-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DependencyCheck no longer working #6853
Comments
Is that latest version in Azure Marketplace? We have to install it from there to use in our Azure pipelines..
Thanks,
Chelsea Sweeney
IT Platform Administrator II, Application Development
NORIDIAN HEALTHCARE SOLUTIONS LLC, FARGO
701-277-6624
***@***.******@***.***>
www.noridian.com<http://www.noridian.com/> | www.noridianmedicare.com<http://www.noridianmedicare.com/>
[NAS email signature logo]
Confidentiality Notice: This communication and any attachments are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient(s), please contact the sender by replying to this e-mail and destroy/delete all copies of this e-mail message.
From: Chad Wilson ***@***.***>
Sent: Wednesday, July 17, 2024 12:26 PM
To: jeremylong/DependencyCheck ***@***.***>
Cc: Chelsea Sweeney ***@***.***>; Author ***@***.***>
Subject: Re: [jeremylong/DependencyCheck] DependencyCheck no longer working (Issue #6853)
You don't often get email from ***@***.*** Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
WARNING: This is an external email.
Do not click links or open attachments unless you recognize the sender and know the content is safe.
#6817<#6817>
-
Reply to this email directly, view it on GitHub<#6853 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BJ4DTZPE32OB7LNJ65SJEULZM2SKZAVCNFSM6AAAAABLBBSDBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZTHAZDMNRQHA>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
The Azure DevOps plugin is not maintained by this project, but I believe you can tell it whet underlying ODC version to use - or it defaults to the latest version by default. If your pipelines are using an old version you should check your configuration. Perhaps you have fixed the version or are using a custom repo to download dependency check itself (which has an old version). |
How do you update the version? It is currently pointing to - dependency-check-9.2.0-release we use onprem Azure When setting it up we had to place the dependency check folder onto the server. Seeing where I could find the latest dependency check to place on the server in the hopes it will resolve?? I am newer to this application and how it all works - Thank you so much for your help/assistance on this.
Thanks,
Chelsea Sweeney
IT Platform Administrator II, Application Development
NORIDIAN HEALTHCARE SOLUTIONS LLC, FARGO
701-277-6624
***@***.******@***.***>
www.noridian.com<http://www.noridian.com/> | www.noridianmedicare.com<http://www.noridianmedicare.com/>
[NAS email signature logo]
Confidentiality Notice: This communication and any attachments are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient(s), please contact the sender by replying to this e-mail and destroy/delete all copies of this e-mail message.
From: Chad Wilson ***@***.***>
Sent: Wednesday, July 17, 2024 1:01 PM
To: jeremylong/DependencyCheck ***@***.***>
Cc: Chelsea Sweeney ***@***.***>; Author ***@***.***>
Subject: Re: [jeremylong/DependencyCheck] DependencyCheck no longer working (Issue #6853)
You don't often get email from ***@***.*** Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
WARNING: This is an external email.
Do not click links or open attachments unless you recognize the sender and know the content is safe.
The Azure DevOps plugin is not maintained by this project, but I believe you can tell it whet underlying ODC version to use < or it defaults to the latest version by default.
If your pipelines are using an old version you should check your configuration. Perhaps you have fixed the version or are using a custom repo to download dependency check itself (which has an old version).
-
Reply to this email directly, view it on GitHub<#6853 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BJ4DTZJKDISEQAY37JCG6DLZM2WNNAVCNFSM6AAAAABLBBSDBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZTHEYDIOJUGA>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Not 100% sure, I don't use ADO. But probably needs you to download one of the release zips from https://github.com/jeremylong/DependencyCheck/releases and put it in the right location. Otherwise you might need to ask over at https://github.com/dependency-check/azuredevops |
Sounds great - I will try that. Thank you again for all your help/insight.
Thanks,
Chelsea Sweeney
IT Platform Administrator II, Application Development
NORIDIAN HEALTHCARE SOLUTIONS LLC, FARGO
701-277-6624
***@***.******@***.***>
www.noridian.com<http://www.noridian.com/> | www.noridianmedicare.com<http://www.noridianmedicare.com/>
[NAS email signature logo]
Confidentiality Notice: This communication and any attachments are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient(s), please contact the sender by replying to this e-mail and destroy/delete all copies of this e-mail message.
From: Chad Wilson ***@***.***>
Sent: Wednesday, July 17, 2024 1:26 PM
To: jeremylong/DependencyCheck ***@***.***>
Cc: Chelsea Sweeney ***@***.***>; Author ***@***.***>
Subject: Re: [jeremylong/DependencyCheck] DependencyCheck no longer working (Issue #6853)
You don't often get email from ***@***.*** Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
WARNING: This is an external email.
Do not click links or open attachments unless you recognize the sender and know the content is safe.
Not 100% sure, I don't use ADO.
But probably needs you to download one of the release zips from https://github.com/jeremylong/DependencyCheck/releases and put it in the right location.
Otherwise you might need to ask over at https://github.com/dependency-check/azuredevops
-
Reply to this email directly, view it on GitHub<#6853 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BJ4DTZNTV6QGL3VRJQQXMO3ZM2ZLJAVCNFSM6AAAAABLBBSDBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZTHE3TMNRUGI>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
OWASP pipeline had been working as needed/expected in Azure pipeline. Within the last week-all pipelines are failing saying:
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error
Please ensure your API Key is valid; see https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#api-key-is-used-and-a-403-or-404-error-occurs
If your NVD API Key is valid try increasing the NVD API Delay.
If this is ocurring in a CI environment
[ERROR] No documents exist
Dependency Check completed with exit code 13.
Dependency Check reports:
[]
Dependency Check failed with message "Dependency Check exited with an error code (exit code: 13)."
##[error]Dependency Check exited with an error code (exit code: 13).
I ensured API is good. Not sure what changed that it is now not working...
Version of dependency-check used
Dependency-Check Core version 9.2.0
Expected behavior
For it to succeed if no vulnerabilities or fail and produce report with vulnerabilities
Additional context
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error
The text was updated successfully, but these errors were encountered: