jeremylong
commented
1 week ago You likely should use an API Key from the NVD and take a look at https://jeremylong.github.io/DependencyCheck/data/cacheh2.html
Open yahia20456 opened 1 week ago
jeremylong
commented
1 week ago You likely should use an API Key from the NVD and take a look at https://jeremylong.github.io/DependencyCheck/data/cacheh2.html
yahia20456
commented
1 week ago @jeremylong im using this config but im always encountering the same error which is unable to Unable to obtain an exclusive lock on the H2 database to perform updates $ dependency-check.sh --nvdApiKey $NVD_API_KEY --scan $CI_PROJECT_DIR/requirements.txt --out Dependency_check_reports/azue_report.json --failOnCVSS 7 --format JSON --data /opt/dependency-check/data --noupdate
I'm trying to integrate dependency_check with gitlab ci , when i run the command directly in the vm it works properly , but using the gitlab ci much erors encountered , please any help ? $ mkdir -p Dependency_check_reports/ $ dependency-check.sh --scan $CI_PROJECT_DIR --project ** --out Dependency_check_reports/ --failOnCVSS 7 --format JSON --log verbose [WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. [ERROR] Unable to continue dependency-check analysis. [ERROR] One or more fatal errors occurred [ERROR] Unable to obtain an exclusive lock on the H2 database to perform updates [ERROR] No documents exist Uploading artifacts for failed job