Open jeremylong opened 3 months ago
You might want to consider pinning this issue to the top of the issues.
If it helps folks, reposting my summary from https://github.com/jeremylong/DependencyCheck/issues/6816#issuecomment-2219637687
Here's my summary given the current (July 2024) load. Hope it helps.
>= 9.x
, <= 10.0.1
: Will get 403/404 due to NVD rejecting old clients #6817
>= 10.0.2
Without API key: Quite likely to be getting 503s due to load per #6758
>= 10.0.2
With valid API key: Should be working, but
curl
or similar.--info
logging, or gradle --stacktrace
and see if there is some other connectivity issue to the NVD API other than a 403
/404
/503
. (especially if you have recently moved from ODC 8.x
)2024-07-23T02:39:07.818+0530 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] > Failed to create Jar file /home/guptaksh/.gradle/caches/jars-8/496c5fdd91687c666d36586f714c36d0/jackson-core-2.17.1.jar.
How to fix this ?
@akshat62 please open a new issue for any unrelated problems. In your case, see https://github.com/dependency-check/dependency-check-gradle?tab=readme-ov-file#gradle-build-environment
If you have any follow-on problems/questions - open a new ticket.
What about version < 9? How long is this still supported from NVD side?
https://nvd.nist.gov/general/news/change-timeline
Update: The retirement timeline has been extended for the Legacy Data Feed Files until further notice.
That comment is not dated but was first noted December 2023. https://groups.google.com/a/list.nist.gov/g/nvd-news/c/aofnAd3HP2g
The NVD will retire the Legacy Data Feed Files once improvements for bulk download capabilities of the NVD dataset are implemented.
To my knowledge there’s been no improvement to the bulk download capabilities yet, and the NVD has had many other problems to deal with this year. I’d follow https://www.nist.gov/itl/nvd
Users of 9.0.0 through 10.0.1 must upgrade to 10.0.2
Please see https://github.com/jeremylong/DependencyCheck?tab=readme-ov-file#mandatory-upgrade-notice.
Note 9.x no longer works - so you should have already upgraded.