2 
Error:
15:35:18 [ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
15:35:18 [ERROR] caused by DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
15:35:18 [ERROR] caused by DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
15:35:18 [ERROR] caused by SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] caused by ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] caused by SunCertPathBuilderException: unable to find valid certification path to requested target
15:35:18 [ERROR] NoDataException: No documents exist

我们添加了依赖检查插件 pom.xml

<plugin>  
         <groupId>org.owasp</groupId>  
         <artifactId>dependency-check-maven</artifactId>  
         <version>6.0.3</version>  
         <executions>  
           <execution>  
             <goals>  
               <goal>check</goal>  
             </goals>  
           </execution>  
         </executions>  
         <configuration>         
           <!-- Generate all report formats -->             
           <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>          
         </configuration>  
       </plugin>
4

1 回答 1

4

此错误通常意味着您的 JVM 无法创建与服务器的安全 (https) 连接,nvd.nist.gov因为它不信任服务器提供的证书。为了信任服务器,服务器或签名机构的公共证书必须位于 JVM 使用的信任库中。默认情况下,信任库位于 中%JAVA_HOME%\lib\security\cacerts,您可以使用以下 (windows) 列出其内容keytool -list -keystore "%JAVA_HOME%\lib\security\cacerts" -storepass changeit。您应该看到证书列表,如果digicertglobalrootg2未列出,则需要导入它以信任服务器,因为证书由CN=DigiCert Global Root G2、OU=www.digicert.com、O=DigiCert Inc、C=US签名. 您使用的是什么版本的 Java?上述证书可能不包含在1.8 之前的Java 信任库中。

于 2020-12-03T04:40:19.170 回答