Mhmm - is there a way to build locally and test the NVD update? Ran it on a different project I have for a client locally and NVD update worked without issues and without an API key.
BR Maruan Am Donnerstag, dem 21.03.2024 um 08:36 +0100 schrieb Tilman Hausherr: > I meant adding <skip>true</skip> to the <configuration> part. > > Something isn't ok with NVD, maybe it got worse since then: > https://blog.fefe.de/?ts=9b0740e0 > https://www.heise.de/news/Sicherheitsforscher-genervt-Luecken-Datenbank-NVD-seit-Wochen-unvollstaendig-9656574.html > > Tilman > > On 20.03.2024 22:05, Andreas Lehmkühler wrote: > > > > > > Am 20.03.24 um 21:16 schrieb Tilman Hausherr: > > > If you still have the time, you could add a "skip" for that > > > plugin; > > > the last successful build was this morning and no library changes > > > were made since then. (and we still have a few days to find out > > > if > > > any libraries are now considered risky) > > Good idea, but -Ddependency-check.skip=true doesn't work either, it > > still tries to update :-( > > > > I'm going to continue tomorrow .... > > > > Andreas > > > > > > > > Tilman > > > > > > On 20.03.2024 21:13, Tilman Hausherr wrote: > > > > Seems it's a general problem: > > > > https://github.com/jeremylong/DependencyCheck/issues/6515#issuecomment-2009879851 > > > > > > > > > > > > > > > > it also hangs on my local machine now, I don't have an API key. > > > > > > > > Tilman > > > > > > > > > > > > On 20.03.2024 20:57, Andreas Lehmkühler wrote: > > > > > Hi, > > > > > > > > > > I'm trying to cut the 2.0.31 release but it always hangs when > > > > > the > > > > > build tries to update the NVD data. > > > > > > > > > > Last week when I built the 3.0.2 release I had a similar > > > > > effect. > > > > > The update was very slow but in the end it came to an end > > > > > worked. > > > > > > > > > > Now, nothing happens, the last words are > > > > > > > > > > [INFO] [WARNING] An NVD API Key was not provided - it is > > > > > highly > > > > > recommended to use an NVD API key as the update can take a > > > > > VERY > > > > > long time without an API Key > > > > > > > > > > nothing more after that. It simply hangs > > > > > > > > > > I've requested an api key, got one and now I'm trying to get > > > > > it > > > > > work, but it doesn't. > > > > > > > > > > I've tried > > > > > > > > > > * the mvn option -DnvdApiKey=xxxx > > > > > * define a server "nvd" in .m2/settings.xml including the key > > > > > and > > > > > add -DnvdApiServerId=nvd to the commandline > > > > > * define the environment variable NVD_API_KEY and add > > > > > -DnvdApiKeyEnvironmentVariable=NVD_API_KEY to the commandline > > > > > > > > > > Nothing works, I've always got those famous words: An NVD API > > > > > Key > > > > > was not provide .... > > > > > > > > > > > > > > > Any idea to get around this? > > > > > > > > > > Andreas > > > > > > > > > > P.S.: I'm on linux using coretto-8.332 and mvn 3.9.3 > > > > > > > > > > > > > > > ------------------------------------------------------------- > > > > > -------- > > > > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > > > > For additional commands, e-mail: dev-h...@pdfbox.apache.org > > > > > > > > > > > > > > > > > --------------------------------------------------------------- > > > > ------ > > > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > > > For additional commands, e-mail: dev-h...@pdfbox.apache.org > > > > > > > > > > > > > ----------------------------------------------------------------- > > > ---- > > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > > For additional commands, e-mail: dev-h...@pdfbox.apache.org > > > > > > > ------------------------------------------------------------------- > > -- > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > For additional commands, e-mail: dev-h...@pdfbox.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > For additional commands, e-mail: dev-h...@pdfbox.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
