-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ODC container fails to connect to "central" #6994
Comments
Same error for us. Since the last time this worked, we haven't made any changes to my knowledge. The error appeared this morning |
I think this may be an issue on central itself, but I wouldn't be putting my hand in the fire for that. I just did a basic GET on the URI https://search.maven.org/solrsearch/select and it took a good 15 seconds to get an actual response (400) after the TLS was established... |
I think I hit the bulleye; https://status.maven.org/ |
That's right. Already spotted the status-mail flood in my mailbox. |
I've noticed the instability of the "legacy search" has been going around for ~ 2 weeks or so (i.e. CI jobs keeps failing on timeouts)... is that maven central service something the dependency checker cannot work without? (i.e. it is the "source of truth" same as NVD API for some required information) According to Maven Centrals FAQ the "legacy search API" is not in EoL (although the information related to future improvement plans seems to be few years old) and it seems to be the only available API to use the search functionality (or at least I couldn't find any alternatives from their documentation) -> there's probably no better working alternatives to use as the data source 🤔. p.s. I think that OWASP dependency checker is a great tool. Thank you for all the effort. 💚 |
Describe the bug
Since the last update, our jobs have been failing to execute the "Central Analyzer" ;
Version of dependency-check used
latest
Log file
To Reproduce
Steps to reproduce the behavior:
target
/usr/share/dependency-check/bin/dependency-check.sh --failOnCVSS 5 --noupdate --out "target" --scan 'target/**/*.jar' ${SUPPRESSION_FILE_PATH:+--suppression "$SUPPRESSION_FILE_PATH"}
Expected behavior
No error OR errors because of vulnerabilities found in the jars.
Additional context
This is ran in a pipeline with internet access, so the error makes no sense to me... I will try to confirm the direct connectivity to the default URI ;
The text was updated successfully, but these errors were encountered: