1

We are getting the following error in our project, when will this URL be back?

> Task :dependencyCheckAnalyze
 Verifying dependencies for project cckm-app
 Checking for updates and analyzing dependencies for vulnerabilities
 Error retrieving https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta; received response code 404.
 Unable to continue dependency-check analysis.
 Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
 > Task :dependencyCheckAnalyze FAILED
 FAILURE: Build failed with an exception.
Ashwani
  • 1,340
  • 1
  • 16
  • 34
  • Our team had a similar issue (SSL error for the new database) but did not have any luck following the 6.0.0 upgrade note on the project's GitHub README.md: https://github.com/jeremylong/DependencyCheck. Sharing it here just in case it helps others. – Stephen Rudolph Sep 24 '20 at 18:47

2 Answers2

2

@Ashwani, we are seeing the same. The NIST NVD feeds (both 1.0 and 1.1) were having issues last week. The 1.1 feed (https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta) looks as if it is working correctly again today. However, the 1.0 feed still looks like it is offline or broken. We've been unable thus far to try and make anyone at NIST aware of any potential issue with the feed.

ouosvavv
  • 33
  • 5
1

nist have renamed this file to 1.1 in their next update:

check this changelog

New file's link is:

https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta

and This file was being used by Owasp-dependecy-check-gradle in our case, so we updated that to 6.0.1 version: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html

Ashwani
  • 1,340
  • 1
  • 16
  • 34