osv-scanner
osv-scanner copied to clipboard
google
Error while downloading the database in offline mode
I'm trying to use OSV-Scanner in the offline mode with the command:
osv-scanner --offline-vulnerabilities --download-offline-databases --sbom=bom.json
Output:
Scanned path/to/bom.json file and found 137 packages
Filtered 3 local/unscannable package/s from the scan.
Loaded PyPI local db from ~/.cache/osv-scanner/PyPI/all.zip
could not load db for Go ecosystem: unable to fetch OSV database: could not read OSV database archive from response: stream error: stream ID 3; NO_ERROR; received from peer
It was able to download the PyPI vulnDB but the connection terminated while it tried to download the Golang vulnDB.
I also re-ran the command with export GODEBUG=http2debug=2 set to get more insights. The dump shows:
Scanned /codemill/chheda/gauntlet_dep_test/SDNext/bom.json file and found 137 packages
Filtered 3 local/unscannable package/s from the scan.
http2: Transport failed to get client conn for osv-vulnerabilities.storage.googleapis.com:443: http2: no cached connection was available
http2: Transport creating client conn 0xc001ffb6c0 to 142.250.81.251:443
http2: Framer 0xc001fef180: wrote SETTINGS len=24, settings: ENABLE_PUSH=0, INITIAL_WINDOW_SIZE=4194304, MAX_FRAME_SIZE=16384, MAX_HEADER_LIST_SIZE=10485760
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=1073741824
http2: Framer 0xc001fef180: read SETTINGS len=30, settings: HEADER_TABLE_SIZE=4096, MAX_CONCURRENT_STREAMS=100, INITIAL_WINDOW_SIZE=1048576, MAX_FRAME_SIZE=16384, MAX_HEADER_LIST_SIZE=65535
http2: Transport received SETTINGS len=30, settings: HEADER_TABLE_SIZE=4096, MAX_CONCURRENT_STREAMS=100, INITIAL_WINDOW_SIZE=1048576, MAX_FRAME_SIZE=16384, MAX_HEADER_LIST_SIZE=65535
http2: Transport encoding header ":authority" = "osv-vulnerabilities.storage.googleapis.com"
http2: Transport encoding header ":method" = "HEAD"
http2: Transport encoding header ":path" = "/PyPI/all.zip"
http2: Transport encoding header ":scheme" = "https"
http2: Transport encoding header "user-agent" = "Go-http-client/2.0"
http2: Framer 0xc001fef180: wrote HEADERS flags=END_STREAM|END_HEADERS stream=1 len=66
http2: Framer 0xc001fef180: wrote SETTINGS flags=ACK len=0
http2: Framer 0xc001fef180: read WINDOW_UPDATE len=4 (conn) incr=2147418112
http2: Transport received WINDOW_UPDATE len=4 (conn) incr=2147418112
http2: Framer 0xc001fef180: read SETTINGS flags=ACK len=0
http2: Transport received SETTINGS flags=ACK len=0
http2: Framer 0xc001fef180: read PING len=8 ping="\x00\x00\x00\x00\x00\x00\x02\t"
http2: Transport received PING len=8 ping="\x00\x00\x00\x00\x00\x00\x02\t"
http2: Framer 0xc001fef180: wrote PING flags=ACK len=8 ping="\x00\x00\x00\x00\x00\x00\x02\t"
http2: Framer 0xc001fef180: read HEADERS flags=END_STREAM|END_HEADERS stream=1 len=696
http2: decoded hpack field header field ":status" = "200"
http2: decoded hpack field header field "x-guploader-uploadid" = "AAO2VwouB6J3PaoXjtTBxgixzrk2JKUphH6kQZRIwTnq9PceHtkCVKKSx1eCitS99BSY5iD-rz9Fwd8" (sensitive)
http2: decoded hpack field header field "expires" = "Wed, 23 Apr 2025 10:33:12 GMT" (sensitive)
http2: decoded hpack field header field "date" = "Wed, 23 Apr 2025 09:33:12 GMT" (sensitive)
http2: decoded hpack field header field "cache-control" = "public, max-age=3600" (sensitive)
http2: decoded hpack field header field "last-modified" = "Wed, 23 Apr 2025 08:07:45 GMT" (sensitive)
http2: decoded hpack field header field "etag" = "\"a248addce6e2f8c99d078975b687f1dc\"" (sensitive)
http2: decoded hpack field header field "x-goog-generation" = "1745395665876846" (sensitive)
http2: decoded hpack field header field "x-goog-metageneration" = "1" (sensitive)
http2: decoded hpack field header field "x-goog-stored-content-encoding" = "identity" (sensitive)
http2: decoded hpack field header field "x-goog-stored-content-length" = "17706137" (sensitive)
http2: decoded hpack field header field "content-type" = "application/zip" (sensitive)
http2: decoded hpack field header field "x-goog-hash" = "crc32c=3uFSuw==" (sensitive)
http2: decoded hpack field header field "x-goog-hash" = "md5=okit3Obi+MmdB4l1tofx3A==" (sensitive)
http2: decoded hpack field header field "x-goog-storage-class" = "STANDARD" (sensitive)
http2: decoded hpack field header field "accept-ranges" = "bytes" (sensitive)
http2: decoded hpack field header field "content-length" = "17706137" (sensitive)
http2: decoded hpack field header field "server" = "UploadServer" (sensitive)
http2: decoded hpack field header field "alt-svc" = "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" (sensitive)
http2: Transport received HEADERS flags=END_STREAM|END_HEADERS stream=1 len=696
http2: Transport encoding header ":authority" = "osv-vulnerabilities.storage.googleapis.com"
http2: Transport encoding header ":method" = "GET"
http2: Transport encoding header ":path" = "/PyPI/all.zip"
http2: Transport encoding header ":scheme" = "https"
http2: Transport encoding header "user-agent" = "osv-scanner_scan/2.0.0"
http2: Transport encoding header "accept-encoding" = "gzip"
http2: Framer 0xc001fef180: wrote HEADERS flags=END_STREAM|END_HEADERS stream=3 len=30
http2: Framer 0xc001fef180: read HEADERS flags=END_HEADERS stream=3 len=696
http2: decoded hpack field header field ":status" = "200"
http2: decoded hpack field header field "x-guploader-uploadid" = "AAO2VwouSnHHmOVF3xf7vbp2l6x7OfsKegGSPyflCV55Qz6sXGm5eeTvx2lEpqt_QPH705zMt8T5b8A" (sensitive)
http2: decoded hpack field header field "expires" = "Wed, 23 Apr 2025 10:33:12 GMT" (sensitive)
http2: decoded hpack field header field "date" = "Wed, 23 Apr 2025 09:33:12 GMT" (sensitive)
http2: decoded hpack field header field "cache-control" = "public, max-age=3600" (sensitive)
http2: decoded hpack field header field "last-modified" = "Wed, 23 Apr 2025 08:07:45 GMT" (sensitive)
http2: decoded hpack field header field "etag" = "\"a248addce6e2f8c99d078975b687f1dc\"" (sensitive)
http2: decoded hpack field header field "x-goog-generation" = "1745395665876846" (sensitive)
http2: decoded hpack field header field "x-goog-metageneration" = "1" (sensitive)
http2: decoded hpack field header field "x-goog-stored-content-encoding" = "identity" (sensitive)
http2: decoded hpack field header field "x-goog-stored-content-length" = "17706137" (sensitive)
http2: decoded hpack field header field "content-type" = "application/zip" (sensitive)
http2: decoded hpack field header field "x-goog-hash" = "crc32c=3uFSuw==" (sensitive)
http2: decoded hpack field header field "x-goog-hash" = "md5=okit3Obi+MmdB4l1tofx3A==" (sensitive)
http2: decoded hpack field header field "x-goog-storage-class" = "STANDARD" (sensitive)
http2: decoded hpack field header field "accept-ranges" = "bytes" (sensitive)
http2: decoded hpack field header field "content-length" = "17706137" (sensitive)
http2: decoded hpack field header field "server" = "UploadServer" (sensitive)
http2: decoded hpack field header field "alt-svc" = "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" (sensitive)
http2: Transport received HEADERS flags=END_HEADERS stream=3 len=696
http2: Framer 0xc001fef180: read DATA stream=3 len=15138 data="PK\x03\x04\x14\x00\x00\x00\b\x00\x06@\x97Z\xaa\x12\"\x04X\x05\x00\x00Z\x13\x00\x00\x18\x00\x00\x00GHSA-227r-w5j2-6243.json\x9d\x98]s\xda8\x14\x86\xef\xf3+4\\\xc7_\xb2d\xc0w,\xcd6\xccv\xb7ْ\xa6\xd3\xeet\xa8l\vPcl\x8f-\x93e;\xf9\xef+ˆ\x80\x8eҙ\xdd\x1bb?\x92\xde\xf3\x9e\xa3\x0fP~\\!4\x12\xd9(F\xa3\xb7\xb7˙\x83\xf1\xb8v\x9e\xe8w\xecD\x98\x84\xa3뮹iw;V\x1f\xba>\x8bb_>\xf2\xd9\x02\xcd\xeaD\xc8ZQ\xf4\xab\xc89z\xc3s.EY\xa0}\x9b\x17\xbcf\x89ȅ<\xf4\xc33.\x99ț~8\x12Z\xc1a\xc2럘@{^7z,u}\x17_#\xb9\xe5\xe8\x89'hv\xb7@\xdf\xee\xde/\xef\x91\xc7*\xe1\xed\x03O\xec؆7^\xd6E\xe3ߐhN\xf1\x94\aY\xbe\xe6\xcaE\xf7۳" (14882 bytes omitted)
http2: Transport received DATA stream=3 len=15138 data="PK\x03\x04\x14\x00\x00\x00\b\x00\x06@\x97Z\xaa\x12\"\x04X\x05\x00\x00Z\x13\x00\x00\x18\x00\x00\x00GHSA-227r-w5j2-6243.json\x9d\x98]s\xda8\x14\x86\xef\xf3+4\\\xc7_\xb2d\xc0w,\xcd6\xccv\xb7ْ\xa6\xd3\xeet\xa8l\vPcl\x8f-\x93e;\xf9\xef+ˆ\x80\x8eҙ\xdd\x1bb?\x92\xde\xf3\x9e\xa3\x0fP~\\!4\x12\xd9(F\xa3\xb7\xb7˙\x83\xf1\xb8v\x9e\xe8w\xecD\x98\x84\xa3뮹iw;V\x1f\xba>\x8bb_>\xf2\xd9\x02\xcd\xeaD\xc8ZQ\xf4\xab\xc89z\xc3s.EY\xa0}\x9b\x17\xbcf\x89ȅ<\xf4\xc33.\x99ț~8\x12Z\xc1a\xc2럘@{^7z,u}\x17_#\xb9\xe5\xe8\x89'hv\xb7@\xdf\xee\xde/\xef\x91\xc7*\xe1\xed\x03O\xec؆7^\xd6E\xe3ߐhN\xf1\x94\aY\xbe\xe6\xcaE\xf7۳" (14882 bytes omitted)
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=4096
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=3 len=4 incr=4096
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=5376
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=3 len=4 incr=5376
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=5666
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=3 len=4 incr=5666
http2: Framer 0xc001fef180: read DATA stream=3 len=16384 data="\x91S\x1b9\xb1\xb1\xcd\xc2\xca\xd8.\x8aw\xdb\x15\xf1}z\xd4\x16\xecJ\xa0\xc4\x04\x95\x98\xa0\x90\x14\x14\x92\x129\xc4#acl;\f\xd0ހ\xda\x1b \x94\x02\x04H\x1f\xb9\xeaS\xae\xfaT\x1a}\xe4\x7f\x80\xbc\r(oGh\xd9\xd1#\xcbp\xd0c\xb4\x17\x8f\xbe\xcaHX\xa8e\xd8\x7f\xabS\x88\x92\x14#9\x91*\")Gr\xe4\x94\x1c9%GNɱ6J\xca\x18 c;\n\xd2(\xa74ʩ\xb9R\x1b\xdb\xc9 5\x83\xa5\xbd\x11\x83I\xa2I\u0089\xf1D\xa2\xe4\x94(\xb9@\x1b\x91\xf88%>N\x89\x8f#\xf1qJ|\x1c\t\x8bS\xc2┰8\x92\x11\xa7dT\x1b\xdb{\x91\xb68\xa5-\x8ed\xc4)\x19!\x80)|\x11\xbc\x02\xf1\\P<\x17\x88\x93\x02qRP\x9c\x14\x88E\x82b\x91@\x84\x11\xe8@\x10\xb8B\xb2Dj\xae\v\\\xb8@\xfe\x11ӈ\x9b\x1f\x18\x11\xa9\x04E\xaa\xda\xd8\x0e\x11\x10b\x14h\xf6\vDHA\x11" (16128 bytes omitted)
http2: Transport received DATA stream=3 len=16384 data="\x91S\x1b9\xb1\xb1\xcd\xc2\xca\xd8.\x8aw\xdb\x15\xf1}z\xd4\x16\xecJ\xa0\xc4\x04\x95\x98\xa0\x90\x14\x14\x92\x129\xc4#acl;\f\xd0ހ\xda\x1b \x94\x02\x04H\x1f\xb9\xeaS\xae\xfaT\x1a}\xe4\x7f\x80\xbc\r(oGh\xd9\xd1#\xcbp\xd0c\xb4\x17\x8f\xbe\xcaHX\xa8e\xd8\x7f\xabS\x88\x92\x14#9\x91*\")Gr\xe4\x94\x1c9%GNɱ6J\xca\x18 c;\n\xd2(\xa74ʩ\xb9R\x1b\xdb\xc9 5\x83\xa5\xbd\x11\x83I\xa2I\u0089\xf1D\xa2\xe4\x94(\xb9@\x1b\x91\xf88%>N\x89\x8f#\xf1qJ|\x1c\t\x8bS\xc2┰8\x92\x11\xa7dT\x1b\xdb{\x91\xb68\xa5-\x8ed\xc4)\x19!\x80)|\x11\xbc\x02\xf1\\P<\x17\x88\x93\x02qRP\x9c\x14\x88E\x82b\x91@\x84\x11\xe8@\x10\xb8B\xb2Dj\xae\v\\\xb8@\xfe\x11ӈ\x9b\x1f\x18\x11\xa9\x04E\xaa\xda\xd8\x0e\x11\x10b\x14h\xf6\vDHA\x11" (16128 bytes omitted)
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=6622
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=3 len=4 incr=6622
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=6912
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=3 len=4 incr=6912
...
It started well, it downloaded the entire python vulnDB.
But as it tried to download the Go vulnDB:
...
Loaded PyPI local db from /u/chheda/.cache/osv-scanner/PyPI/all.zip
http2: Transport encoding header ":authority" = "osv-vulnerabilities.storage.googleapis.com"
http2: Transport encoding header ":method" = "GET"
http2: Transport encoding header ":path" = "/Go/all.zip"
http2: Transport encoding header ":scheme" = "https"
http2: Transport encoding header "user-agent" = "osv-scanner_scan/2.0.0"
http2: Transport encoding header "accept-encoding" = "gzip"
http2: Framer 0xc001fef180: wrote HEADERS flags=END_STREAM|END_HEADERS stream=5 len=16
http2: Framer 0xc001fef180: read HEADERS flags=END_HEADERS stream=5 len=694
http2: decoded hpack field header field ":status" = "200"
http2: decoded hpack field header field "x-guploader-uploadid" = "AAO2VwoCZZxeP0aCAAo3t3X1I3ejXhMZRwvUM0inQsQwKBho_c0-WxXEDO1Bo81UZeEirEQXfihgfm0" (sensitive)
http2: decoded hpack field header field "expires" = "Wed, 23 Apr 2025 10:33:34 GMT" (sensitive)
http2: decoded hpack field header field "date" = "Wed, 23 Apr 2025 09:33:34 GMT" (sensitive)
http2: decoded hpack field header field "cache-control" = "public, max-age=3600" (sensitive)
http2: decoded hpack field header field "last-modified" = "Wed, 23 Apr 2025 09:31:51 GMT" (sensitive)
http2: decoded hpack field header field "etag" = "\"38294f9be483fb50d9a715892f07ff94\"" (sensitive)
http2: decoded hpack field header field "x-goog-generation" = "1745400711762711" (sensitive)
http2: decoded hpack field header field "x-goog-metageneration" = "1" (sensitive)
http2: decoded hpack field header field "x-goog-stored-content-encoding" = "identity" (sensitive)
http2: decoded hpack field header field "x-goog-stored-content-length" = "4729830" (sensitive)
http2: decoded hpack field header field "content-type" = "application/zip" (sensitive)
http2: decoded hpack field header field "x-goog-hash" = "crc32c=5S0mog==" (sensitive)
http2: decoded hpack field header field "x-goog-hash" = "md5=OClPm+SD+1DZpxWJLwf/lA==" (sensitive)
http2: decoded hpack field header field "x-goog-storage-class" = "STANDARD" (sensitive)
http2: decoded hpack field header field "accept-ranges" = "bytes" (sensitive)
http2: decoded hpack field header field "content-length" = "4729830" (sensitive)
http2: decoded hpack field header field "server" = "UploadServer" (sensitive)
http2: decoded hpack field header field "alt-svc" = "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" (sensitive)
http2: Transport received HEADERS flags=END_HEADERS stream=5 len=694
http2: Framer 0xc001fef180: read DATA stream=5 len=16384 data="PK\x03\x04\x14\x00\x00\x00\b\x00\xc5K\x97Z\xfeg\x83'\x9e\x03\x00\x00\x1e\n\x00\x00\x18\x00\x00\x00GHSA-22fx-6r9m-r8h9.json\xd5V\xdbn\xe36\x10}\xcfW\x10\x06\n\xb4@$\xeab)6\x9f\xea\xd8Z'\xd8lֱ\x1do\xe3\"0(\x8a\xb2\xb9\x91D\x81\xa4\x9c\x18A\xfe})ɷ8q\x16hѢ}\x93fΜ9C\x8df\xf8|\x02@\x83E\r\x04\x1a\xfd\x8bQ\xc7p\x9c\xf8\xc9\xf0E;5Dk\xd1n\x9c\x96nY\xa4)\x16\xab\x12\x93\xb0pAY\f\x96E\x92Q\x81Ä\x02Ł\xa4\xf3\x94f\n+\xc63\x10\xe3\"Q`\xc90\x88\x13\xaeM\xd9\x1c\xe4\x9ce\n\xd0'B\xf3\x12R\xb3FTa\x96Ȓ\xb5\x03Fo\x19\b.$\x8d@\xb8\x02Ǚ\xf4\x13\x93J\x02\x96\x81\x8d2۴=\xd3\x06\x85,\xe1D\xe0Xi\x92\xca\xc3R<\xa7\xb2R\xa6\x16\xb4\xb2!\xf4" (16128 bytes omitted)
http2: Transport received DATA stream=5 len=16384 data="PK\x03\x04\x14\x00\x00\x00\b\x00\xc5K\x97Z\xfeg\x83'\x9e\x03\x00\x00\x1e\n\x00\x00\x18\x00\x00\x00GHSA-22fx-6r9m-r8h9.json\xd5V\xdbn\xe36\x10}\xcfW\x10\x06\n\xb4@$\xeab)6\x9f\xea\xd8Z'\xd8lֱ\x1do\xe3\"0(\x8a\xb2\xb9\x91D\x81\xa4\x9c\x18A\xfe})ɷ8q\x16hѢ}\x93fΜ9C\x8df\xf8|\x02@\x83E\r\x04\x1a\xfd\x8bQ\xc7p\x9c\xf8\xc9\xf0E;5Dk\xd1n\x9c\x96nY\xa4)\x16\xab\x12\x93\xb0pAY\f\x96E\x92Q\x81Ä\x02Ł\xa4\xf3\x94f\n+\xc63\x10\xe3\"Q`\xc90\x88\x13\xaeM\xd9\x1c\xe4\x9ce\n\xd0'B\xf3\x12R\xb3FTa\x96Ȓ\xb5\x03Fo\x19\b.$\x8d@\xb8\x02Ǚ\xf4\x13\x93J\x02\x96\x81\x8d2۴=\xd3\x06\x85,\xe1D\xe0Xi\x92\xca\xc3R<\xa7\xb2R\xa6\x16\xb4\xb2!\xf4" (16128 bytes omitted)
http2: Framer 0xc001fef180: read DATA stream=5 len=15141 data="\xe6\xc1(\x18L\x02\xbf\xff\xa96A\x96\xf4\x8aE\xeb\xa23V\xcf\x0f\x9c\xf1hԱ\uf5d5\x9c2G\x18T\xab\xc1;~\x7f^\xab\x97\xc7\xc5\x15\x1c\xbc\x8c.-yZ\x16t\xfb\xe6Co\xd6\x19\x00\x85\xbb*\v1\xf4\x1d'\xad>\xf8V;\xa6W95\b\xe7\a\xaf+\xfb\xb0X\xc8Ԭ={~\xd5]\xeaV\x13\x16Ƒ\xbb\xed\xb6jq\xef\xba\xdb-Oߜ\x1d\xcd\xde\x7f\xf8\xebQ\xf3@\x7f\x8f\xc3\xf8\xe8\xcd\xc5\xc25\xd3\xcf-/\xa7\xee\xc3T>n\xe5?ŷ>\x9f\x9f\x06?\x99\uefdb\x1e\x1e\xfck\x03\x15jS\x83\xf5\xd5\xe9a\x9a\xe0\xf6}\x03gBS\x93e]\xe2̚\x7f\x14\xbe\xbb\x96\xa5D\xa8\x15\\\xd73\xfbE!\xda[y\xe5m~3\x0f\xe6\"\x85\x8b\xe23\x0e7D\x98ڲ\xf7\xcaV\xa9\xa3\x96\x87-\x8af\a\x7f\x9c\x1d|h\x995>\x99\x9b\xe5\xa6\xee}}+\a\xa7\x82\x14QA\xcaic\xaf)\xfdΆ" (14885 bytes omitted)
http2: Transport received DATA stream=5 len=15141 data="\xe6\xc1(\x18L\x02\xbf\xff\xa96A\x96\xf4\x8aE\xeb\xa23V\xcf\x0f\x9c\xf1hԱ\uf5d5\x9c2G\x18T\xab\xc1;~\x7f^\xab\x97\xc7\xc5\x15\x1c\xbc\x8c.-yZ\x16t\xfb\xe6Co\xd6\x19\x00\x85\xbb*\v1\xf4\x1d'\xad>\xf8V;\xa6W95\b\xe7\a\xaf+\xfb\xb0X\xc8Ԭ={~\xd5]\xeaV\x13\x16Ƒ\xbb\xed\xb6jq\xef\xba\xdb-Oߜ\x1d\xcd\xde\x7f\xf8\xebQ\xf3@\x7f\x8f\xc3\xf8\xe8\xcd\xc5\xc25\xd3\xcf-/\xa7\xee\xc3T>n\xe5?ŷ>\x9f\x9f\x06?\x99\uefdb\x1e\x1e\xfck\x03\x15jS\x83\xf5\xd5\xe9a\x9a\xe0\xf6}\x03gBS\x93e]\xe2̚\x7f\x14\xbe\xbb\x96\xa5D\xa8\x15\\\xd73\xfbE!\xda[y\xe5m~3\x0f\xe6\"\x85\x8b\xe23\x0e7D\x98ڲ\xf7\xcaV\xa9\xa3\x96\x87-\x8af\a\x7f\x9c\x1d|h\x995>\x99\x9b\xe5\xa6\xee}}+\a\xa7\x82\x14QA\xcaic\xaf)\xfdΆ" (14885 bytes omitted)
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=4096
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=4096
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=5376
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=5376
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=6912
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=6912
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=5376
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=5376
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=6912
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=6912
http2: Framer 0xc001fef180: read DATA stream=5 len=16384 data="#\xa6\xdc\xe0\x9f\xc4U|2F\x02\x02\x81\n\xa1\xa5p\xb8f\xb1\x1c\xa1\t\xc3\x06\x9a1w\x91\xb2A\xf5\xca\x18\xd7\x04\xb9p\x90Qk \x06\x152f\xd4\xf1-\v\xb0N\xcb\xcc7\xa0U\xee\xe8:\x8b\x88\x821D\xed$\x83\x8e\x1c$6!\xc8`\x10\xa0#\xe3\xe44K\x06\xacz\x93KH\xf2\xd2\xd1uN\x99\x84P\xe2nM\x14\x13\a\x89\rR\x965\x02\f\x8b\x1d\xbd\xe5\t\xc5\xfc\xc4\xd8]\x9a\x90J\x17)\x13\x18\xa8\x1aA\n\xb7\xb2r\xa1\xb1@|\x19\xa2\xecC\xc7\xeb\xbci\xd07\xc9\fdZ\xbb\x1e謁\x84\xe5\xb6S\xb8J\xcc\a,^5\n\x02e\xa8\x1dD$\xa8\x832\xa3\x1a\xca\xc1U\x95\x10\x01\x862Rl\x99r\xa4.\"F \x1a\x89\x88U\xe3\xb0#J4^\xdaV\x16'\"w\x105JD\xb0\xbb\b\xe1;H\xe9k\t\x84\x19\x83\x9dn\xf0\x1d$\xc0\xd6擰\x04C\x1b\x87\xb7\xb2\xa1\xd8{\x93\f\xbb\xf2 C\x17\xc9|" (16128 bytes omitted)
http2: Transport received DATA stream=5 len=16384 data="#\xa6\xdc\xe0\x9f\xc4U|2F\x02\x02\x81\n\xa1\xa5p\xb8f\xb1\x1c\xa1\t\xc3\x06\x9a1w\x91\xb2A\xf5\xca\x18\xd7\x04\xb9p\x90Qk \x06\x152f\xd4\xf1-\v\xb0N\xcb\xcc7\xa0U\xee\xe8:\x8b\x88\x821D\xed$\x83\x8e\x1c$6!\xc8`\x10\xa0#\xe3\xe44K\x06\xacz\x93KH\xf2\xd2\xd1uN\x99\x84P\xe2nM\x14\x13\a\x89\rR\x965\x02\f\x8b\x1d\xbd\xe5\t\xc5\xfc\xc4\xd8]\x9a\x90J\x17)\x13\x18\xa8\x1aA\n\xb7\xb2r\xa1\xb1@|\x19\xa2\xecC\xc7\xeb\xbci\xd07\xc9\fdZ\xbb\x1e謁\x84\xe5\xb6S\xb8J\xcc\a,^5\n\x02e\xa8\x1dD$\xa8\x832\xa3\x1a\xca\xc1U\x95\x10\x01\x862Rl\x99r\xa4.\"F \x1a\x89\x88U\xe3\xb0#J4^\xdaV\x16'\"w\x105JD\xb0\xbb\b\xe1;H\xe9k\t\x84\x19\x83\x9dn\xf0\x1d$\xc0\xd6擰\x04C\x1b\x87\xb7\xb2\xa1\xd8{\x93\f\xbb\xf2 C\x17\xc9|" (16128 bytes omitted)
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=12288
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=12288
http2: Framer 0xc001fef180: read DATA stream=5 len=16384 data="F\x12Z\x99\f\x84\xe1\x8c\x1aHH\xa5Ai\x92@\x0e\x86\x8b5Iy\x0e\x9a \xa0&T\x01\x11\xd24x\xa9\xf8w\x04\xa3w\x83\x846S\x02\x86\xf2\\\xdbLggg\xe4\xae()3s1\x17\x93\x13)\x18\x15D\x83H\b%\n\xbeU\xa0\xcds8W\xae\xbe\x0236\xb1\x92\xd5:\xb3\x04\x88\x8e\xc8\x1a\xfd\x1f)RA\xb7\x16\xf9\x7f\t\x0e,\rK\xea\x135,\x03m\x7f\xbbn\xf8\x83Q8\xf0\x9b\xa09&P\x1d\xf4^\xaa\r\xc5\xfc\"i\xe0\x7f(Y\x12]\x02\xe3)g\x87\x9c-\xb9}\xac\x9ck\x03\x82\x94R\x99\x01\x99\x88\xba\x87=r\x93\x91\xb93\xd9S\xa3\x86K1wH\x064\x01դ\xdeҼ\xc2yd\xd4\x10m\xa8\xc2\xe2;\x9f\xfb\xd9\xdc\xe9\xf9\x7f\x86\x14\x14\b֖\xf0@\x93-\xd7\x18\x11\xb4wB\x00\x8b\xf7\x991\xa5\x1e{\xde\x1acU\xab\x01\x93\x85g\x14\xc0\x16'\x00^K\xda\xd3\xc0*\xc5M\xed\xbd\x1d켣\xf0Q" (16128 bytes omitted)
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=6949
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=6949
http2: Transport received DATA stream=5 len=16384 data="F\x12Z\x99\f\x84\xe1\x8c\x1aHH\xa5Ai\x92@\x0e\x86\x8b5Iy\x0e\x9a \xa0&T\x01\x11\xd24x\xa9\xf8w\x04\xa3w\x83\x846S\x02\x86\xf2\\\xdbLggg\xe4\xae()3s1\x17\x93\x13)\x18\x15D\x83H\b%\n\xbeU\xa0\xcds8W\xae\xbe\x0236\xb1\x92\xd5:\xb3\x04\x88\x8e\xc8\x1a\xfd\x1f)RA\xb7\x16\xf9\x7f\t\x0e,\rK\xea\x135,\x03m\x7f\xbbn\xf8\x83Q8\xf0\x9b\xa09&P\x1d\xf4^\xaa\r\xc5\xfc\"i\xe0\x7f(Y\x12]\x02\xe3)g\x87\x9c-\xb9}\xac\x9ck\x03\x82\x94R\x99\x01\x99\x88\xba\x87=r\x93\x91\xb93\xd9S\xa3\x86K1wH\x064\x01դ\xdeҼ\xc2yd\xd4\x10m\xa8\xc2\xe2;\x9f\xfb\xd9\xdc\xe9\xf9\x7f\x86\x14\x14\b֖\xf0@\x93-\xd7\x18\x11\xb4wB\x00\x8b\xf7\x991\xa5\x1e{\xde\x1acU\xab\x01\x93\x85g\x14\xc0\x16'\x00^K\xda\xd3\xc0*\xc5M\xed\xbd\x1d켣\xf0Q" (16128 bytes omitted)
http2: Framer 0xc001fef180: read DATA stream=5 len=16372 data="dǕ\x00)\x89\xe4\x7f\x02\t6\x10<r\x117Y!(\xc6\x13\xd9e\xf9\x10e\x05\x10C\xb7F\xba5$L\x92RBH\xb8 \xd7<\xde(\x81\x89\xe4\x9a\xf9\x92$\xa2\x17lNtK\xf3\x11\x8a`E\x92\xa9\r\x14\xe4\x1dWAƅV@\xc2\x14B\xe4E\x16\x96\x81\x92\xc3ov\xa6ߋ{q~~N\x969\x04<\xe2\x01\xb9\xcc\xc8\r\v\x1eY\x8c)^\x14A\x80\x80\xf7\"\xe6jS\xfaz\x90\xa5\x14{\x97%WP=\x84t\xc7\vh\xc6c\tg\x12\xaa\xf1~\xc3W4\xccVs\xcd2,K\x1b\x8f\xa7\x17\xd3:\b\xad\x97\xef\x1b\xa3i\\8\x034=\xd4\xc9i\x16bu\xa8\x97\x1d\xddc͘`؝e\xba#\u06ddL>6%\xf2\xd2Op\xa0.\fQL͘ޙ\x96k\x18\xeeh܆\x85L1\x1f{Y\xcbv(\f\xff\xdcT\x17\xdbpݡ\xac\x99:\x002Ʈ9A\xac\x8f\xfbn\x83\x1d\xacyX\x0f\xf5\xd0" (16116 bytes omitted)
http2: Transport received DATA stream=5 len=16372 data="dǕ\x00)\x89\xe4\x7f\x02\t6\x10<r\x117Y!(\xc6\x13\xd9e\xf9\x10e\x05\x10C\xb7F\xba5$L\x92RBH\xb8 \xd7<\xde(\x81\x89\xe4\x9a\xf9\x92$\xa2\x17lNtK\xf3\x11\x8a`E\x92\xa9\r\x14\xe4\x1dWAƅV@\xc2\x14B\xe4E\x16\x96\x81\x92\xc3ov\xa6ߋ{q~~N\x969\x04<\xe2\x01\xb9\xcc\xc8\r\v\x1eY\x8c)^\x14A\x80\x80\xf7\"\xe6jS\xfaz\x90\xa5\x14{\x97%WP=\x84t\xc7\vh\xc6c\tg\x12\xaa\xf1~\xc3W4\xccVs\xcd2,K\x1b\x8f\xa7\x17\xd3:\b\xad\x97\xef\x1b\xa3i\\8\x034=\xd4\xc9i\x16bu\xa8\x97\x1d\xddc͘`؝e\xba#\u06ddL>6%\xf2\xd2Op\xa0.\fQL͘ޙ\x96k\x18\xeeh܆\x85L1\x1f{Y\xcbv(\f\xff\xdcT\x17\xdbpݡ\xac\x99:\x002Ʈ9A\xac\x8f\xfbn\x83\x1d\xacyX\x0f\xf5\xd0" (16116 bytes omitted)
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=9435
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=9435
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=16384
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=16384
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE len=4 (conn) incr=6937
http2: Framer 0xc001fef180: wrote WINDOW_UPDATE stream=5 len=4 incr=6937
http2: Framer 0xc001fef180: read RST_STREAM stream=5 len=4 ErrCode=NO_ERROR
http2: Transport received RST_STREAM stream=5 len=4 ErrCode=NO_ERROR
It received a RST_STREAM.
Why is this the case? What can I do to mitigate this.
Please let me know if I should provide more information.
This seems odd, I'm guessing this is just a transient error on GCS buckets, and we just need to add retry logic if the initial download fails. Does running again after a few minutes cause the issue to go away?
It is still the same case. Could this be a firewall issue? Cause I'm in a enterprise network. But if it was a firewall issue, why did PyPI download just fine?
This issue has not had any activity for 60 days and will be automatically closed in two weeks
See https://github.com/google/osv-scanner/blob/main/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}