Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OWASP Azure pipeline worked and is now failing #6842

Closed
Chelseasweeney07 opened this issue Jul 15, 2024 · 2 comments
Closed

OWASP Azure pipeline worked and is now failing #6842

Chelseasweeney07 opened this issue Jul 15, 2024 · 2 comments

Comments

@Chelseasweeney07
Copy link

Describe the bug
OWASP pipeline had been working as needed/expected in Azure pipeline. Within the last week-all pipelines are failing saying:
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error

Please ensure your API Key is valid; see https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#api-key-is-used-and-a-403-or-404-error-occurs

If your NVD API Key is valid try increasing the NVD API Delay.

If this is ocurring in a CI environment
[ERROR] No documents exist
Dependency Check completed with exit code 13.
Dependency Check reports:
[]
Dependency Check failed with message "Dependency Check exited with an error code (exit code: 13)."
##[error]Dependency Check exited with an error code (exit code: 13).

I ensured API is good. Not sure what changed that it is now not working...

Version of dependency-check used
Dependency-Check Core version 9.2.0

Expected behavior
For it to succeed if no vulnerabilities or fail and produce report with vulnerabilities

Additional context
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error

@aikebah
Copy link
Collaborator

aikebah commented Jul 19, 2024

You need to update you configuration to run a newer DependencyCheck version

#6817

Refer to the azure devops pipeline project if you don't know how to. That plugin is not part of this github project. It is located at https://github.com/dependency-check/azuredevops

@aikebah aikebah closed this as not planned Won't fix, can't repro, duplicate, stale Jul 19, 2024
@Chelseasweeney07
Copy link
Author

Chelseasweeney07 commented Jul 19, 2024 via email

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants