Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Build fails on dependency check #22

Open
brentonrace opened this issue Dec 11, 2020 · 1 comment
Open

Build fails on dependency check #22

brentonrace opened this issue Dec 11, 2020 · 1 comment

Comments

@brentonrace
Copy link

brentonrace commented Dec 11, 2020
edited
Loading

Running ./gradlew build on a clean checkout fails with error:
Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta; received 404 -- resource not found

This seems to be a problem with the dependencycheck plugin that is fixed from version 5.2.3 onwards, as per this comment on the dependencycheck repo.

I believe this can be fixed simply by updating the org.owasp.dependencycheck plugin version in build.gradle to use the latest version.
@brentonrace
Copy link
Author

After getting past the above, I had to update the following dependencies where the old version was flagged with known vulnerabilities by the dependency check:

  implementation 'com.microsoft.azure:azure-keyvault:1.2.4'
  implementation 'org.apache.httpcomponents:httpclient:4.5.13'
  implementation 'com.fasterxml.jackson.core:jackson-databind:2.10.5.1'

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brentonrace