-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updating from 11.1.0 -> 11.1.1 results to "Could not connect to Central search. Analysis failed." #7234
Comments
Central search is currently down: https://status.maven.org/ Previously, the gradle plugin did not rely on Central by default. FP/FN were identified because of differences between Maven and Gradle so we decided to re-enable the central search capability by default in the gradle plugin. If using the latest you can disable the central analyzer. |
Thanks, I tried with the |
@jeremylong I feel like this situation could be handled better by DependencyCheck. Currently it tries to search Central for every dependency until it eventually gives up after 7 tries. This causes builds with many dependencies to hang for a long time. In our case this took over an hour. I feel a better approach would be to either automatically disable the Central Search or completely fail the analysis after a certain amount of failed searches. |
@dkrowl - the gradle plugin is not maintained in this repo. You can see the change documented in the release notes here: https://github.com/dependency-check/dependency-check-gradle/releases/tag/v11.1.1 |
@Zuplyx good idea, that approach could likely be used for a few other external connections. Possibly even looking at status codes instead of just the number of failed attempts. We accept PRs if you've got time. |
hi @jeremylong we are encountering the issue too. what is the impact if we centralEnabled=false? |
You could end up with false negatives (i.e. unreported issues). See dependency-check/dependency-check-gradle#421 |
duplicate of #7232 |
I'm using the gradle plugin.
With 11.1.0 the plugin performs without errors but with 11.1.1 I get this error:
I can revert back to 11.1.0 and the errors disappear.
I can also add the
centralEnabled
to false but the summary in the final report is empty. Though the scan information seems to be correct.I'm behind a proxy BUT before there hasn't been a need to define proxy-information (nvd data comes from internal address etc.). I guess this is the problem now?
What has possibly changed between the 11.1.0 -> 11.1.1 versions that cause this?
The text was updated successfully, but these errors were encountered: