Hi Sumesh,
We have abandoned this feature for years as it was no longer usable (too much
false positive in large numbers).
https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check
The last time I tried to use it was after the last commit for
https://issues.apache.org/jira/browse/OFBIZ-10700
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/build.gradle?r1=1854818&r2=1854817&pathrev=1854818
I just tried and got this:
C:\projectsASF\Git\ofbiz-framework>gradlew -PenableOwasp dependencyCheckAnalyze
Starting a Gradle Daemon (subsequent builds will be faster)
[...]
> Task :dependencyCheckAnalyze
Verifying dependencies for project ofbiz
Checking for updates and analyzing dependencies for vulnerabilities
An NVD API Key was not provided - it is highly recommended to use an NVD API
key as the update can take a VERY long time without an API Key
Actually nothing happens in a reasonable time and I bet it would be mostly
unusable. You though may try to follow the NVD API key way, whatever it is.
I forgot to remove this information in the main README files (actually in all
OFBiz versions supported). You see the README trunk version GH repo.
Thanks to your report I'll remove this information and the related code in a
week, except if you come back with something positive.
Jacques
Le 17/06/2024 à 14:40, Sumesh Acharya a écrit :
Hello Community,
I tried executing the command given in the github repo for starting the task
but it is getting failed after sometime with non-200 status code. i have added
the logs from the terminal please let me know how to resolved it.
----------------------------------------------------------------------------------------------------------
$ gradle -PenableOwasp dependencyCheckAnalyze
Starting a Gradle Daemon (subsequent builds will be faster)
Task :dependencyCheckAnalyze
Verifying dependencies for project ofbiz
Checking for updates and analyzing vulnerabilities for dependencies
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
IO Exception: HEAD request returned a non-200 status code
Task :dependencyCheckAnalyze FAILED
Unable to download the NVD CVE data; the results may not include the most
recent CPE/CVEs from the NVD.
Unable to update Cached Web DataSource, using local data instead. Results may
not include recent vulnerabilities.
No documents exist
Unable to continue dependency-check analysis.
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':dependencyCheckAnalyze'.
Analysis failed.
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug
option to get more log output. Run with --scan to get full insights.
* Get more help athttps://help.gradle.org
BUILD FAILED in 2m 52s
1 actionable task: 1 executed
Regards,
Sumesh
--------------------------------------------------------------------------------------------
