which mvn cmd do in need to issue to trigger the check? mvn clean install didn't for me. Am I missing something?
BR Maruan Am Donnerstag, dem 21.03.2024 um 17:24 +0100 schrieb Tilman Hausherr: > Jeremy Long wrote something that I haven't really understood. Maybe > it > means building the NVD archive on a separate system and then > transferring it. > > https://github.com/jeremylong/DependencyCheck/issues/6515#issuecomment-2011824975 > > However a leter message in the same issue made more sense, I'm > testing > locally with > <nvdDatafeedUrl> > https://dependency-check.github.io/DependencyCheck_Builder/nvd_cache/ > </nvdDatafeedUrl> > > Tilman > > On 21.03.2024 09:48, sahy...@fileaffairs.de wrote: > > Mhmm - is there a way to build locally and test the NVD update? > > > > Ran it on a different project I have for a client locally and NVD > > update worked without issues and without an API key. > > > > BR > > Maruan > > > > Am Donnerstag, dem 21.03.2024 um 08:36 +0100 schrieb Tilman > > Hausherr: > > > I meant adding <skip>true</skip> to the <configuration> part. > > > > > > Something isn't ok with NVD, maybe it got worse since then: > > > https://blog.fefe.de/?ts=9b0740e0 > > > https://www.heise.de/news/Sicherheitsforscher-genervt-Luecken-Datenbank-NVD-seit-Wochen-unvollstaendig-9656574.html > > > > > > Tilman > > > > > > On 20.03.2024 22:05, Andreas Lehmkühler wrote: > > > > > > > > Am 20.03.24 um 21:16 schrieb Tilman Hausherr: > > > > > If you still have the time, you could add a "skip" for that > > > > > plugin; > > > > > the last successful build was this morning and no library > > > > > changes > > > > > were made since then. (and we still have a few days to find > > > > > out > > > > > if > > > > > any libraries are now considered risky) > > > > Good idea, but -Ddependency-check.skip=true doesn't work > > > > either, it > > > > still tries to update :-( > > > > > > > > I'm going to continue tomorrow .... > > > > > > > > Andreas > > > > > > > > > Tilman > > > > > > > > > > On 20.03.2024 21:13, Tilman Hausherr wrote: > > > > > > Seems it's a general problem: > > > > > > https://github.com/jeremylong/DependencyCheck/issues/6515#issuecomment-2009879851 > > > > > > > > > > > > > > > > > > > > > > > > it also hangs on my local machine now, I don't have an API > > > > > > key. > > > > > > > > > > > > Tilman > > > > > > > > > > > > > > > > > > On 20.03.2024 20:57, Andreas Lehmkühler wrote: > > > > > > > Hi, > > > > > > > > > > > > > > I'm trying to cut the 2.0.31 release but it always hangs > > > > > > > when > > > > > > > the > > > > > > > build tries to update the NVD data. > > > > > > > > > > > > > > Last week when I built the 3.0.2 release I had a similar > > > > > > > effect. > > > > > > > The update was very slow but in the end it came to an end > > > > > > > worked. > > > > > > > > > > > > > > Now, nothing happens, the last words are > > > > > > > > > > > > > > [INFO] [WARNING] An NVD API Key was not provided - it is > > > > > > > highly > > > > > > > recommended to use an NVD API key as the update can take > > > > > > > a > > > > > > > VERY > > > > > > > long time without an API Key > > > > > > > > > > > > > > nothing more after that. It simply hangs > > > > > > > > > > > > > > I've requested an api key, got one and now I'm trying to > > > > > > > get > > > > > > > it > > > > > > > work, but it doesn't. > > > > > > > > > > > > > > I've tried > > > > > > > > > > > > > > * the mvn option -DnvdApiKey=xxxx > > > > > > > * define a server "nvd" in .m2/settings.xml including the > > > > > > > key > > > > > > > and > > > > > > > add -DnvdApiServerId=nvd to the commandline > > > > > > > * define the environment variable NVD_API_KEY and add > > > > > > > -DnvdApiKeyEnvironmentVariable=NVD_API_KEY to the > > > > > > > commandline > > > > > > > > > > > > > > Nothing works, I've always got those famous words: An NVD > > > > > > > API > > > > > > > Key > > > > > > > was not provide .... > > > > > > > > > > > > > > > > > > > > > Any idea to get around this? > > > > > > > > > > > > > > Andreas > > > > > > > > > > > > > > P.S.: I'm on linux using coretto-8.332 and mvn 3.9.3 > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------- > > > > > > > ---- > > > > > > > -------- > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > > > > > > For additional commands, e-mail: > > > > > > > dev-h...@pdfbox.apache.org > > > > > > > > > > > > > > > > > > > ----------------------------------------------------------- > > > > > > ---- > > > > > > ------ > > > > > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > > > > > For additional commands, e-mail: dev-h...@pdfbox.apache.org > > > > > > > > > > > > > > > > ------------------------------------------------------------- > > > > > ---- > > > > > ---- > > > > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > > > > For additional commands, e-mail: dev-h...@pdfbox.apache.org > > > > > > > > > --------------------------------------------------------------- > > > > ---- > > > > -- > > > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > > > For additional commands, e-mail: dev-h...@pdfbox.apache.org > > > > > > > > > > ----------------------------------------------------------------- > > > ---- > > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > > For additional commands, e-mail: dev-h...@pdfbox.apache.org > > > > > > > ------------------------------------------------------------------- > > -- > > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > > For additional commands, e-mail: dev-h...@pdfbox.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org > For additional commands, e-mail: dev-h...@pdfbox.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
