[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ realtimePaymachine ---
[INFO] Central analyzer disabled
[WARNING] The POM for com.oracle:ojdbc:jar:12.2.0.1 is missing, no dependency information available
[INFO] Checking for updates
[INFO] starting getUpdatesNeeded() ...
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2009.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2009.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2010.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2010.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2011.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2011.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2007.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2007.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2020.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2020.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2002.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2002.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2008.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2008.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2004.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2004.xml.gz
[ERROR] IO Exception connecting to https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2018.xml.gz: HEAD request returned a non-200 status code: https://nvd.nist.gov/feeds/xm
l/cve/2.0/nvdcve-2.0-2018.xml.gz
[WARNING] Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.
[INFO] If you are behind a proxy you may need to configure dependency-check to use the proxy.
[WARNING] Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] No documents exist
Unable to continue dependency-check analysis.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 13.128 s
[INFO] Finished at: 2020-03-11T23:10:47-06:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:4.0.2:check (default) on project realtimePaymachine: Fatal exception(s) analyzing realtimePaymachine: Unable
to continue dependency-check analysis.
[ERROR] Unable to download the NVD CVE data.
[ERROR] No documents exist
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
在pom.xml中,我添加了ojdbc依赖项
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc</artifactId>
<version>${ojdbc.version}</version>
<scope>provided</scope>
</dependency>
当我进行构建时,无法下载NVD CVE数据。我是否必须包含依赖项来重命名该问题或任何方式,以便我可以尝试所有可能的方式提供任何帮助?
通过cURL访问这些端点将提供以下输出:
curl -v https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2018.xml.gz
* Trying 2600:1f18:268d:1d01:f609:5e91:8a48:f546...
* TCP_NODELAY set
* Connected to nvd.nist.gov (2600:1f18:268d:1d01:f609:5e91:8a48:f546) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=Maryland; L=Gaithersburg; O=National Institute of Standards and Technology; OU=OISM; CN=nvd.nist.gov
* start date: Oct 15 00:00:00 2019 GMT
* expire date: Oct 15 12:00:00 2020 GMT
* subjectAltName: host "nvd.nist.gov" matched cert's "nvd.nist.gov"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET /feeds/xml/cve/2.0/nvdcve-2.0-2018.xml.gz HTTP/1.1
> Host: nvd.nist.gov
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 410 Data Feed/Service Retired
< server: Microsoft-IIS/8.5
< x-frame-options: SAMEORIGIN
< date: Thu, 12 Mar 2020 06:29:02 GMT
< content-length: 0
< strict-transport-security: max-age=31536000
它说410数据馈送/服务已退休,表明他们不再支持此服务/端点。
您上一次可以成功运行此检查的时间是?
UPDATE:
似乎他们的页面当前也确实很慢/无法访问:https://nvd.nist.gov/。我认为他们目前有一个问题。因此,请等待一段时间或暂时禁用该检查,以至少获得成功的构建。