Jeremy Long

Note that while we created https://github.com/jeremylong/Open-Vulnerability-Project/pull/158 - there are no impactful changes due to the schema change.

Following either of these should help in the long term: - https://jeremylong.github.io/DependencyCheck/data/cacheh2.html - https://jeremylong.github.io/DependencyCheck/data/mirrornvd.html

100% agree - but this project doesn't own or contribute to the NVD API. We just use the API.

Yes On Fri, Jun 14, 2024, 11:43 AM Nishith N ***@***.***> wrote: > Will removing the NVD API key in my maven pom still try to hit the NVD API?...

Take a look at options 2-4: https://jeremylong.github.io/DependencyCheck/data/index.html

The purpose of having it all bundled is to have a single file that is completely contained so that it can easily be viewed offline. Regarding the JENKINS report -...

I wonder if this bug is now located in https://github.com/stevespringett/CPE-Parser I'll have to do some testing.

Have you considered installing the dotnet 6 runtime as well as dotnet 7?

Likely need to. Only issue is that I'm fairly tied up with non-OSS work atm. We accept PRs: https://github.com/jeremylong/GrokAssembly It'll likely look a lot like this [PR](https://github.com/jeremylong/GrokAssembly/pull/4)

See https://github.com/jeremylong/DependencyCheck/pull/6580 We will be releasing an updated version that will require dotnet 8.