-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OWASP Azure pipeline worked and is now failing #6842
Comments
You need to update you configuration to run a newer DependencyCheck version Refer to the azure devops pipeline project if you don't know how to. That plugin is not part of this github project. It is located at https://github.com/dependency-check/azuredevops |
Thank you - I did this and it resolved the issue.
Thanks,
Chelsea Sweeney
IT Platform Administrator II, Application Development
NORIDIAN HEALTHCARE SOLUTIONS LLC, FARGO
701-277-6624
***@***.******@***.***>
www.noridian.com<http://www.noridian.com/> | www.noridianmedicare.com<http://www.noridianmedicare.com/>
[NAS email signature logo]
Confidentiality Notice: This communication and any attachments are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient(s), please contact the sender by replying to this e-mail and destroy/delete all copies of this e-mail message.
From: Hans Aikema ***@***.***>
Sent: Friday, July 19, 2024 12:14 PM
To: jeremylong/DependencyCheck ***@***.***>
Cc: Chelsea Sweeney ***@***.***>; Author ***@***.***>
Subject: Re: [jeremylong/DependencyCheck] OWASP Azure pipeline worked and is now failing (Issue #6842)
You don't often get email from ***@***.*** Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
WARNING: This is an external email.
Do not click links or open attachments unless you recognize the sender and know the content is safe.
You need to update you configuration to run a newer DependencyCheck version
#6817<#6817>
Refer to the azure devops pipeline project if you don't know how to. That plugin is not part of this github project. It is located at https://github.com/dependency-check/azuredevops
-
Reply to this email directly, view it on GitHub<#6842 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BJ4DTZNJKUFX2ZKSFRKROADZNFCM7AVCNFSM6AAAAABK5HPAT6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZZG4YDKMZRGI>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
OWASP pipeline had been working as needed/expected in Azure pipeline. Within the last week-all pipelines are failing saying:
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error
Please ensure your API Key is valid; see https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#api-key-is-used-and-a-403-or-404-error-occurs
If your NVD API Key is valid try increasing the NVD API Delay.
If this is ocurring in a CI environment
[ERROR] No documents exist
Dependency Check completed with exit code 13.
Dependency Check reports:
[]
Dependency Check failed with message "Dependency Check exited with an error code (exit code: 13)."
##[error]Dependency Check exited with an error code (exit code: 13).
I ensured API is good. Not sure what changed that it is now not working...
Version of dependency-check used
Dependency-Check Core version 9.2.0
Expected behavior
For it to succeed if no vulnerabilities or fail and produce report with vulnerabilities
Additional context
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error
The text was updated successfully, but these errors were encountered: