Jeremy Long

In my limited spare time - I'm going to have to check the SQL statement used in https://github.com/jeremylong/DependencyCheck/blob/0e183dad9bc1bdabd24f24ba6837d07ff3c42741/core/src/main/java/org/owasp/dependencycheck/Engine.java#L641-L643

I have been planning to move to a different data source for a while. Doing so would have many benefits. I haven't started this effort as it will be a...

See https://github.com/dependency-check/dependency-check-gradle/issues/148#issuecomment-534820346

See https://jeremylong.github.io/DependencyCheck/data/index.html and https://jeremylong.github.io/DependencyCheck/data/mirrornvd.html

looks like you do not have the correct root cert in your cacerts file. Google usually helps: https://docs.mend.io/bundle/wsk/page/how_to_resolve_error_message__pkix_path_building_failed__sun_security_provider_certpath_suncertpathbuilderexception__unable_to_find_valid_certification_path_to_requested_target_.html

Unfortunately, due to [how dependency-check works](https://jeremylong.github.io/DependencyCheck/general/internals.html) currently false negatives like this do occur. Especially for the experimental analyzers. As the NVD is the current source and they use the vendor...

Apparently the NVD API - which is not controlled by this project is having issues. Not much I can do.

- Keep a copy of the DB after you create it (some actually just rebuild every scan which is horrifying): https://jeremylong.github.io/DependencyCheck/data/cacheh2.html - Create and use a mirror of the NVD:...

I just merged https://github.com/jeremylong/DependencyCheck/pull/6554 - so if people are having an issue due to the cvssMetricsV40 - that will be fixed with the next release.

Please see the documentation: https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html There are two analyzers that deal with nodeJS. So try: ``` --nodePackageSkipDevDependencies ``` Or even: ``` --disableNodeJS ``` I might go with the later as...