Open jiri-bocan opened 1 year ago
The issue is with Maven Central, there has been an issue since laster Friday, see the status page for more details. It would be good to have timeouts for analysers to tackle scenarios where third-parties have extended periods of downtime.
See other issues.... this will be rooted at the instability of Maven Central search and is influenced by the back-off timeouts triggered by central search failures. Each dependency is attempted 3 times. First retry after a 1500ms delay, second retry after a 3 second delay. So dependency-check is still slowly moving forward with retrying the failing searches on Maven Central.
Describe the bug DependencyChecker gets stuck after "[INFO] Finished Jar Analyzer (1 seconds)", i.e., during running the Central Analyzer, in multiple pipelines. During past 2-3 days, pipeline build times started gradually increasing from couple of minutes to over 1 hr. Since the default Azure pipeline timeout is 60 mins, the pipelines are terminated afterwards.
Version of dependency-check used 7.4.4, 8.0.0
Expected behavior The scan should proceed till the end or should be canceled after certain time of inactivity.
Additional context Here is a log of a build that finished below 1 hr: