search

stevespringett / nist-data-mirror

A simple Java command-line utility to mirror the CVE JSON data from NIST.
Apache License 2.0
206 stars 93 forks source link

NVD mirror to dependency check #9

Closed ammy1999 closed 6 years ago

ammy1999 commented 6 years ago

Hello, Usually I have this error : Fatal exception(s) analyzing Core RH: Unable to continue dependency-check analysis. [ERROR] Unable to connect to the database So I think to mirrir the CPE/CVE to have local access But I don't unterstand how can I add it ! help please (what is the utility of the database H2 in dependency check , ii contain just the CVE to check the vulnerability ?? )

ammy1999 commented 6 years ago

java -jar nist-data-mirror.jar what's mean !! help please

stevespringett commented 6 years ago

nist-data-mirror is only required if you want to create a duplicate data feed of the NVD inside a corporate firewall. This is completely optional and not required by Dependency-Check. This project has no affect on Dependency-Checks ability to connect to the database.

ammy1999 commented 6 years ago

Thanks @stevespringett but what's mean corporate firewall please, Can I unterstand the mecanism to utilize the database H2 and the NVD ??

stevespringett commented 6 years ago

This project does not use a database. It mirrors files from the NVD to your local filesystem.

ammy1999 commented 6 years ago

this project you mean dependency check !! because when I check the code source , it utilize H2 database (contains the CVE )

stevespringett commented 6 years ago

This isn't the dependency-check project. This is the nist-data-mirror project which can optionally be used with dependency-check.