Process hangs indefinately (so far during update when updating via a proxy server (using proxyserver & proxyport arguments).
No traffic is observed on the proxy server.
The problem occurs using version 9.0.0 of the cli (windows)
We initially observed this behaviour while running the dependency check in our build pipelines in an azure devops task, and the task hangs at 'Checking for updates'. In this instance it hung for over 20 hours before I manually cancelled it. No connection attempts to services.nvd.nist.gov were logged by our proxy server :
https://gist.github.com/ben-vanderlinde/78862735eb6da114523381448c4838a8
Testing from the command line locally, but using a local instance of fiddler as the proxy server I get the same result:
Fiddler does not report any connection attempts either :
https://gist.github.com/ben-vanderlinde/3fec12de3f9a639d520fb11593d2ebe7
Steps to reproduce the behavior:
- Run the following fromthe cli on a windows machine :
.\dependency-check.bat --updateonly --proxyserver {proxy_server_hostname} --proxyport {proxy_server_port} --nvdApiDelay 1000 --nvdApiKey {nvdApiKey}
- Wait for a long time and observe no error output, and no traffic on the proxy.
It should attempt to connect to the NVD api via the proxy server to fetch updates.
In the event the NVD api is unreachable or returns an error code, the process should exit with an error code, and log the nature of the error.
Process hangs indefinately (so far during update when updating via a proxy server (using proxyserver & proxyport arguments).
No traffic is observed on the proxy server.
The problem occurs using version 9.0.0 of the cli (windows)
We initially observed this behaviour while running the dependency check in our build pipelines in an azure devops task, and the task hangs at 'Checking for updates'. In this instance it hung for over 20 hours before I manually cancelled it. No connection attempts to services.nvd.nist.gov were logged by our proxy server :
https://gist.github.com/ben-vanderlinde/78862735eb6da114523381448c4838a8
Testing from the command line locally, but using a local instance of fiddler as the proxy server I get the same result:
Fiddler does not report any connection attempts either :
https://gist.github.com/ben-vanderlinde/3fec12de3f9a639d520fb11593d2ebe7
Steps to reproduce the behavior:
.\dependency-check.bat --updateonly --proxyserver {proxy_server_hostname} --proxyport {proxy_server_port} --nvdApiDelay 1000 --nvdApiKey {nvdApiKey}
It should attempt to connect to the NVD api via the proxy server to fetch updates.
In the event the NVD api is unreachable or returns an error code, the process should exit with an error code, and log the nature of the error.