OWASP Azure pipeline worked and is now failing

[Chelseasweeney07]

Describe the bug
OWASP pipeline had been working as needed/expected in Azure pipeline. Within the last week-all pipelines are failing saying:
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error

Please ensure your API Key is valid; see https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#api-key-is-used-and-a-403-or-404-error-occurs

If your NVD API Key is valid try increasing the NVD API Delay.

If this is ocurring in a CI environment
[ERROR] No documents exist
Dependency Check completed with exit code 13.
Dependency Check reports:
[]
Dependency Check failed with message "Dependency Check exited with an error code (exit code: 13)."
##[error]Dependency Check exited with an error code (exit code: 13).

I ensured API is good. Not sure what changed that it is now not working...

Version of dependency-check used
Dependency-Check Core version 9.2.0

Expected behavior
For it to succeed if no vulnerabilities or fail and produce report with vulnerabilities

Additional context
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data; the NVD returned a 403 or 404 error

[aikebah]

You need to update you configuration to run a newer DependencyCheck version

#6817

Refer to the azure devops pipeline project if you don't know how to. That plugin is not part of this github project. It is located at https://github.com/dependency-check/azuredevops

[Chelseasweeney07]

Thank you - I did this and it resolved the issue. Thanks, Chelsea Sweeney IT Platform Administrator II, Application Development NORIDIAN HEALTHCARE SOLUTIONS LLC, FARGO 701-277-6624 ***@***.******@***.***> www.noridian.com<http://www.noridian.com/> | www.noridianmedicare.com<http://www.noridianmedicare.com/> [NAS email signature logo] Confidentiality Notice: This communication and any attachments are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient(s), please contact the sender by replying to this e-mail and destroy/delete all copies of this e-mail message. From: Hans Aikema ***@***.***> Sent: Friday, July 19, 2024 12:14 PM To: jeremylong/DependencyCheck ***@***.***> Cc: Chelsea Sweeney ***@***.***>; Author ***@***.***> Subject: Re: [jeremylong/DependencyCheck] OWASP Azure pipeline worked and is now failing (Issue #6842) You don't often get email from ***@***.*** Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. You need to update you configuration to run a newer DependencyCheck version #6817<#6817> Refer to the azure devops pipeline project if you don't know how to. That plugin is not part of this github project. It is located at https://github.com/dependency-check/azuredevops - Reply to this email directly, view it on GitHub<#6842 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BJ4DTZNJKUFX2ZKSFRKROADZNFCM7AVCNFSM6AAAAABK5HPAT6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZZG4YDKMZRGI>. You are receiving this because you authored the thread.Message ID: ***@***.***>