Dependencycheck: Trouble downloading database with 2.0.0
I have trouble downloading the database after upgrading to 2.0.0, 1.4.5 with same config worked fine.
I've been experimenting turning the "central analyzer" on|off (AFAIK 1.4.x used the nexus analyzer) - but I am unsure about the differences between the two analyzers.
gist of log:
https://gist.github.com/0c5331a86988c51d9ff40d1ad3e83f3f
davidkarlsen
All 10 comments
I found the issue - in the 2.0.0 upgrade we updated the updater to use more concurrency. There is a nuance to how the global Settings object works. When I merged the PR I missed that this was done incorrectly. The end result is that default settings are used when downloading the NVD/CVE data. As you are behind a proxy - the download fails.
I should have an update released tonight.
jeremylong
on 5 Jul 2017
That was quick! Thank you very much Jeremy
javixeneize
on 5 Jul 2017
Hi
Will a new 2.0.1 version be released for the Jenkins plugin or it will just a fix on the existing version?
javixeneize
on 6 Jul 2017
Jenkins plugin releases are synchronized with the core dependency-check releases. Whenever Jeremy releases a new version of the core, I release a new version of the Jenkins plugin with that core.
stevespringett
on 6 Jul 2017
@javixeneize can you confirm that the proxy issue you were facing has been resolved in 2.0.1?
jeremylong
on 8 Jul 2017
Hi. Yes, its solved, but i had other issues yesterday that might be related
to my proxy. The db was not fully downloaded and the pipeline was marked as
success. Will let you know on monday
Am i the official tester of dependency check? ;) happy to help to improve
the tool
El El sáb, 8 jul 2017 a las 10:44, Jeremy Long notifications@github.com
escribió:
@javixeneize https://github.com/javixeneize can you confirm that the
proxy issue you were facing has been resolved in 2.0.1?—
You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub
https://github.com/jeremylong/DependencyCheck/issues/783#issuecomment-313845907,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AMK55pkAG8B_zgmOuzndlQQ2dXJX-hnAks5sL090gaJpZM4ONX7g
.
javixeneize
on 8 Jul 2017
lol... yeah, sorry about the bug in 2.0.0 - I need to setup a virtual lab with a proxy to fully test this out in the future.
Thanks!
jeremylong
on 8 Jul 2017
@jeremylong Maybe you could do use of https://github.com/takari/takari-plugin-testing-project for integration-testing of the maven plugin?
davidkarlsen
on 9 Jul 2017
@davidjahn I'm using the Maven Invoker Plugin for integration testing of the maven plugin. The issue is I would need to setup an environment with a proxy to fully test this and I have not done that (yet).
jeremylong
on 13 Jul 2017
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 28 Sep 2018
Related issues
Mvbraathen
·
3Comments
chadlwilson
·
3Comments
aravindparappil46
·
4Comments
benji
·
3Comments
dnet
·
3Comments
Most helpful comment
I found the issue - in the 2.0.0 upgrade we updated the updater to use more concurrency. There is a nuance to how the global
Settingsobject works. When I merged the PR I missed that this was done incorrectly. The end result is that default settings are used when downloading the NVD/CVE data. As you are behind a proxy - the download fails.I should have an update released tonight.