New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with using the --nvdDatafeed parameter #6251
Comments
See #6243. Some web servers may not serve *.properties files by default. I'm likely going to stop using the cache.properties file and just rely on the traditional meta files which are being generated in 5.1.0 of the vulnz tool. But for now - I'd check the server configuration to ensure the properties file can be served by the web server. |
Same error here. Local mirror set up, with nvd files going to a |
@kirks it's not that I don't believe you - it is just that no current code path would not create this condition. DependencyCheck/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java Lines 120 to 130 in c9c2bee
DependencyCheck/core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java Lines 547 to 549 in c9c2bee
|
New param had to be quoted in powershell now after switching date param from |
Depending on how you are hosting the cache - the cache.properties may not be served by the HTTP server. If you are using vulnz 5.1.0 or newer to create the cache PR #6282 should resolve the issue. I'll release the updated version soon. |
Now with dependency-check version 9.3.0, the issue has been found with the parameter --nvdDatafeed
dependency-check.sh --project UI -s ./ui -o ./ui -f HTML -f JSON --retireJsUrl https://vuln-db-mirror.xxxxxxx.net/jsrepository.json --nvdDatafeed https://vuln-db-mirror.xxxxxxx.net/nvdcve-{0}.json.gz --suppression ./build/suppression.xml --hostedSuppressionsUrl https://vuln-db-mirror.axxxxxx.net/publishedSuppressions.xml --kevURL https://vuln-db-mirror.xxxxxxxx.net/known_exploited_vulnerabilities.json
Picked up _JAVA_OPTIONS:
[INFO] Checking for updates
[ERROR] Unable to download the NVD API cache.properties
org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download the NVD API cache.properties
at org.owasp.dependencycheck.data.update.NvdApiDataSource.getRemoteCacheProperties(NvdApiDataSource.java:558)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processDatafeed(NvdApiDataSource.java:130)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:108)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637)
at org.owasp.dependencycheck.App.runScan(App.java:262)
at org.owasp.dependencycheck.App.run(App.java:194)
at org.owasp.dependencycheck.App.main(App.java:89)
Caused by: org.owasp.dependencycheck.utils.ResourceNotFoundException: Requested resource does not exist - received a 404
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:233)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:183)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.getRemoteCacheProperties(NvdApiDataSource.java:551)
... 8 common frames omitted
[INFO] Updating CISA Known Exploited Vulnerability list: https://vuln-db-mirror.xxxxxxxx.net/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (239 ms)
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Unable to download the NVD API cache.properties
[ERROR] No documents exist What can be the problem?
The text was updated successfully, but these errors were encountered: