Error:
15:35:18 [ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
15:35:18 [ERROR] caused by DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
15:35:18 [ERROR] caused by DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
15:35:18 [ERROR] caused by SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] caused by ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] caused by SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] NoDataException: No documents exist
我们添加了依赖检查器插件pom.xml
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.0.3</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<!-- Generate all report formats -->
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
</configuration>
</plugin>
此错误通常意味着您的 JVM 无法创建与服务器nvd.nist.gov的安全 (https) 连接,因为它不信任服务器提供的证书。为了信任服务器,服务器或签名机构的公共证书必须位于 JVM 使用的信任库中。默认情况下,信任存储区在%JAVA_HOME%libsecuritycacerts中,您可以使用以下 (Windows)keytool -list -keystore "%JAVA_HOME%libsecuritycacerts" -storepass changeit列出其内容。 您应该会看到一个证书列表,如果未列出digicertglobalrootg2则需要导入它以信任服务器,因为证书由CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C = US签名。 您使用的是哪个版本的 Java?上述证书可能不包含在 1.8 之前的 Java 信任存储区中。
我通过执行以下步骤在计算机上修复了此错误 -
-
在本地文件夹上下载元文件和 json 文件
i) NVDCVE-1.1-modified.json.gz
ii) NVDCVE-1.1-recent.json.gz
iii) NVDCVE-1.1-modified.meta
iv) known_exploited_vulnerabilities.json
-
将 maven 插件配置为下载的文件
<configuration><cveUrlModified>file:///C:/OWASP_DEP/nvdcve-1.1-modified.json.gz</cveUrlModified><cveUrlBase>file:///C:/OWASP_DEP/nvdcve-1.1-recent.json.gz</cveUrlBase><knownExploitedUrl>file:///C:/OWASP_DEP/known_exploited_vulnerabilities.json</knownExploitedUrl><retireJsUrl>file:///C:/OWASP_DEP/jsrepository.json</retireJsUrl></configuration>