NVD Mirror Returned Status Code: 503 #3927
Comments
|
I think this can be related to jeremylong/DependencyCheck#6746 and everything around it. I assume #3926 is going to fix this. At least since NVD rolled out the new field in their API there was never a successful update of the NVD CVEs anymore in my dtrack installation. |
|
Sadly the NVD API has been flaky from the very beginning. Related DC issue would be jeremylong/DependencyCheck#6758. The API returning 503s is not something we can do anything about. The library that interacts with the API is already performing numerous retries. FWIW, remember that you can still mirror the NVD via the feed file based approach - simply disable API mirroring in the settings. We left that capability in for precisely this reason. |
|
I think even with NVD Api key theres no successful ingest of NVD data via API right now because the lib dtrack uses under the hood is broken in that version and fails with these "retry" errors even though theres an exception or is blocked completely by NVD. Same was true for the mvn/gradle plugins of dependency check. #3926 is going to fix this. |
|
Sigh I guess you're right. Tested API mirroring with v4.11.4 and |
nscuro
added
p2
|
I've tested the v4.11.5, seems that it fixed the issue. |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Current Behavior
2024-07-08 10:08:08,443 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 5 time
2024-07-08 10:08:10,049 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 6 time
2024-07-08 10:08:11,955 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 7 time
2024-07-08 10:08:24,709 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 8 time
2024-07-08 10:09:33,776 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 5 time
2024-07-08 10:09:35,382 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 6 time
2024-07-08 10:09:37,296 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 7 time
2024-07-08 10:09:39,503 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 8 time
2024-07-08 10:09:42,009 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 9 time
2024-07-08 10:09:44,814 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 10 time
2024-07-08 10:09:47,920 [] WARN [io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryStrategy] NVD API request failures are occurring; retrying request for the 11 time
2024-07-08 10:09:48,137 [] ERROR [org.dependencytrack.tasks.NistApiMirrorTask] An unexpected error occurred while mirroring the contents of the National Vulnerability Database
io.github.jeremylong.openvulnerability.client.nvd.NvdApiException: NVD Returned Status Code: 503
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:359)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:343)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:343)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:343)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:343)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:343)
at org.dependencytrack.tasks.NistApiMirrorTask.inform(NistApiMirrorTask.java:157)
at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
2024-07-08 10:09:48,137 [] INFO [org.dependencytrack.tasks.NistApiMirrorTask] Mirroring of 0 CVEs completed in PT4M47.995753241S
Steps to Reproduce
1.Start DT
2. DT tries to Mirror the NVD DB
Expected Behavior
Successfully NVD Mirroring
Dependency-Track Version
4.11.3
Dependency-Track Distribution
Executable WAR
Database Server
Microsoft SQL Server
Database Server Version
No response
Browser
Microsoft Edge
Checklist
The text was updated successfully, but these errors were encountered: