search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.48k stars 1.29k forks source link

NVD API REQUEST ISSUE #7193

Closed HauruShiro closed 4 days ago

HauruShiro commented 4 days ago

Describe the bug A clear and concise description of what the bug is.

This isn’t the first time I’ve encountered this bug; usually, I would update, and the issue would disappear.
But today, nothing seems to work...

Here’s what I’m getting: 

[WARNING] NVD API request failures are occurring; retrying request for the 8th time  
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=68000: 3rd time  
[INFO] Downloaded 50,000/271,508 (18%)

I’d like to understand the mechanism behind all this. Is it because the URL is no longer accessible?

I’m completely lost.

Version of dependency-check used The problem occurs using version X.X.X of the ____ (cli, gradle plugin, maven plugin, etc.)

--> 10.0.3

To Reproduce

mvn org.owasp:dependency-check-maven:10.0.3:aggregate -DskipSystemScope=true -DassemblyAnalyzerEnabled=false -DnodeAuditAnalyzerEnabled=true -DnodeAnalyzerEnabled=true -DnugetconfAnalyzerEnabled=false -DnuspecAnalyzerEnabled=false -Dformat=XML -DfailOnError=false -DnvdApiKey=APIKEY

h4ckerfr0st commented 4 days ago

I am having the same problem in my side, I generated new keys and did not work

[WARN] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=104000 : 3 time [WARN] NVD API request failures are occurring; retrying request for the 9 time [WARN] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=94000 : 3 time [WARN] NVD API request failures are occurring; retrying request for the 5 time [WARN] NVD API request failures are occurring; retrying request for the 5 time [WARN] NVD API request failures are occurring; retrying request for the 5 time [WARN] NVD API request failures are occurring; retrying request for the 6 time [WARN] NVD API request failures are occurring; retrying request for the 5 time

ivopogace commented 4 days ago

Same Retrying request /rest/json/cves/2.0?lastModStartDate=xxxxxxxx&lastModEndDate=xxxxxxx&resultsPerPage=2000&startIndex=2000 : 3 time NVD API request failures are occurring; retrying request for the 5 time NVD API request failures are occurring; retrying request for the 6 time NVD API request failures are occurring; retrying request for the 5 time

Version: 11.1.0

h4ckerfr0st commented 4 days ago

Apparently there was similarities in the issue reported above here: https://github.com/jeremylong/DependencyCheck/issues/6758

The only fix was to use local database that you might previously had used --noupdate option in the cli so it uses its local cache

 - dependency-check --disableNodeAudit --disablePnpmAudit  --noupdate  --scan . --disableAssembly --enableExperimental -s . -o build --format XML --project "$PROJECT_ID" --exclude ".git/**" --exclude ".venv/**" --exclude "**/__pycache__/**" --exclude ".tox/**" --nvdApiKey "*******************"

unlike my case where my runners are dynamic no space to run local db

[UPDATE]

https://www.nist.gov/itl/nvd

Screenshot from 2024-11-26 10-56-52

HauruShiro commented 4 days ago

@h4ckerfr0st

Thanks for your reply! The goal wasn’t to use a local database, but it might be a fix. I think I’ll use a local database in the future to avoid this kind of issue.

and thx for the UPDATE BTW

h4ckerfr0st commented 4 days ago

No problem, thanks for letting me know.

nhumblot commented 4 days ago

Duplicate of #7178, closing.