DependencyCheck: I'm suddenly getting TransportException on OSS Index Analyzer
Version: 8.1.2
[ERROR] AnalysisException: Failed to request component-reports
[ERROR] caused by TransportException: Unexpected response; status: 503
...
[ERROR] AnalysisException: Failed to request component-reports
[ERROR] caused by TransportException: Unexpected response; status: 503
exceptions:
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.owasp:dependency-check-maven:8.1.2:check (default) on project *: One or more exceptions occurred during dependency-check analysis
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:347)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:330)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:175)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:76)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:163)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:160)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:260)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:172)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:100)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:821)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:270)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:568)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.apache.maven.plugin.MojoExecutionException: One or more exceptions occurred during dependency-check analysis
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1951)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1102)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:342)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:330)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:175)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:76)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:163)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:160)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:260)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:172)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:100)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:821)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:270)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:568)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during analysis:
AnalysisException: Failed to request component-reports
caused by TransportException: Unexpected response; status: 503
AnalysisException: Failed to request component-reports
caused by TransportException: Unexpected response; status: 503
AnalysisException: Failed to request component-reports
caused by TransportException: Unexpected response; status: 503
AnalysisException: Failed to request component-reports
caused by TransportException: Unexpected response; status: 503
AnalysisException: Failed to request component-reports
caused by TransportException: Unexpected response; status: 503
AnalysisException: Failed to request component-reports
caused by TransportException: Unexpected response; status: 503
AnalysisException: Failed to request component-reports
caused by TransportException: Unexpected response; status: 503
AnalysisException: Failed to request component-reports
caused by TransportException: Unexpected response; status: 503
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:687)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1919)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1102)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:342)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:330)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:175)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:76)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:163)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:160)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:260)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:172)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:100)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:821)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:270)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:568)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
About this issue
- Original URL
- State: open
- Created a year ago
- Reactions: 23
- Comments: 30 (4 by maintainers)
It’s down again 😦
https://ossindex.sonatype.org/ is up again.
It looks like Sonatype OSS Index is down: https://ossindex.sonatype.org/
503 Service Temporarily Unavailable
As a workaround, it helps to use this property in order to turn the error into a warning:
<ossIndexWarnOnlyOnRemoteErrors>true</ossIndexWarnOnlyOnRemoteErrors>
https://ossindex.sonatype.org/ is up again.
I hit this too. The error message wasn’t all that clear to me at first. Maybe it could be improved a bit by including that URL?
Shouldn’t the use of the OSS Index Analyzer simply be disabled by default and require everyone to explicitly opt-in to use it now? Their site contains the following notice:
Limiting unregistered users to 40 requests per month seems incredibly low and untenable for automated CI pipelines. Additionally, from what I can see, they do not clearly state how many requests are allowed even if you register an account, which makes it especially difficult to even estimate whether you can rely on the service in the first place.
I’m using a registered user and I’m having the same issue, so it seems something else is happening.
Started to fail again with 502 today:
This is a bit annoying to have this repeating issue every now and then.
@karthickram286 I tested the same in maven and it doesn’t work either 😕
OSS Index does not support sending bulk requests? We noticed that the queries there seem to go separately for each library. Is there any way to optimize this?
Any plans to fix this? Is it reported to Sonatype?
And ref the comment above: Pass
--ossIndexRemoteErrorWarnOnly true
if using the CLI https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.htmlhttps://status.maven.org/ reports all is up, so it doesn’t seem that this server is monitored correctly. I’ve created https://issues.sonatype.org/browse/MVNCENTRAL-7940, so the Sonatype team should now be aware of the issue.