NVD Returned Status Code: 403, 9.0.7 #6332
Comments
|
See #6294 (comment) Have you checked if you API key is valid? If the following command does not return JSON your key is likely invalid (of course adding your API key instead of ***). curl -H "Accept: application/json" -H "apiKey: ***" -v https://services.nvd.nist.gov/rest/json/cves/2.0\?cpeName\=cpe:2.3:o:microsoft:windows_10:1607:\*:\*:\*:\*:\*:\*:\* |
Yes, just now rechecked it and it returns JSON |
|
What version of ODC are you using (cli, maven, gradle, ?) and how are you configuring the API key? |
|
I still see the same for one of our projects. Tried both 9.0.6 and 9.0.7. Multiple different API-keys, and checked that they are all valid (they work locally, but not with Circle Ci) We use the Gradle ODC, apiKey is configured in build.gradle: |
|
I am unsure what is wrong in the Circle CI environment. If things are working locally the issue is with the CircleCI environment; since I don't use CircleCI I'm not sure I can be of much help. It looks like the API key is not correct in the CI env. |
ODC: 9.0.7 (gradle), |
I have SSHed into the Circle Ci environment and added the API-key directly to the build.gradle block also, same error. The error does appear locally sometimes to, but it has the benefit that a partially loaded DB can be added upon upon reruns because of the cache, but that is not as easily done between CI runs. |
I've rechecked what the status returns query with wrong API key and this status is 404 |
|
@khshanovskyi I might try something like: task echoKey {
doLast {
apiKey = findProperty('DC_NVD_API_KEY') ?: System.getenv('DC_NVD_API_KEY') ?: "FAKE_DC_NVD_API_KEY"
logger.info("nvd api key: {apiKey}")
}
}to validate that the key is being retrieved correctly. If it is, I would then try the curl command to see if the key is actually valid. |
|
Is that correct and valid syntax for build.gradle? in the console |
|
Just adding some additional information that might be relevant. We have multiple runners configured for our CI environment. Our nodes are in different geo-locations. We consistently get 403s on some of the nodes and success on the other. |
we have the same issue actually |
|
@jeremylong |
|
increase the delay: #6333 |
|
@jeremylong |
|
Thanks again @jeremylong , superb follow up. Adding delay = 5000 fixed it for us as well. While you are at it, would you consider adding better logging for this issue? I was looking trough the logs/stacktrace for an entire day, and it was not obvious that the issue had anything to do with timeouts Thanks! 🙏 |
[semver:patch] Increase NVD api delay (#27) jeremylong/DependencyCheck#6332
Hi,
I've seen the topic 6157 and 6149 but I will be honest haven't catch how to resolve it.
Can you please clarify how I can handle this one?
(I have NVD API key, and it is valid, I've checked via that curl command that you left in description)
The text was updated successfully, but these errors were encountered: