jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.5k stars 1.29k forks source link

A lot of erors appears using dependency check in gitlab ci #6650

Open yahia20456 opened 7 months ago

yahia20456 commented 7 months ago

I'm trying to integrate dependency_check with gitlab ci , when i run the command directly in the vm it works properly , but using the gitlab ci much erors encountered , please any help ? $ mkdir -p Dependency_check_reports/ $ dependency-check.sh --scan $CI_PROJECT_DIR --project ** --out Dependency_check_reports/ --failOnCVSS 7 --format JSON --log verbose [WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. [ERROR] Unable to continue dependency-check analysis. [ERROR] One or more fatal errors occurred [ERROR] Unable to obtain an exclusive lock on the H2 database to perform updates [ERROR] No documents exist Uploading artifacts for failed job

jeremylong commented 7 months ago

You likely should use an API Key from the NVD and take a look at https://jeremylong.github.io/DependencyCheck/data/cacheh2.html

yahia20456 commented 6 months ago

@jeremylong im using this config but im always encountering the same error which is unable to Unable to obtain an exclusive lock on the H2 database to perform updates $ dependency-check.sh --nvdApiKey $NVD_API_KEY --scan $CI_PROJECT_DIR/requirements.txt --out Dependency_check_reports/azue_report.json --failOnCVSS 7 --format JSON --data /opt/dependency-check/data --noupdate