-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports Unexpected response; status: 400 #6731
Comments
Having the same problem but only for some projects. [WARN] An error occurred while analyzing '/Users/[CUT]/Projects/[CUT]/app/init.py' (Sonatype OSS Index Analyzer). |
I've confirmed that it is a regression between 9.1.0 and 9.2.0. 9.1.0 finds 11 vulnerabilities among 5 dependencies
9.2.0 finds 2 vulnerabilities among 1 dependency:
|
@jeremylong any advice of where to look for this regression? the diff between 9.1.0 ... 9.20 is most dependabot and a new unrelated(?) analyzer. |
Describe the bug
Dependency Check fails with a 400 error when requesting something from the Sonatype OSS Index, leading to fewer CVEs found in the report and warnings in the job log like
An error occurred while analyzing requirements.txt (Sonatype OSS Index Analyzer).
Version of dependency-check used
The problem occurs using version 9.2.0 of the CLI -- both docker and brew packaging
Log file
https://gist.github.com/francisATgwn/ece673ba589b75110a3aeecc9354708e
To Reproduce
Steps to reproduce the behavior:
Expected behavior
[WARN] An error occurred while analyzing '...' (Sonatype OSS Index Analyzer).
does not appear in logorg.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports
appearing in the Analysis Exceptions section of the HTML reportAdditional context
This does not happen when run with the 8.4.3 docker image from the same environment on the same project at the same time.
The 8.4.3 CLI invocation is similar to the 9.2.0 invocation:
The text was updated successfully, but these errors were encountered: