Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to continue dependency-check analysis. #1484

Closed
Masood-Iqlect opened this issue Sep 11, 2018 · 9 comments
Closed

Unable to continue dependency-check analysis. #1484

Masood-Iqlect opened this issue Sep 11, 2018 · 9 comments
Labels
pending more information question

Comments

@Masood-Iqlect
Copy link

ubuntu@masood:~/Downloads/dependency-check/bin$ ./dependency-check.sh --project test --scan /home/ubuntu/Downloads/jquery-master --out /home/ubuntu/Documents --log dc.log
[INFO] Checking for updates
[INFO] starting getUpdatesNeeded() ...
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[WARN] Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[INFO] If you are behind a proxy you may need to configure dependency-check to use the proxy.
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[WARN] Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[ERROR] No documents exist

Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Unable to download the NVD CVE data.
[ERROR] No documents exist
@Masood-Iqlect
Copy link
Author

Please help me to rectify the issue

@TobiX
Copy link
Contributor

TobiX commented Sep 11, 2018

Please install ca-certificates-java or read #177 for potential other workarounds/fixes.

@jeremylong
Copy link
Owner

@Masood-Iqlect were you able to solve this issue? It looks like you might be using an old version of Java that does not contain the necessary certs. You can, as the error states, install the certs or upgrade Java.

@Masood-Iqlect
Copy link
Author

Masood-Iqlect commented Sep 17, 2018 via email

@Masood-Iqlect
Copy link
Author

installed ca-certificates and update the Java version also but same error is coming.

./dependency-check.sh --project test --scan /home/ubuntu/Downloads/javax.mail-api-1.4.7.jar --out /home/ubuntu/Documents/
[INFO] Checking for updates
[INFO] starting getUpdatesNeeded() ...
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[WARN] Unable to download the NVD CVE data; the results may not include the most recent CPE/CVEs from the NVD.
[INFO] If you are behind a proxy you may need to configure dependency-check to use the proxy.
[INFO] Error making HTTPS request - InvalidAlgorithmParameterException
[WARN] Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[INFO] There appears to be an issue with the installation of Java and the cacerts.See closed issue #177 here: #177
[INFO] Java Info:
javax.net.ssl.keyStore='null'
java.version='1.8.0_181'
java.vendor='Oracle Corporation'
[ERROR] No documents exist

Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Unable to download the NVD CVE data.
[ERROR] No documents exist

@jeremylong
Copy link
Owner

Can you post the dc.log file? Any chance you are behind a proxy?

@Masood-Iqlect
Copy link
Author

Masood-Iqlect commented Sep 18, 2018 via email

@jeremylong
Copy link
Owner

As asked above - can you provide the full dc.log?

@b-smyth
Copy link

b-smyth commented Jan 23, 2019
edited
Loading

Hello @Masood-Iqlect
Did you get sorted? I was having the same issue.

How I got around it was to:

  1. goTo https://nvd.nist.gov/
  2. Click on the lock icon in the URL and view the certificate.
  3. Download nvd.nist.gov.cer
  4. In a terminal go to ~/Downloads
  5. Run: keytool -importcert -file nvd.nist.gov.cer -alias nvd -keystore $JAVA_HOME/jre/lib/security/cacerts (password = 'changeit')
  6. Run: export MAVEN_OPTS="-Djavax.net.ssl.keyStore=$JAVA_HOME/jre/lib/security/cacert -Djavax.net.ssl.keyStorePassword=changeit -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Ddownloader.quick.query.timestamp=false"
  7. mvn dependency-check:check

Now works:

[INFO] --- dependency-check-maven:3.3.3:check (default-cli) @ account ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] starting getUpdatesNeeded() ...
[INFO] NVD CVE requires several updates; this could take a couple of minutes.
[INFO] Download Started for NVD CVE - 2005
[INFO] Download Started for NVD CVE - 2003
[INFO] Download Started for NVD CVE - 2006
[INFO] Download Started for NVD CVE - 2004
[INFO] Download Started for NVD CVE - 2007
[INFO] Download Started for NVD CVE - 2002
[INFO] Download Complete for NVD CVE - 2003 (13917 ms)
[INFO] Download Started for NVD CVE - 2008
[INFO] Processing Started for NVD CVE - 2003
[INFO] Download Complete for NVD CVE - 2004 (16300 ms)
[INFO] Processing Started for NVD CVE - 2004
[INFO] Download Started for NVD CVE - 2009
[INFO] Download Complete for NVD CVE - 2005 (18495 ms)
[INFO] Download Started for NVD CVE - 2010
[INFO] Processing Started for NVD CVE - 2005
[INFO] Processing Complete for NVD CVE - 2003 (4621 ms)

@lock lock bot locked and limited conversation to collaborators May 28, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
pending more information question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@TobiX @jeremylong @b-smyth @Masood-Iqlect