I am using the maven dependency check plugin and it fails on a SocketTimeoutException while connecting to NIST. I manually clicked on the link and it opens in a browser. However it seems like the plugin is failing on a SocketTimeout. Is there a setting that I can put in to increase the time out since I have verified that a browser can actually open the link.
This is the error log
[DEBUG] Begin Engine Version Check
[DEBUG] Last checked: 1631300527
[DEBUG] Now: 1631328218
[DEBUG] Current version: 6.3.1
[DEBUG] Upgrade not needed
[DEBUG] Settings.getDataFile() - file: '[JAR]/../../dependency-check-data/5.0'
[DEBUG] Settings.getDataFile() - transforming filename
[DEBUG] Settings.getDataFile() - jar file: '/Users/pallavi/.m2/repository/org/owasp/dependency-check-utils/6.3.1'
[DEBUG] Settings.getDataFile() - returning: '/Users/pallavi/.m2/repository/org/owasp/dependency-check-utils/6.3.1/../../dependency-check-data/5.0'
[DEBUG] Last updated: 1631300528270
[DEBUG] Now: 1631328218006
[INFO] Skipping RetireJS update since last update was within 24 hours.
[DEBUG] Closing database
[DEBUG] Cache cleared
[DEBUG] Connection closed
[DEBUG] Resources released
[DEBUG] Begin deregister driver
[DEBUG] End deregister driver
[DEBUG] Lock released (main) 43ea37b03b4d2071fa341536314b4024 @ 2021-09-10 20:43:38.041
[WARNING] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[DEBUG] Update Error
org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2020.meta
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:349)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:401)
at
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2020.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2020.meta; unable to connect.
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:187)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:342)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:401)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:122)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:873)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:680)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:606)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1691)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:950)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2020.meta; unable to connect.
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:267)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:182)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:342)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:401)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:122)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:873)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:680)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:606)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1691)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:950)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: java.net.SocketTimeoutException: connect timed out
at java.net.PlainSocketImpl.socketConnect (Native Method)
at java.net.AbstractPlainSocketImpl.doConnect (AbstractPlainSocketImpl.java:399)
at java.net.AbstractPlainSocketImpl.connectToAddress (AbstractPlainSocketImpl.java:242)
at java.net.AbstractPlainSocketImpl.connect (AbstractPlainSocketImpl.java:224)
at java.net.Socket.connect (Socket.java:609)
at sun.net.NetworkClient.doConnect (NetworkClient.java:177)
at sun.net.www.http.HttpClient.openServer (HttpClient.java:474)
at sun.net.www.http.HttpClient.openServer (HttpClient.java:569)
at sun.net.www.protocol.https.HttpsClient.<init> (HttpsClient.java:265)
at sun.net.www.protocol.https.HttpsClient.New (HttpsClient.java:372)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient (AbstractDelegateHttpsURLConnection.java:191)
I am using the maven dependency check plugin and it fails on a SocketTimeoutException while connecting to NIST. I manually clicked on the link and it opens in a browser. However it seems like the plugin is failing on a SocketTimeout. Is there a setting that I can put in to increase the time out since I have verified that a browser can actually open the link.
This is the error log