Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

No support for JSON feeds, XML feeds are being deprecated

See original GitHub issue

I do not see support in the documentation for the new JSON based NVE feeds. According to XML Vulnerability Feed Retirement Update the XML feeds will not be supported. When trying to run with the JSON feeds, I get the following error. I am running v0.2.10

[error] Failed creating report: One or more exceptions occurred during dependency-check analysis
[error] 	com.sun.org.apache.xerces.internal.impl.io.MalformedByteSequenceException: Invalid byte 1 of 1-byte UTF-8 sequence.
[error] org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during dependency-check analysis
[error] 	com.sun.org.apache.xerces.internal.impl.io.MalformedByteSequenceException: Invalid byte 1 of 1-byte UTF-8 sequence.
[error] 	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:693)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.createReport(DependencyCheckPlugin.scala:470)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.$anonfun$checkTask$9(DependencyCheckPlugin.scala:274)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.withEngine(DependencyCheckPlugin.scala:490)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.$anonfun$checkTask$2(DependencyCheckPlugin.scala:272)
[error] 	at net.vonbuchholtz.sbt.dependencycheck.DependencyCheckPlugin$.$anonfun$checkTask$2$adapted(DependencyCheckPlugin.scala:236)
[error] 	at scala.Function1.$anonfun$compose$1(Function1.scala:44)
[error] 	at sbt.internal.util.$tilde$greater.$anonfun$$u2219$1(TypeFunctions.scala:39)
[error] 	at sbt.std.Transform$$anon$4.work(System.scala:66)
[error] 	at sbt.Execute.$anonfun$submit$2(Execute.scala:262)
[error] 	at sbt.internal.util.ErrorHandling$.wideConvert(ErrorHandling.scala:16)
[error] 	at sbt.Execute.work(Execute.scala:271)
[error] 	at sbt.Execute.$anonfun$submit$1(Execute.scala:262)
[error] 	at sbt.ConcurrentRestrictions$$anon$4.$anonfun$submitValid$1(ConcurrentRestrictions.scala:174)
[error] 	at sbt.CompletionService$$anon$2.call(CompletionService.scala:36)
[error] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[error] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[error] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[error] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[error] 	at java.lang.Thread.run(Thread.java:748)
[error] (dependencyCheck) org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during dependency-check analysis
[error] 	com.sun.org.apache.xerces.internal.impl.io.MalformedByteSequenceException: Invalid byte 1 of 1-byte UTF-8 sequence.
[error] Total time: 11 s, completed May 7, 2019 11:51:27 AM

Are there plans to add support for the JSON feeds?

Issue Analytics

State:
Created 4 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

albuchcommented, May 25, 2019

@ghostbuster91 DependencyCheck downloads several feed files in parallel, so rate limiting already might apply during your first run. This might be escalated if your identified with an enterprise wide IP address for outgoing traffic and other project/build jobs within your corporate network have downloaded the feed recently.

With the next release of the sbt plugin there will be a default limit of 2 parallel downloads to mitigate the issue, however to be fully independent of rate limiting and network/connectivity issues you should consider setting up an internal mirror as mentioned earlier.

0reactions

ghostbuster91commented, May 22, 2019

Hi @albuch I’m not sure if it’s the rate limiting thing since it was my first run of sbt-dependency-check.

Update: Ok I read the mentioned threads and see that it is due to concurrent downloads. I will try to setup a mirror, thanks.

Top Results From Across the Web

“We removed the RSS feed since this technology became ...

It used to be that the masses consumed RSS feeds. No, this was never the case. Newsfeeds were always a minority-feature. The mass...

JSON Feed Version 1.1

The JSON Feed format is a pragmatic syndication format, like RSS and Atom, but with one big difference: it's JSON instead of XML....

Working With Web Feeds: It's More Than RSS | CSS-Tricks

JSON feed is a newer feed format meaning that support for it might not be as broad as Atom or RSS. If you...

Do not use the OData v2.0 endpoint - Power Apps

Organization Data Service supports both JSON and ATOM. ATOM is an XML-based format usually used for RSS feeds. Web API only supports JSON....

Facebook public JSON or RSS feed - Stack Overflow

Facebook public JSON or RSS feed ... So it seems that Facebook has deprecated the public JSON and XML feeds for profiles (https://www.facebook.com/feeds/page.php?...