I'm trying to use the dependency-check-maven plugin, but I always get stuck in the updateof the NVD database. This is my easy set up:
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>12.0.2</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
I'm running it in a gitlab pipeline and the output is this:
22047 [INFO] Checking for updates
22057 [WARNING] An NVD API Key was not provided - it is highly recommended to use an NVD API key as the update can take a VERY long time without an API Key
60332 [INFO] NVD API has 280,241 records in this update
And the update takes forever. I cannot wait 3-4 hours, also because it is running on a docker container.
I tried to provide the NVD API Key by getting it from and by modifiyng my pom.xml I added this I also added a bit of delay because the API cannot remote call too often:
<configuration>
<nvdApiKey>1230b944-xxxx-xxxx-xxxx-c51993ff5a17</nvdApiKey>
<nvdApiDelay>3000</nvdApiDelay>
</configuration>
But the output was always the same. I tried with <autoupdate>false</autoupdate> but same result.
I really don't know what to do. Can anyone help me?