Jeremy Long

Only time I've run into this is if I have the re-built the project without cleaning. Not sure how you upgraded - did you just copy the contents of the...

Use the Maven or Gradle plugin to scan your Java projects. Avoid the CLI/Docker/GitHub Action.

The only thing I've created is the documentation: - https://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html - https://jeremylong.github.io/DependencyCheck/data/index.html - https://jeremylong.github.io/DependencyCheck/data/mirrornvd.html - https://jeremylong.github.io/DependencyCheck/data/cacheh2.html

If you were going to use the datafeed - unfortunately the 1.1 data feed from the NVD is not compatible with ODC since the 9.0 version. In fact, the NVD...

likely within 2 weeks..

I don't think it is "documented" anywhere but the source code. Luckily - just look for URLs in https://github.com/jeremylong/DependencyCheck/blob/main/core/src/main/resources/dependencycheck.properties There aren't that many.

The `nvd.api.datafeed.url` isn't used unless you specifically set it.

We would need sample projects that demonstrate this behavior. Additionally, I recommend switching to the maven or gradle plugin and not rely on the CLI.

@Muskan-0618 please read my comment above: https://github.com/jeremylong/DependencyCheck/issues/6481#issuecomment-1973154379

@aikebah I think we can do better on the caching for the OSS Index... but saving the data folder between scans is something far too few users do and it...