Dependencycheck: ExecutionException/NullPointer on Update
It looks like some bad updates came in. Tested with Corretto8 and Corretto11 from a fresh cli download on 6.1.5. 6.1.4 tested as well.
To reproduce, download the latest version and try running updates:
sh dependency-check/bin/dependency-check.sh --updateonly
[INFO] Checking for updates
[INFO] NVD CVE requires several updates; this could take a couple of minutes.
[INFO] Download Started for NVD CVE - 2002
[INFO] Download Started for NVD CVE - 2003
[INFO] Download Complete for NVD CVE - 2003 (1503 ms)
[INFO] Download Started for NVD CVE - 2004
[INFO] Processing Started for NVD CVE - 2003
[INFO] Download Complete for NVD CVE - 2002 (2448 ms)
[INFO] Download Started for NVD CVE - 2005
[INFO] Processing Started for NVD CVE - 2002
[INFO] Download Complete for NVD CVE - 2004 (2580 ms)
[INFO] Download Started for NVD CVE - 2006
[INFO] Processing Started for NVD CVE - 2004
[INFO] Download Complete for NVD CVE - 2005 (2991 ms)
[INFO] Download Started for NVD CVE - 2007
[INFO] Processing Started for NVD CVE - 2005
[INFO] Download Complete for NVD CVE - 2006 (2304 ms)
[INFO] Download Started for NVD CVE - 2008
[INFO] Processing Started for NVD CVE - 2006
[INFO] Download Complete for NVD CVE - 2007 (2433 ms)
[INFO] Download Started for NVD CVE - 2009
[INFO] Processing Started for NVD CVE - 2007
[INFO] Download Complete for NVD CVE - 2008 (2828 ms)
[INFO] Download Started for NVD CVE - 2010
[INFO] Processing Started for NVD CVE - 2008
[INFO] Download Complete for NVD CVE - 2009 (2066 ms)
[INFO] Processing Started for NVD CVE - 2009
[INFO] Download Started for NVD CVE - 2011
[INFO] Download Complete for NVD CVE - 2010 (2071 ms)
[INFO] Download Started for NVD CVE - 2012
[INFO] Processing Started for NVD CVE - 2010
[INFO] Download Complete for NVD CVE - 2011 (2067 ms)
[INFO] Processing Started for NVD CVE - 2011
[INFO] Download Started for NVD CVE - 2013
[INFO] Download Complete for NVD CVE - 2012 (2059 ms)
[INFO] Download Started for NVD CVE - 2014
[INFO] Processing Started for NVD CVE - 2012
[INFO] Download Complete for NVD CVE - 2013 (2448 ms)
[INFO] Processing Started for NVD CVE - 2013
[INFO] Download Started for NVD CVE - 2015
[INFO] Download Complete for NVD CVE - 2014 (2229 ms)
[INFO] Download Started for NVD CVE - 2016
[INFO] Processing Started for NVD CVE - 2014
[INFO] Download Complete for NVD CVE - 2015 (2821 ms)
[INFO] Processing Started for NVD CVE - 2015
[INFO] Download Started for NVD CVE - 2017
[INFO] Download Complete for NVD CVE - 2017 (2246 ms)
[INFO] Processing Started for NVD CVE - 2017
[INFO] Download Started for NVD CVE - 2018
[INFO] Download Complete for NVD CVE - 2018 (2619 ms)
[INFO] Download Started for NVD CVE - 2019
[INFO] Processing Started for NVD CVE - 2018
[INFO] Download Complete for NVD CVE - 2016 (8863 ms)
[INFO] Download Started for NVD CVE - 2020
[INFO] Processing Started for NVD CVE - 2016
[INFO] Download Complete for NVD CVE - 2019 (3767 ms)
[INFO] Download Started for NVD CVE - 2021
[INFO] Processing Started for NVD CVE - 2019
[INFO] Download Complete for NVD CVE - 2021 (1870 ms)
[INFO] Processing Started for NVD CVE - 2021
[INFO] Download Complete for NVD CVE - 2020 (4085 ms)
[INFO] Processing Started for NVD CVE - 2020
[ERROR] java.util.concurrent.ExecutionException: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because the return value of "org.owasp.dependencycheck.data.nvd.json.DefCpeMatch.getCpe23Uri()" is null
org.owasp.dependencycheck.data.update.exception.UpdateException: java.util.concurrent.ExecutionException: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because the return value of "org.owasp.dependencycheck.data.nvd.json.DefCpeMatch.getCpe23Uri()" is null
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:298)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:125)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:860)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:833)
at org.owasp.dependencycheck.App.runUpdateOnly(App.java:387)
at org.owasp.dependencycheck.App.run(App.java:164)
at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: java.util.concurrent.ExecutionException: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because the return value of "org.owasp.dependencycheck.data.nvd.json.DefCpeMatch.getCpe23Uri()" is null
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:288)
... 6 common frames omitted
Caused by: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because the return value of "org.owasp.dependencycheck.data.nvd.json.DefCpeMatch.getCpe23Uri()" is null
at org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper.lambda$hasMultipleVendorProductConfigurations$0(CveEcosystemMapper.java:95)
at java.base/java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90)
at java.base/java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1602)
at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129)
at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230)
at java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.allMatch(ReferencePipeline.java:637)
at org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper.hasMultipleVendorProductConfigurations(CveEcosystemMapper.java:95)
at org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper.getEcosystem(CveEcosystemMapper.java:67)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse(NvdCveParser.java:97)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON(ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:40)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:831)
[WARN] A new version of dependency-check is available. Consider updating to version 6.1.5.
[ERROR] java.util.concurrent.ExecutionException: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because the return value of "org.owasp.dependencycheck.data.nvd.json.DefCpeMatch.getCpe23Uri()" is null
org.owasp.dependencycheck.data.update.exception.UpdateException: java.util.concurrent.ExecutionException: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because the return value of "org.owasp.dependencycheck.data.nvd.json.DefCpeMatch.getCpe23Uri()" is null
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:298)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:125)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:860)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:833)
at org.owasp.dependencycheck.App.runUpdateOnly(App.java:387)
at org.owasp.dependencycheck.App.run(App.java:164)
at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: java.util.concurrent.ExecutionException: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because the return value of "org.owasp.dependencycheck.data.nvd.json.DefCpeMatch.getCpe23Uri()" is null
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:288)
... 6 common frames omitted
Caused by: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because the return value of "org.owasp.dependencycheck.data.nvd.json.DefCpeMatch.getCpe23Uri()" is null
at org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper.lambda$hasMultipleVendorProductConfigurations$0(CveEcosystemMapper.java:95)
at java.base/java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90)
at java.base/java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1602)
at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129)
at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230)
at java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.allMatch(ReferencePipeline.java:637)
at org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper.hasMultipleVendorProductConfigurations(CveEcosystemMapper.java:95)
at org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper.getEcosystem(CveEcosystemMapper.java:67)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse(NvdCveParser.java:97)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON(ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:40)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:831)
bug
LeaderXFX
👍51
😕1
All 28 comments
Same here:
[23:21:00][Step 2/3] [INFO] Processing Started for NVD CVE - 2021
[INFO] Download Complete for NVD CVE - 2020 (4172 ms)
[INFO] Processing Started for NVD CVE - 2020
[ERROR] java.util.concurrent.ExecutionException: java.lang.NullPointerException
org.owasp.dependencycheck.data.update.exception.UpdateException: java.util.concurrent.ExecutionException: java.lang.NullPointerException
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate (NvdCveUpdater.java:298)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:125)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:860)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:667)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:593)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1660)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:929)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.util.concurrent.ExecutionException: java.lang.NullPointerException
at java.util.concurrent.FutureTask.report (FutureTask.java:122)
at java.util.concurrent.FutureTask.get (FutureTask.java:191)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate (NvdCveUpdater.java:288)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:125)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:860)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:667)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:593)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1660)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:929)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.NullPointerException
at org.owasp.dependencycheck.data.nvd.ecosystem.UrlEcosystemMapper.getEcosystem (UrlEcosystemMapper.java:68)
at org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper.getEcosystem (CveEcosystemMapper.java:74)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse (NvdCveParser.java:97)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON (ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles (ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:40)
at java.util.concurrent.FutureTask.run (FutureTask.java:264)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1128)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:628)
at java.lang.Thread.run (Thread.java:834)
[23:21:02][Step 2/3] [WARNING] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
Snipx
on 21 Apr 2021
👍6
Add another one to the list... using 6.1.5...
[2021-04-21T20:15:45.737Z] [INFO] Processing Started for NVD CVE - 2021
[2021-04-21T20:15:45.737Z] [ERROR] java.util.concurrent.ExecutionException: java.lang.NullPointerException
[2021-04-21T20:15:45.737Z] org.owasp.dependencycheck.data.update.exception.UpdateException: java.util.concurrent.ExecutionException: java.lang.NullPointerException
[2021-04-21T20:15:45.737Z] at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate (NvdCveUpdater.java:298)
[2021-04-21T20:15:45.737Z] at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:125)
[2021-04-21T20:15:45.737Z] at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:860)
[2021-04-21T20:15:45.737Z] at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:667)
[2021-04-21T20:15:45.737Z] at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:593)
[2021-04-21T20:15:45.737Z] at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1660)
[2021-04-21T20:15:45.737Z] at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:929)
[2021-04-21T20:15:45.737Z] at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
[2021-04-21T20:15:45.737Z] at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
[2021-04-21T20:15:45.737Z] at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
[2021-04-21T20:15:45.737Z] at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
[2021-04-21T20:15:45.737Z] at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
[2021-04-21T20:15:45.737Z] at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
[2021-04-21T20:15:45.737Z] at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
[2021-04-21T20:15:45.738Z] at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
[2021-04-21T20:15:45.738Z] at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
[2021-04-21T20:15:45.738Z] at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
[2021-04-21T20:15:45.738Z] at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
[2021-04-21T20:15:45.738Z] at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
[2021-04-21T20:15:45.738Z] at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
[2021-04-21T20:15:45.738Z] at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
[2021-04-21T20:15:45.738Z] at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
[2021-04-21T20:15:45.738Z] at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
[2021-04-21T20:15:45.738Z] at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
[2021-04-21T20:15:45.738Z] at java.lang.reflect.Method.invoke (Method.java:498)
[2021-04-21T20:15:45.738Z] at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
[2021-04-21T20:15:45.738Z] at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
[2021-04-21T20:15:45.738Z] at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
[2021-04-21T20:15:45.738Z] at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
dwightmulcahy
on 21 Apr 2021
Hi! Same problem here...also tested with 6.1.1 version
ldipaolaIT
on 21 Apr 2021
👍6
Yup we are seeing it to
INFO] Checking for updates
[INFO] Download Started for NVD CVE - Modified
[INFO] Download Complete for NVD CVE - Modified (748 ms)
[INFO] Processing Started for NVD CVE - Modified
[ERROR] The execution of the download was interrupted
org.owasp.dependencycheck.data.update.exception.UpdateException: The execution of the download was interrupted
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:317)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:125)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:935)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:736)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:666)
at org.owasp.dependencycheck.App.runScan(App.java:254)
at org.owasp.dependencycheck.App.run(App.java:186)
at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: java.util.concurrent.ExecutionException: java.lang.NullPointerException
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:307)
... 7 common frames omitted
Caused by: java.lang.NullPointerException: null
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerabilityInsertReferences(CveDB.java:1363)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(CveDB.java:985)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse(NvdCveParser.java:99)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON(ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:40)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
[INFO] Skipping RetireJS update since last update was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] The execution of the download was interrupted
[ERROR] No documents exist
also seeing error on other jobs
INFO] Processing Started for NVD CVE - 2021
[ERROR] java.util.concurrent.ExecutionException: java.lang.NullPointerException
org.owasp.dependencycheck.data.update.exception.UpdateException: java.util.concurrent.ExecutionException: java.lang.NullPointerException
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:298)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:125)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:860)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:833)
at org.owasp.dependencycheck.App.runUpdateOnly(App.java:387)
at org.owasp.dependencycheck.App.run(App.java:164)
at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: java.util.concurrent.ExecutionException: java.lang.NullPointerException
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:288)
... 6 common frames omitted
Caused by: java.lang.NullPointerException: null
at org.owasp.dependencycheck.data.nvd.ecosystem.UrlEcosystemMapper.getEcosystem(UrlEcosystemMapper.java:68)
at org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper.getEcosystem(CveEcosystemMapper.java:74)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse(NvdCveParser.java:97)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON(ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:40)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
[ERROR] java.util.concurrent.ExecutionException: java.lang.NullPointerException
org.owasp.dependencycheck.data.update.exception.UpdateException: java.util.concurrent.ExecutionException: java.lang.NullPointerException
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:298)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:125)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:860)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:833)
at org.owasp.dependencycheck.App.runUpdateOnly(App.java:387)
at org.owasp.dependencycheck.App.run(App.java:164)
at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: java.util.concurrent.ExecutionException: java.lang.NullPointerException
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:288)
... 6 common frames omitted
Caused by: java.lang.NullPointerException: null
at org.owasp.dependencycheck.data.nvd.ecosystem.UrlEcosystemMapper.getEcosystem(UrlEcosystemMapper.java:68)
at org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper.getEcosystem(CveEcosystemMapper.java:74)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse(NvdCveParser.java:97)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON(ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:40)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
hopenbr
on 21 Apr 2021
We are seeing the same issue on our CI builds:
Checking for updates and analyzing dependencies for vulnerabilities
The execution of the download was interrupted
org.owasp.dependencycheck.data.update.exception.UpdateException: The execution of the download was interrupted
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:317)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:125)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:860)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:667)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:593)
at org.owasp.dependencycheck.Engine$analyzeDependencies$1.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:115)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:119)
at org.owasp.dependencycheck.gradle.tasks.AbstractAnalyze.analyze(AbstractAnalyze.groovy:90)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:567)
at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:104)
at org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58)
at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:51)
at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:29)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$2.run(ExecuteActionsTaskExecuter.java:494)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:56)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$run$1(DefaultBuildOperationExecutor.java:71)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.runWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:45)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:71)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeAction(ExecuteActionsTaskExecuter.java:479)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:462)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.access$400(ExecuteActionsTaskExecuter.java:105)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$TaskExecution.executeWithPreviousOutputFiles(ExecuteActionsTaskExecuter.java:273)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$TaskExecution.execute(ExecuteActionsTaskExecuter.java:251)
at org.gradle.internal.execution.steps.ExecuteStep.lambda$executeOperation$1(ExecuteStep.java:66)
at java.base/java.util.Optional.orElseGet(Optional.java:369)
at org.gradle.internal.execution.steps.ExecuteStep.executeOperation(ExecuteStep.java:66)
at org.gradle.internal.execution.steps.ExecuteStep.access$000(ExecuteStep.java:34)
at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:47)
at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:44)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:200)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:195)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:62)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$call$2(DefaultBuildOperationExecutor.java:76)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.callWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:54)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:76)
at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:44)
at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:34)
at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:72)
at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:42)
at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:53)
at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:39)
at org.gradle.internal.execution.steps.CancelExecutionStep.execute(CancelExecutionStep.java:44)
at org.gradle.internal.execution.steps.TimeoutStep.executeWithoutTimeout(TimeoutStep.java:77)
at org.gradle.internal.execution.steps.TimeoutStep.execute(TimeoutStep.java:58)
at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:54)
at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:32)
at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:57)
at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:38)
at org.gradle.internal.execution.steps.BroadcastChangingOutputsStep.execute(BroadcastChangingOutputsStep.java:63)
at org.gradle.internal.execution.steps.BroadcastChangingOutputsStep.execute(BroadcastChangingOutputsStep.java:30)
at org.gradle.internal.execution.steps.BuildCacheStep.executeWithoutCache(BuildCacheStep.java:176)
at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:76)
at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:47)
at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:43)
at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:32)
at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:39)
at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:25)
at org.gradle.internal.execution.steps.SkipUpToDateStep.executeBecause(SkipUpToDateStep.java:102)
at org.gradle.internal.execution.steps.SkipUpToDateStep.lambda$execute$0(SkipUpToDateStep.java:95)
at java.base/java.util.Optional.map(Optional.java:265)
at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:55)
at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:39)
at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:83)
at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:44)
at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:37)
at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:27)
at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:96)
at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:52)
at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:83)
at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:54)
at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:74)
at org.gradle.internal.execution.steps.SkipEmptyWorkStep.lambda$execute$2(SkipEmptyWorkStep.java:88)
at java.base/java.util.Optional.orElseGet(Optional.java:369)
at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:88)
at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:34)
at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsStartedStep.execute(MarkSnapshottingInputsStartedStep.java:38)
at org.gradle.internal.execution.steps.LoadExecutionStateStep.execute(LoadExecutionStateStep.java:46)
at org.gradle.internal.execution.steps.LoadExecutionStateStep.execute(LoadExecutionStateStep.java:34)
at org.gradle.internal.execution.steps.AssignWorkspaceStep.lambda$execute$0(AssignWorkspaceStep.java:43)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$TaskExecution$3.withWorkspace(ExecuteActionsTaskExecuter.java:286)
at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:43)
at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:33)
at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:40)
at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:30)
at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:54)
at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:40)
at org.gradle.internal.execution.impl.DefaultExecutionEngine.rebuild(DefaultExecutionEngine.java:46)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.lambda$executeIfValid$0(ExecuteActionsTaskExecuter.java:182)
at java.base/java.util.Optional.map(Optional.java:265)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:182)
at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:173)
at org.gradle.api.internal.tasks.execution.CleanupStaleOutputsExecuter.execute(CleanupStaleOutputsExecuter.java:109)
at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46)
at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:62)
at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57)
at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:56)
at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:200)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:195)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:62)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$call$2(DefaultBuildOperationExecutor.java:76)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.callWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:54)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:76)
at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52)
at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:41)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:411)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:398)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:391)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:377)
at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.lambda$run$0(DefaultPlanExecutor.java:127)
at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:191)
at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.executeNextNode(DefaultPlanExecutor.java:182)
at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:124)
at org.gradle.execution.plan.DefaultPlanExecutor.process(DefaultPlanExecutor.java:72)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph.executeWithServices(DefaultTaskExecutionGraph.java:196)
at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph.execute(DefaultTaskExecutionGraph.java:189)
at org.gradle.execution.SelectedTaskExecutionAction.execute(SelectedTaskExecutionAction.java:39)
at org.gradle.execution.DefaultBuildWorkExecutor.execute(DefaultBuildWorkExecutor.java:40)
at org.gradle.execution.DefaultBuildWorkExecutor.access$000(DefaultBuildWorkExecutor.java:24)
at org.gradle.execution.DefaultBuildWorkExecutor$1.proceed(DefaultBuildWorkExecutor.java:48)
at org.gradle.execution.DryRunBuildExecutionAction.execute(DryRunBuildExecutionAction.java:49)
at org.gradle.execution.DefaultBuildWorkExecutor.execute(DefaultBuildWorkExecutor.java:40)
at org.gradle.execution.DefaultBuildWorkExecutor.execute(DefaultBuildWorkExecutor.java:33)
at org.gradle.execution.IncludedBuildLifecycleBuildWorkExecutor.execute(IncludedBuildLifecycleBuildWorkExecutor.java:36)
at org.gradle.execution.DeprecateUndefinedBuildWorkExecutor.execute(DeprecateUndefinedBuildWorkExecutor.java:44)
at org.gradle.execution.BuildOperationFiringBuildWorkerExecutor$ExecuteTasks.run(BuildOperationFiringBuildWorkerExecutor.java:57)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:56)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$run$1(DefaultBuildOperationExecutor.java:71)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.runWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:45)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:71)
at org.gradle.execution.BuildOperationFiringBuildWorkerExecutor.execute(BuildOperationFiringBuildWorkerExecutor.java:42)
at org.gradle.initialization.DefaultGradleLauncher.runWork(DefaultGradleLauncher.java:260)
at org.gradle.initialization.DefaultGradleLauncher.doClassicBuildStages(DefaultGradleLauncher.java:172)
at org.gradle.initialization.DefaultGradleLauncher.doBuildStages(DefaultGradleLauncher.java:148)
at org.gradle.initialization.DefaultGradleLauncher.executeTasks(DefaultGradleLauncher.java:124)
at org.gradle.internal.invocation.GradleBuildController$1.create(GradleBuildController.java:72)
at org.gradle.internal.invocation.GradleBuildController$1.create(GradleBuildController.java:67)
at org.gradle.internal.work.DefaultWorkerLeaseService.withLocks(DefaultWorkerLeaseService.java:213)
at org.gradle.internal.invocation.GradleBuildController.doBuild(GradleBuildController.java:67)
at org.gradle.internal.invocation.GradleBuildController.run(GradleBuildController.java:56)
at org.gradle.tooling.internal.provider.ExecuteBuildActionRunner.run(ExecuteBuildActionRunner.java:31)
at org.gradle.launcher.exec.ChainingBuildActionRunner.run(ChainingBuildActionRunner.java:35)
at org.gradle.launcher.exec.BuildOutcomeReportingBuildActionRunner.run(BuildOutcomeReportingBuildActionRunner.java:63)
at org.gradle.tooling.internal.provider.ValidatingBuildActionRunner.run(ValidatingBuildActionRunner.java:32)
at org.gradle.tooling.internal.provider.FileSystemWatchingBuildActionRunner.run(FileSystemWatchingBuildActionRunner.java:77)
at org.gradle.launcher.exec.BuildCompletionNotifyingBuildActionRunner.run(BuildCompletionNotifyingBuildActionRunner.java:41)
at org.gradle.launcher.exec.RunAsBuildOperationBuildActionRunner$3.call(RunAsBuildOperationBuildActionRunner.java:49)
at org.gradle.launcher.exec.RunAsBuildOperationBuildActionRunner$3.call(RunAsBuildOperationBuildActionRunner.java:44)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:200)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:195)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:62)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$call$2(DefaultBuildOperationExecutor.java:76)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.callWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:54)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:76)
at org.gradle.launcher.exec.RunAsBuildOperationBuildActionRunner.run(RunAsBuildOperationBuildActionRunner.java:44)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.lambda$execute$0(InProcessBuildActionExecuter.java:54)
at org.gradle.composite.internal.DefaultRootBuildState.run(DefaultRootBuildState.java:86)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:53)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:29)
at org.gradle.launcher.exec.BuildTreeScopeLifecycleBuildActionExecuter.lambda$execute$0(BuildTreeScopeLifecycleBuildActionExecuter.java:33)
at org.gradle.internal.buildtree.BuildTreeState.run(BuildTreeState.java:49)
at org.gradle.launcher.exec.BuildTreeScopeLifecycleBuildActionExecuter.execute(BuildTreeScopeLifecycleBuildActionExecuter.java:32)
at org.gradle.launcher.exec.BuildTreeScopeLifecycleBuildActionExecuter.execute(BuildTreeScopeLifecycleBuildActionExecuter.java:27)
at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:104)
at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:55)
at org.gradle.tooling.internal.provider.SubscribableBuildActionExecuter.execute(SubscribableBuildActionExecuter.java:64)
at org.gradle.tooling.internal.provider.SubscribableBuildActionExecuter.execute(SubscribableBuildActionExecuter.java:37)
at org.gradle.tooling.internal.provider.SessionScopeLifecycleBuildActionExecuter.lambda$execute$0(SessionScopeLifecycleBuildActionExecuter.java:54)
at org.gradle.internal.session.BuildSessionState.run(BuildSessionState.java:67)
at org.gradle.tooling.internal.provider.SessionScopeLifecycleBuildActionExecuter.execute(SessionScopeLifecycleBuildActionExecuter.java:50)
at org.gradle.tooling.internal.provider.SessionScopeLifecycleBuildActionExecuter.execute(SessionScopeLifecycleBuildActionExecuter.java:36)
at org.gradle.tooling.internal.provider.GradleThreadBuildActionExecuter.execute(GradleThreadBuildActionExecuter.java:36)
at org.gradle.tooling.internal.provider.GradleThreadBuildActionExecuter.execute(GradleThreadBuildActionExecuter.java:25)
at org.gradle.tooling.internal.provider.StartParamsValidatingActionExecuter.execute(StartParamsValidatingActionExecuter.java:59)
at org.gradle.tooling.internal.provider.StartParamsValidatingActionExecuter.execute(StartParamsValidatingActionExecuter.java:31)
at org.gradle.tooling.internal.provider.SessionFailureReportingActionExecuter.execute(SessionFailureReportingActionExecuter.java:55)
at org.gradle.tooling.internal.provider.SessionFailureReportingActionExecuter.execute(SessionFailureReportingActionExecuter.java:41)
at org.gradle.tooling.internal.provider.SetupLoggingActionExecuter.execute(SetupLoggingActionExecuter.java:47)
at org.gradle.tooling.internal.provider.SetupLoggingActionExecuter.execute(SetupLoggingActionExecuter.java:31)
at org.gradle.launcher.daemon.server.exec.ExecuteBuild.doBuild(ExecuteBuild.java:65)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:37)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.WatchForDisconnection.execute(WatchForDisconnection.java:39)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.ResetDeprecationLogger.execute(ResetDeprecationLogger.java:29)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.RequestStopIfSingleUsedDaemon.execute(RequestStopIfSingleUsedDaemon.java:35)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.create(ForwardClientInput.java:78)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.create(ForwardClientInput.java:75)
at org.gradle.util.Swapper.swap(Swapper.java:38)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput.execute(ForwardClientInput.java:75)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.LogAndCheckHealth.execute(LogAndCheckHealth.java:55)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.LogToClient.doBuild(LogToClient.java:63)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:37)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.EstablishBuildEnvironment.doBuild(EstablishBuildEnvironment.java:84)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:37)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.StartBuildOrRespondWithBusy$1.run(StartBuildOrRespondWithBusy.java:52)
at org.gradle.launcher.daemon.server.DaemonStateCoordinator$1.run(DaemonStateCoordinator.java:297)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:56)
at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: java.util.concurrent.ExecutionException: java.lang.NullPointerException
at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:307)
... 240 more
Caused by: java.lang.NullPointerException
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerabilityInsertReferences(CveDB.java:1173)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(CveDB.java:859)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse(NvdCveParser.java:100)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON(ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:40)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
... 1 more
Unable to continue dependency-check analysis.
tlf30
on 21 Apr 2021
You can temporary add the parameter --noupdate if you only want to scan.
alaincroisetiere
on 21 Apr 2021
👍2
Same issue with 5.3.2 as well.
Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to parse CPE: cpe:2.3:a:perl:file::path:1.08:*:*:*:*:*:*:*
at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpe (CveDB.java:1341)
at org.owasp.dependencycheck.data.nvdcve.CveDB.lambda$parseCpes$3 (CveDB.java:1298)
at java.util.ArrayList.forEach (ArrayList.java:1257)
at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpes (CveDB.java:1297)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:880)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse (NvdCveParser.java:99)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON (ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles (ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:40)
at java.util.concurrent.FutureTask.run (FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624)
at java.lang.Thread.run (Thread.java:748)
a2l007
on 22 Apr 2021
Looks like an issue with NVD's repository. As a workaround, point to this mirror for data updates, like this:
<configuration>
<cveUrlModified>https://freedumbytes.gitlab.io/setup/nist-nvd-mirror/nvdcve-1.1-modified.json.gz</cveUrlModified>
<cveUrlBase>https://freedumbytes.gitlab.io/setup/nist-nvd-mirror/nvdcve-1.1-%d.json.gz</cveUrlBase>
</configuration>
injcristianrojas
on 22 Apr 2021
👍6
NIST is aware of the issue at least:
Mause
on 22 Apr 2021
Looks like an issue with NVD's repository. As a workaround, point to this mirror for data updates, like this:
<configuration> <cveUrlModified>https://freedumbytes.gitlab.io/setup/nist-nvd-mirror/nvdcve-1.1-modified.json.gz</cveUrlModified> <cveUrlBase>https://freedumbytes.gitlab.io/setup/nist-nvd-mirror/nvdcve-1.1-%d.json.gz</cveUrlBase> </configuration>
I kind of support the ingenuity to workaround the error in trusted NVD sources.
However, be sure you really trust and know the source who offers you a random "fredumbytes" mirror as a workaround. You never know what you are going to get.
vilvo
on 22 Apr 2021
👍22
@vilvo unfortunately here trade off. DependencyCheck usually is used by building process via maven, gradle, sonar and tonns of tools, and since this update all this tools is failed and probably block building and deployment new version of artefacts.
So, introducing temporary (I hope) security issue to unblock a lot of project doesn't seems as bad idea.
Anyway, I'd frustrated for years because NIST hasn't announce digital signature for NVD feed. It suggest to trust to vendor.
catap
on 22 Apr 2021
with gradle project this suggested workaround should work:
cve {
urlModified = 'https://freedumbytes.gitlab.io/setup/nist-nvd-mirror/nvdcve-1.1-modified.json.gz'
urlBase = 'https://freedumbytes.gitlab.io/setup/nist-nvd-mirror/nvdcve-1.1-%d.json.gz'
}
pankajkrastogi
on 22 Apr 2021
👍2
😕1
Anyway, I'd frustrated for years because NIST hasn't announce digital signature for NVD feed. It suggest to trust to vendor.
Yeah, I get the trouble. This is not personal.
And I get the change in the cyber space where PTAs have targeted and are targeting infra systems to widely inject whatever. I'm sure there's good actors as well with deadlines and what not but it's better people stop to think about the risks they take.
Anyway, +1 for NIST signing NVD feeds and everyone else using better crypto signing to avoid bypasses with whatever motives.
vilvo
on 22 Apr 2021
@vilvo I haven't mean you personal. Sorry if I made this point.
I just very surprised that it haven't used any signature. Very surprised.
Because right now a random government agency like DMV probably has better security than NIST when it publish an actual list of security issues.
But, it is off-topic here.
catap
on 22 Apr 2021
👍1
I'm working with:
dependencyCheck {
autoUpdate = false
}
This prevent that fails and maintain the previous database meanwhile from the NIST fix the problem. I think that it's better than use another database.
javintx
on 22 Apr 2021
👍3
@javintx until someone is used CI which is run on fresh machine for each build for example :)
catap
on 22 Apr 2021
👍7
@javintx until someone is used CI which is run on fresh machine for each build for example :)
Yes! You are rigth! :) But, it is another solution for some.
javintx
on 22 Apr 2021
@catap same here, disabled OSS checks on our CI job, while this gets fixed :(
arnoldasbet
on 22 Apr 2021
This is entirely an issue with the NVD data feeds having several invalid CPEs.
jeremylong
on 22 Apr 2021
👍3
👎1
same here. In Maven you can use
goodale
on 22 Apr 2021
👍2
same here
deepakthankachan
on 22 Apr 2021
Email response from [email protected]
Good morning,
Thank you for bringing this to our attention. We are investigating the issue and currently working towards a resolution. We apologize for the inconvenience.
V/r,
National Vulnerability Database Team
magJ
on 22 Apr 2021
👍12
Impacted too
eballetbaz
on 22 Apr 2021
@NISTcyber
路
11m
We have resolved the issue where data feed files were not properly replicating to their intended destinations. However, we are currently investigating and working towards a resolution for multiple unintended formatting changes to the JSON feeds that have been reported by others.
meh still waiting for the fix that works :)
[ERROR] java.util.concurrent.ExecutionException: java.lang.NullPointerException
👍2
@jeremylong This is entirely an issue with the NVD data feeds having several invalid CPEs.
No it isn't. It is an issue with DependencyCheck crashing when it receives invalid CPEs. Invalid CPEs in the feed should be a loud warning. It might even be reasonable to fail the dependency check if the project is using packages that have been misdeclared. It certainly isn't reasonable that everyone's CI is toast just because of one malformed feed.
ewanmellor
on 23 Apr 2021
👍14
The NVD data feed seems to be fixed. It works again for me.
FabianSawatzki1234
on 23 Apr 2021
👍18
🚀6
Yes working again for me too
eballetbaz
on 23 Apr 2021
I am still impacted .. what is needed to get that fixed ?
Caused by: java.lang.NullPointerException
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.lambda$testCveCpeStartWithFilter$0 (NvdCveParser.java:149)
at java.util.stream.MatchOps$1MatchSink.accept (MatchOps.java:90)
at java.util.ArrayList$ArrayListSpliterator.tryAdvance (ArrayList.java:1361)
at java.util.stream.ReferencePipeline.forEachWithCancel (ReferencePipeline.java:126)
at java.util.stream.AbstractPipeline.copyIntoWithCancel (AbstractPipeline.java:499)
at java.util.stream.AbstractPipeline.copyInto (AbstractPipeline.java:486)
at java.util.stream.AbstractPipeline.wrapAndCopyInto (AbstractPipeline.java:472)
at java.util.stream.MatchOps$MatchOp.evaluateSequential (MatchOps.java:230)
at java.util.stream.MatchOps$MatchOp.evaluateSequential (MatchOps.java:196)
at java.util.stream.AbstractPipeline.evaluate (AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.anyMatch (ReferencePipeline.java:516)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.testCveCpeStartWithFilter (NvdCveParser.java:149)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse (NvdCveParser.java:100)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON (ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles (ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call (ProcessTask.java:40)
at java.util.concurrent.FutureTask.run (FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624)
at java.lang.Thread.run (Thread.java:748)
[WARNING] A new version of dependency-check is available. Consider updating to version 6.1.5.
[WARNING] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
cforce
on 26 Apr 2021
Was this page helpful?
0 / 5 - 0 ratings
Related issues
albuch
路
16Comments
MMirabito
路
27Comments
Jayaramvenkat
路
19Comments
Vampire
路
15Comments
emartynov
路
24Comments
Most helpful comment
The NVD data feed seems to be fixed. It works again for me.