio.ch.FileChannelImpl@504c2e0 failed at 190804508 (length -1), read 0, remaining 12288 [2.1.214/1] 18:14:50.8168330Z at org.h2.mvstore.DataUtils.newMVStoreException(DataUtils.java:1004) 18:14:50.8168720Z at org.h2.mvstore.DataUtils.readFully(DataUtils.java:470) 18:14:50.8169970Z at org.h2.mvstore.FileStore.readFully(FileStore.java:98) 18:14:50.8170380Z at org.h2.mvstore.Chunk.readBufferForPage(Chunk.java:422) 18:14:50.8170750Z at org.h2.mvstore.MVStore.readPage(MVStore.java:2569) 18:14:50.8171090Z at org.h2.mvstore.MVMap.readPage(MVMap.java:633) 18:14:50.8171420Z at org.h2.mvstore.MVMap.rewritePage(MVMap.java:683) 18:14:50.8171790Z at org.h2.mvstore.MVStore.rewriteChunks(MVStore.java:2523) 18:14:50.8172560Z at org.h2.mvstore.MVStore.compactRewrite(MVStore.java:2501) 18:14:50.8173200Z at org.h2.mvstore.MVStore.rewriteChunks(MVStore.java:2340) 18:14:50.8173730Z at org.h2.mvstore.MVStore.writeInBackground(MVStore.java:3242) 18:14:50.8174040Z ... 1 more 18:14:50.8174320Z Caused by: java.nio.channels.ClosedChannelException 18:14:50.8174710Z at sun.nio.ch.FileChannelImpl.ensureOpen(FileChannelImpl.java:110) 18:14:50.8175190Z at sun.nio.ch.FileChannelImpl.read(FileChannelImpl.java:715) 18:14:50.8175570Z at org.h2.mvstore.DataUtils.readFully(DataUtils.java:456) 18:14:50.8175850Z ... 10 more 18:14:50.8176200Z Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. 18:14:51.4674570Z 18:14:51.4681530Z > Task :dependencyCheckAnalyze FAILED 18:14:51.5661040Z 18:14:51.5661420Z 1 actionable task: 1 executed 18:14:51.5661980Z FAILURE: Build failed with an exception. 18:14:51.5662550Z 18:14:51.5662850Z * What went wrong: 18:14:51.5664070Z Execution failed for task ':dependencyCheckAnalyze'. 18:14:51.5664390Z > Analysis failed. 18:14:51.5664520Z 18:14:51.5664610Z * Try: 18:14:51.5664980Z > Run with --stacktrace option to get the stack trace. 18:14:51.5665410Z > Run with --info or --debug option to get more log output. 18:14:51.5666010Z > Run with --scan to get full insights. 18:14:51.5666260Z 18:14:51.5666420Z * Get more help at https://help.gradle.org 18:14:51.5666600Z 18:14:51.5666690Z BUILD FAILED in 4m 6s 18:14:52.4194710Z ##[error]Process completed with exit code 1. ```

https://github.com/detekt/sarif4k/actions/runs/3697517105/jobs/6262607592

org.owasp.dependencycheck.utils.DownloadFailedException: Unable to download NVD CVE 2003 Click for full stack trace.

``` 18:11:14.6369760Z ##[group]Run ./gradlew dependencyCheckAnalyze 18:11:14.6370330Z [36;1m./gradlew dependencyCheckAnalyze[0m 18:11:14.6957310Z shell: /bin/bash -e {0} 18:11:14.6957740Z ##[endgroup] 18:11:16.1865370Z 18:11:16.1945030Z > Configure project : 18:11:16.1953190Z Signing Disabled as the PGP key was not found 18:11:18.3687640Z 18:11:18.3691570Z > Task :dependencyCheckAnalyze 18:11:18.3692610Z Verifying dependencies for project sarif4k 18:11:22.7407740Z Checking for updates and analyzing dependencies for vulnerabilities 18:12:23.8678900Z Download Failed for NVD CVE - 2003 18:12:23.8679140Z 18:12:23.8732100Z Some CVEs may not be reported. Reason: Download failed, unable to copy 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.json.gz' to '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/dctemp9e797433-002d-462e-aa2d-569b0fb2d776/cve2003_4447142566671561600.json.gz'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.json.gz; unable to connect. 18:12:23.8743820Z If you are behind a proxy you may need to configure dependency-check to use the proxy. 18:12:31.9448480Z Error downloading NVD CVE - 2003 Reason: Unable to download NVD CVE 2003 18:12:32.0181050Z Error downloading NVD CVE - 2004 Reason: sleep interrupted 18:12:32.0283260Z The execution of the download was interrupted 18:12:32.0283500Z 18:12:32.0283790Z > Task :dependencyCheckAnalyze 18:12:32.0342780Z org.owasp.dependencycheck.data.update.exception.UpdateException: The execution of the download was interrupted 18:12:32.0344480Z A new version of dependency-check is available. Consider updating to version 7.4.1. 18:12:32.0345550Z at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:297) 18:12:32.0346710Z at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:136) 18:12:32.0348360Z at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:900) 18:12:32.0351170Z at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:705) 18:12:32.0352130Z at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:631) 18:12:32.0354050Z at org.owasp.dependencycheck.Engine$analyzeDependencies$0.call(Unknown Source) 18:12:32.0380420Z at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47) 18:12:32.0388110Z at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125) 18:12:32.0389040Z at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:130) 18:12:32.0406190Z at org.owasp.dependencycheck.gradle.tasks.AbstractAnalyze.analyze(AbstractAnalyze.groovy:90) 18:12:32.0417390Z at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 18:12:32.0418950Z at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 18:12:32.0421380Z at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 18:12:32.0422480Z at java.lang.reflect.Method.invoke(Method.java:498) 18:12:32.0423740Z at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:125) 18:12:32.0424980Z at org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58) 18:12:32.0425990Z at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:51) 18:12:32.0429160Z at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:29) 18:12:32.0431720Z at org.gradle.api.internal.tasks.execution.TaskExecution$3.run(TaskExecution.java:236) 18:12:32.0438170Z at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29) 18:12:32.0439130Z at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26) 18:12:32.0536130Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 18:12:32.0537200Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 18:12:32.0540540Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 18:12:32.0541220Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 18:12:32.0542030Z at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:47) 18:12:32.0542790Z at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:68) 18:12:32.0543380Z at org.gradle.api.internal.tasks.execution.TaskExecution.executeAction(TaskExecution.java:221) 18:12:32.0544050Z at org.gradle.api.internal.tasks.execution.TaskExecution.executeActions(TaskExecution.java:204) 18:12:32.0544720Z at org.gradle.api.internal.tasks.execution.TaskExecution.executeWithPreviousOutputFiles(TaskExecution.java:187) 18:12:32.0545410Z at org.gradle.api.internal.tasks.execution.TaskExecution.execute(TaskExecution.java:165) 18:12:32.0546020Z at org.gradle.internal.execution.steps.ExecuteStep.executeInternal(ExecuteStep.java:89) 18:12:32.0546640Z at org.gradle.internal.execution.steps.ExecuteStep.access$000(ExecuteStep.java:40) 18:12:32.0547320Z at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:53) 18:12:32.0547900Z at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:50) 18:12:32.0548590Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) 18:12:32.0549750Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) 18:12:32.0550550Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 18:12:32.0552140Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 18:12:32.0552880Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 18:12:32.0553650Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 18:12:32.0554330Z at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) 18:12:32.0555150Z at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) 18:12:32.0555740Z at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:50) 18:12:32.0556250Z at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:40) 18:12:32.0556830Z at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:68) 18:12:32.0557490Z at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:38) 18:12:32.0558130Z at org.gradle.internal.execution.steps.CancelExecutionStep.execute(CancelExecutionStep.java:41) 18:12:32.0558750Z at org.gradle.internal.execution.steps.TimeoutStep.executeWithoutTimeout(TimeoutStep.java:74) 18:12:32.0559280Z at org.gradle.internal.execution.steps.TimeoutStep.execute(TimeoutStep.java:55) 18:12:32.0560300Z at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:51) 18:12:32.0560970Z at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:29) 18:12:32.0561760Z at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.executeDelegateBroadcastingChanges(CaptureStateAfterExecutionStep.java:124) 18:12:32.0562640Z at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:80) 18:12:32.0563370Z at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:58) 18:12:32.0564010Z at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:48) 18:12:32.0564600Z at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:36) 18:12:32.0565190Z at org.gradle.internal.execution.steps.BuildCacheStep.executeWithoutCache(BuildCacheStep.java:181) 18:12:32.0565820Z at org.gradle.internal.execution.steps.BuildCacheStep.lambda$execute$1(BuildCacheStep.java:71) 18:12:32.0566300Z at org.gradle.internal.Either$Right.fold(Either.java:175) 18:12:32.0567200Z at org.gradle.internal.execution.caching.CachingState.fold(CachingState.java:59) 18:12:32.0567680Z at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:69) 18:12:32.0568180Z at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:47) 18:12:32.0568760Z at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:36) 18:12:32.0569500Z at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:25) 18:12:32.0570150Z at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:36) 18:12:32.0570750Z at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:22) 18:12:32.0571360Z at org.gradle.internal.execution.steps.SkipUpToDateStep.executeBecause(SkipUpToDateStep.java:110) 18:12:32.0571980Z at org.gradle.internal.execution.steps.SkipUpToDateStep.lambda$execute$2(SkipUpToDateStep.java:56) 18:12:32.0572470Z at java.util.Optional.orElseGet(Optional.java:267) 18:12:32.0573360Z at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:56) 18:12:32.0573940Z at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:38) 18:12:32.0574580Z at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:73) 18:12:32.0575210Z at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:44) 18:12:32.0575950Z at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:37) 18:12:32.0576930Z at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:27) 18:12:32.0577720Z at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:89) 18:12:32.0578340Z at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:50) 18:12:32.0578940Z at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:102) 18:12:32.0579470Z at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:57) 18:12:32.0580130Z at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:76) 18:12:32.0580880Z at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:50) 18:12:32.0581960Z at org.gradle.internal.execution.steps.SkipEmptyWorkStep.executeWithNoEmptySources(SkipEmptyWorkStep.java:254) 18:12:32.0582670Z at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:91) 18:12:32.0583230Z at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:56) 18:12:32.0583920Z at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:32) 18:12:32.0584720Z at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:21) 18:12:32.0585530Z at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsStartedStep.execute(MarkSnapshottingInputsStartedStep.java:38) 18:12:32.0586330Z at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:43) 18:12:32.0587090Z at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:31) 18:12:32.0587780Z at org.gradle.internal.execution.steps.AssignWorkspaceStep.lambda$execute$0(AssignWorkspaceStep.java:40) 18:12:32.0588340Z at org.gradle.api.internal.tasks.execution.TaskExecution$4.withWorkspace(TaskExecution.java:281) 18:12:32.0589280Z at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:40) 18:12:32.0589930Z at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:30) 18:12:32.0590560Z at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:37) 18:12:32.0591150Z at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:27) 18:12:32.0591710Z at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:44) 18:12:32.0592250Z at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:33) 18:12:32.0592900Z at org.gradle.internal.execution.impl.DefaultExecutionEngine$1.execute(DefaultExecutionEngine.java:76) 18:12:32.0593640Z at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:139) 18:12:32.0594400Z at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:128) 18:12:32.0595670Z at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:77) 18:12:32.0596430Z at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46) 18:12:32.0597320Z at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:51) 18:12:32.0598340Z at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57) 18:12:32.0599050Z at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:57) 18:12:32.0599760Z at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36) 18:12:32.0600720Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77) 18:12:32.0601390Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55) 18:12:32.0602020Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52) 18:12:32.0602720Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) 18:12:32.0603860Z at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) 18:12:32.0604650Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) 18:12:32.0605260Z at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) 18:12:32.0606410Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) 18:12:32.0607120Z at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) 18:12:32.0607800Z at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) 18:12:32.0608480Z at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) 18:12:32.0609160Z at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52) 18:12:32.0609790Z at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:69) 18:12:32.0610420Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:322) 18:12:32.0611130Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:309) 18:12:32.0611870Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:302) 18:12:32.0612630Z at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:288) 18:12:32.0613540Z at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:462) 18:12:32.0614130Z at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:379) 18:12:32.0614710Z at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64) 18:12:32.0615660Z at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:49) 18:12:32.0616520Z at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) 18:12:32.0617510Z at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) 18:12:32.0617890Z at java.lang.Thread.run(Thread.java:750) 18:12:32.0618390Z Caused by: java.util.concurrent.ExecutionException: org.owasp.dependencycheck.utils.DownloadFailedException: Unable to download NVD CVE 2003 18:12:32.0618970Z at java.util.concurrent.FutureTask.report(FutureTask.java:122) 18:12:32.0619370Z at java.util.concurrent.FutureTask.get(FutureTask.java:192) 18:12:32.0619900Z at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:287) 18:12:32.0620330Z ... 130 more 18:12:32.0620790Z Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Unable to download NVD CVE 2003 18:12:32.0621370Z at org.owasp.dependencycheck.data.update.nvd.DownloadTask.call(DownloadTask.java:145) 18:12:32.0621940Z at org.owasp.dependencycheck.data.update.nvd.DownloadTask.call(DownloadTask.java:44) 18:12:32.0622440Z at java.util.concurrent.FutureTask.run(FutureTask.java:266) 18:12:32.0622740Z ... 3 more 18:12:42.4898310Z Unable to continue dependency-check analysis. 18:12:42.4898860Z Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. 18:12:42.9896030Z 18:12:42.9898720Z > Task :dependencyCheckAnalyze FAILED 18:12:43.0185490Z 18:12:43.0186560Z FAILURE: Build failed with an exception. 18:12:43.0201470Z 1 actionable task: 1 executed 18:12:43.0210300Z 18:12:43.0210750Z * What went wrong: 18:12:43.0211410Z Execution failed for task ':dependencyCheckAnalyze'. 18:12:43.0211740Z > Analysis failed. 18:12:43.0211890Z 18:12:43.0212000Z * Try: 18:12:43.0212440Z > Run with --stacktrace option to get the stack trace. 18:12:43.0213330Z > Run with --info or --debug option to get more log output. 18:12:43.0213800Z > Run with --scan to get full insights. 18:12:43.0214000Z 18:12:43.0214180Z * Get more help at https://help.gradle.org 18:12:43.0214360Z 18:12:43.0214470Z BUILD FAILED in 1m 28s 18:12:43.8166160Z ##[error]Process completed with exit code 1. ```

To Reproduce Steps to reproduce the behavior: Not Sure. Have a look at the last two weeks worth of executions: https://github.com/detekt/sarif4k/actions

All of these reds are because of dependency-check and an exception similar to the above. The first error is 28 November.

Expected behavior "Just works".

Additional context We recently enabled renovate on this repo, but I think that just creates more executions rather than actually causing the problem. Also linux is fine in parallel to mac runs.

jeremylong commented 1 year ago

Likely due to rate limiting by the NVD. Are you keeping the data directory between scans or just spinning up a brand new instance for every scan and letting it download the data from the NVD?

TWiStErRob commented 1 year ago

It's standard GitHub Actions setup. https://github.com/detekt/sarif4k/actions/runs/3697519065/workflow, we do use cache for Gradle files, where is data/cache folder for Gradle Plugin? Can we relocate it? We could add it to the cached files.

aikebah commented 1 year ago

You can relocate it with the data directory (see advanced configuration section) which is nowadays a bit under-documented as it holds the caches in addition to the CVE database itself.

Default location is ${project.gradle.gradleUserHomeDir}/dependency-check-data/7.0

TWiStErRob commented 1 year ago

FYI proposed fix/workaround? is this: https://github.com/detekt/sarif4k/pull/42/files#diff-942e950fc6bf4ce38c6c68322852fddba8b34bde39b2229601a76ab0719eb5daR34-R44

jeremylong commented 1 year ago

That is the recommended solution - ensure you are caching the data between executions. I know we are likely lacking documentation on this...

TWiStErRob commented 1 year ago

@jeremylong if you changed the default folder to gradleUserHomeDir/caches/dependency-check-data, then a lot more users would be caching it by default: https://github.com/gradle/gradle-build-action/blob/main/action.yml#L30 cc @cortinico

In an ideal world we wouldn't be hard-coding paths but using Gradle's dependency resolution APIs to put the in the right folders of Gradle caches. For example define a custom Ivy repository based on the NVD URL, with a custom layout pattern, without metadata. Then request the files with normal dependencies like: cve("NVD:202301") (these can be dynamically calculated. Then the task that needs these can resolve the cve configuration (which will download the files). Also artifact transforms can be used to extract the zips, so all of these files would be individually cached and handled by Gradle, giving users very default behaviour wrt to cache.

jeremylong commented 1 year ago

The mechanism that downloads the NVD files and creates the H2 database that ends up in the data directory is used across multiple integrations - so it would not be easy to introduce a custom Ivy repository, etc. However, updating the default data directory isn't hard. The current data directory is defined here:

https://github.com/dependency-check/dependency-check-gradle/blob/acc1f153f714166daadc5aef9a192051b7ecfc75/src/main/groovy/org/owasp/dependencycheck/gradle/extension/DataExtension.groovy#L30

directory = "${project.gradle.gradleUserHomeDir}/dependency-check-data/7.0"

your suggestion would be:

directory = "${project.gradle.gradleUserHomeDir}/caches/dependency-check-data/7.0"

Correct?

TWiStErRob commented 1 year ago

data directory is used across multiple integrations - so it would not be easy to introduce a custom Ivy repository, etc.

Oh, I see, so that's done in the core of dependencycheck, and Gradle plugin is just calling it? But how other integrations (e.g. Maven) know about Gradle User Home?

However, updating the default data directory isn't hard.

Yep, that's what I meant. It's easy to change, but might need at least a minor change with a release note, because people might be already caching the old location:

https://github.com/search?q=dependency-check-data+language%3AYAML&type=code&l=YAML

That said new users wouldn't have to add that folder at least.

TWiStErRob commented 1 year ago

Hi again, it seems that caching

  uses: actions/cache
  with:
    path: ~/.gradle/dependency-check-data/
    key: dependency-check-${{ hash }}
    restore-keys: dependency-check-

didn't help, we're still getting failures, just different ones:

Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2008.meta; unable to connect. - java.net.SocketTimeoutException: connect timed out

``` > Task :dependencyCheckAnalyze Verifying dependencies for project sarif4k Checking for updates and analyzing dependencies for vulnerabilities Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2008.meta org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2008.meta at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload(NvdCveUpdater.java:410) at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile(NvdCveUpdater.java:355) at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded(NvdCveUpdater.java:501) at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:133) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:[9](https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872#step:7:10)00) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:705) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:631) at org.owasp.dependencycheck.gradle.tasks.AbstractAnalyze.analyze(AbstractAnalyze.groovy:[10](https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872#step:7:11)0) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:125) at org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58) at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:51) at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:29) at org.gradle.api.internal.tasks.execution.TaskExecution$3.run(TaskExecution.java:242) at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29) at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:47) at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:68) at org.gradle.api.internal.tasks.execution.TaskExecution.executeAction(TaskExecution.java:227) at org.gradle.api.internal.tasks.execution.TaskExecution.executeActions(TaskExecution.java:210) at org.gradle.api.internal.tasks.execution.TaskExecution.executeWithPreviousOutputFiles(TaskExecution.java:193) at org.gradle.api.internal.tasks.execution.TaskExecution.execute(TaskExecution.java:166) at org.gradle.internal.execution.steps.ExecuteStep.executeInternal(ExecuteStep.java:93) at org.gradle.internal.execution.steps.ExecuteStep.access$000(ExecuteStep.java:44) at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:57) at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:54) at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:54) at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:44) at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:67) at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:37) at org.gradle.internal.execution.steps.CancelExecutionStep.execute(CancelExecutionStep.java:41) at org.gradle.internal.execution.steps.TimeoutStep.executeWithoutTimeout(TimeoutStep.java:74) at org.gradle.internal.execution.steps.TimeoutStep.execute(TimeoutStep.java:55) at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:50) at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:28) at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.executeDelegateBroadcastingChanges(CaptureStateAfterExecutionStep.java:100) at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:72) at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:50) at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:40) at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:29) at org.gradle.internal.execution.steps.BuildCacheStep.executeWithoutCache(BuildCacheStep.java:166) at org.gradle.internal.execution.steps.BuildCacheStep.lambda$execute$1(BuildCacheStep.java:70) at org.gradle.internal.Either$Right.fold(Either.java:175) at org.gradle.internal.execution.caching.CachingState.fold(CachingState.java:59) at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:68) at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:46) at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:36) at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:25) at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:36) at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:22) at org.gradle.internal.execution.steps.SkipUpToDateStep.executeBecause(SkipUpToDateStep.java:91) at org.gradle.internal.execution.steps.SkipUpToDateStep.lambda$execute$2(SkipUpToDateStep.java:55) at java.util.Optional.orElseGet(Optional.java:267) at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:55) at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:37) at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:65) at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:36) at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:37) at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:27) at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:76) at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:37) at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:94) at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:49) at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:71) at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:45) at org.gradle.internal.execution.steps.SkipEmptyWorkStep.executeWithNonEmptySources(SkipEmptyWorkStep.java:177) at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:81) at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:53) at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:32) at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:21) at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsStartedStep.execute(MarkSnapshottingInputsStartedStep.java:38) at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:36) at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:23) at org.gradle.internal.execution.steps.CleanupStaleOutputsStep.execute(CleanupStaleOutputsStep.java:75) at org.gradle.internal.execution.steps.CleanupStaleOutputsStep.execute(CleanupStaleOutputsStep.java:41) at org.gradle.internal.execution.steps.AssignWorkspaceStep.lambda$execute$0(AssignWorkspaceStep.java:32) at org.gradle.api.internal.tasks.execution.TaskExecution$4.withWorkspace(TaskExecution.java:287) at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:30) at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:21) at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:37) at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:27) at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:42) at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:31) at org.gradle.internal.execution.impl.DefaultExecutionEngine$1.execute(DefaultExecutionEngine.java:64) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:146) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:135) at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46) at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:51) at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57) at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:74) at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36) at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77) at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55) at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52) at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:73) at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52) at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:42) at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:338) at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:325) at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:318) at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:304) at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:463) at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:380) at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64) at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:[11](https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872#step:7:12)49) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:750) Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2008.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2008.meta; unable to connect. at org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:187) at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload(NvdCveUpdater.java:381) ... [12](https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872#step:7:13)9 more Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2008.meta; unable to connect. at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:267) at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:163) at org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:182) ... [13](https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872#step:7:14)0 more Caused by: java.net.SocketTimeoutException: connect timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:607) at sun.net.NetworkClient.doConnect(NetworkClient.java:175) at sun.net.www.http.HttpClient.openServer(HttpClient.java:463) at sun.net.www.http.HttpClient.openServer(HttpClient.java:558) at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:264) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:203) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1[16](https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872#step:7:17)2) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:[18](https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872#step:7:19)9) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167) at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:[20](https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872#step:7:21)6) ... 1[32](https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872#step:7:33) more ```

https://github.com/detekt/sarif4k/actions/runs/4352404129/jobs/7605148872

TWiStErRob commented 1 year ago

Would it be possible to add a single-retry logic, maybe with a 5 second wait?

jeremylong commented 1 year ago

There already is a delayed retry. We likely need to increase the delays on the retry.

jeremylong commented 1 year ago

Just double checked - the delay is already configurable.

https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration-update.html

dependencyCheck {
  cve {
    waitTime=10000
  }
}

jeremylong / DependencyCheck

Looks like macos-latest executions are quite unstable #5147