nancy: Is returning 500 error when accessing OSS Index

Running nancy has started returning a 500 error “Error: An error occurred: [500 Internal Server Error] error accessing OSS Index” when running https://ossindex.sonatype.org/updates-notice says there were index updates yesterday and today is the 1st day I’ve seen it so it might be related

What are you trying to do? Run nancy against my go dependencies with
go list -m all | docker run --env GITHUB_TOKEN=$GITHUB_TOKEN --pull always --rm -i sonatypecommunity/nancy:latest sleuth

cc @bhamail / @DarthHater

About this issue

Original URL
State: closed
Created 2 years ago
Reactions: 34
Comments: 20 (7 by maintainers)

Commits related to this issue

go/lint: skipping nancy check Issue: https://github.com/sonatype-nexus-community/nancy/issues/263 — committed to moov-io/infra by adamdecaf 2 years ago
chore: Disable nancy due to issue - https://github.com/sonatype-nexus-community/nancy/issues/263 Signed-off-by: Grzegorz Głąb <grzesuav@gmail.com> — committed to grzesuav/metacontroller by grzesuav 2 years ago
chore: Disable nancy due to issue - https://github.com/sonatype-nexus-community/nancy/issues/263 Signed-off-by: Grzegorz Głąb <grzesuav@gmail.com> — committed to metacontroller/metacontroller by grzesuav 2 years ago
Moving away from Nancy (#2393) `Nancy` test is failing and the issue is recent: https://github.com/sonatype-nexus-community/nancy/issues/263 Move to more idiomatic https://pkg.go.dev/golang.org/x... — committed to minio/console by cniackz 2 years ago
go/lint: remove nancy since it's too unstable, run govulncheck instead Issue: https://github.com/sonatype-nexus-community/nancy/issues/263 Issue: https://github.com/sonatype-nexus-community/nancy/iss... — committed to moov-io/infra by adamdecaf a year ago

Most upvoted comments

this has happened again - I’m getting 500s

Error: An error occurred: [500 Internal Server Error] error accessing OSS Index

+18

gedge on Oct 18, 2022

It is almost certainly related. We have reportedly reproduced the problem and are looking into it internally. Sorry for the interruption; we will get this fixed ASAP.

+12

ken-duck on May 24, 2022

Looks like this could be related to some changes made yesterday, May 23:

Some ecosystems will no longer be supported.As part of this change we will be dropping support for Drupal, Debian, Chocolatey, Alpine, Bower and Go Dep. Note: Go Mod will continue to be supported and we encourage all OSS Index users to upgrade to newer Go Mod modules.

Source: https://ossindex.sonatype.org/updates-notice

sethlivingston on May 24, 2022

We found and fixed the problem. It was an edge case bug in a recent update to OSSIndex, and only certain components would have been affected.

Sorry for the disturbance, and special thanks to @JohnStarich for the helpful report - made it much easier to find the root cause.

bhamail on Oct 18, 2022

A fix has been deployed. You should see Nancy working correctly now.

ken-duck on May 25, 2022

We’re looking into the recent 500 errors from OSSIndex. So far, the errors appear to be component coordinate specific (e.g. not universal). Still digging.

bhamail on Oct 18, 2022

I can reliably reproduce with this API request:

curl -X 'POST' \
  'https://ossindex.sonatype.org/api/v3/component-report' \
  -H 'accept: application/vnd.ossindex.component-report.v1+json' \
  -H 'Content-Type: application/vnd.ossindex.component-report-request.v1+json' \
  -d '{
  "coordinates": [
    "pkg:golang/github.com/IBM-Cloud/go-etcd-rules@v1.5.14"
  ]
}'

{"code":500,"message":"There was an error processing your request. It has been logged (ID 0c64132875b54062)."}

The version doesn’t appear to matter. Any other public golang dependency I try appears to work.

JohnStarich on Oct 18, 2022

We moved away from this index to vulncheck by Go community, works like a charm.

harshavardhana on Oct 18, 2022