Dependency Check client fails (due to postgresql database schema?)

Describe the bug We run the OWASP dependency check client inside a corporate network. The app consists of 2 docker containers:

• postgres:9.6.20 (from hub.docker.com, this container’s database should hold the NVD)
• a custom docker container running the dependency check client with gradle

While running v6.1.0 of the OWASP dependency check, the client fails, ostensibly because the DB schema does not seem to fit the one expected by the client. This is not an upgrade, I am trying to set up everything from scratch.

Version of dependency-check used The problem occurs using version 6.1.0 of the org.owasp.dependencycheck.gradle.DependencyCheckPlugin

Log file

• Docker logs (excerpt) of container when using initialize_postgres.sql: https://gist.github.com/ptschack/9acef77f5680d6155f2382ac4526d73b
• Docker logs (excerpt) of container when using initialize.sql: https://gist.github.com/ptschack/b460cd11addd10acd426b4057eb59802

To Reproduce Steps to reproduce the behavior:

1. Run a docker postgres container (postgres:9.6.20), with exposed port 5432 and variables POSTGRES_PASSWORD, POSTGRES_USER and POSTGRES_DB set, running on a bridge network
2. Inside the postgres container, run one of the following:

• psql --username postgres --dbname postgres --no-password -f /initialize.sql
• psql --username postgres --dbname postgres --no-password -f /initialize_postgres.sql

1. Create a custom docker container containing gradle and the following files:

• gradle.properties (values in {{}} are substituted by ansible)

systemProp.proxySet="true"
systemProp.http.proxyHost="{{proxy_host}}"
systemProp.http.proxyPort="{{proxy_port}}"
systemProp.http.proxyUser="{{proxy_user}}"
systemProp.http.proxyPassword="{{proxy_pwd}}"
systemProp.http.nonProxyHosts="{{no_proxy}}"
systemProp.https.proxyHost="{{proxy_host}}"
systemProp.https.proxyPort="{{proxy_port}}"
systemProp.https.proxyUser="{{proxy_user}}"
systemProp.https.proxyPassword="{{proxy_pwd}}"
systemProp.https.nonProxyHosts="{{no_proxy}}"

• database.gradle

buildscript {
    repositories {
        maven { url "http://m2repo.[DOMAIN REDACTED]/content/groups/full" }
    }
    dependencies {
        classpath 'org.owasp:dependency-check-gradle:6.1.0'
        classpath 'org.postgresql:postgresql:42.2.18'
    }
}

apply plugin: org.owasp.dependencycheck.gradle.DependencyCheckPlugin

dependencyCheck {
    cveValidForHours = 0
    data {
        connectionString = "jdbc:postgresql://dependencyDB:5432/postgres?useSSL=false"
        driver = "org.postgresql.Driver"
        username = "postgres"
        password = "DATABASE_PASSWORD"
    }
}

• update.sh gradle --info --debug --stacktrace --no-daemon -b database.gradle dependencyCheckUpdate

1. Run the custom container. The entrypoint is update.sh. The container is also connected to the bridge network.

Expected behavior The dependency check plugin should be able to download the NVD into the attached PostgreSQL database.

Additional context The whole setup is automated with Ansible. I will post further logs/info upon request. The size limit on Gists prevented me from posting everything.