Joe Stephens

Hey all Sonatype Product Manager for OSS Index here. Firstly sorry this has caused you all an issue. There are a number of vulnerabilities that have been found by our...

@OrangeDog On it. https://github.com/jeremylong/DependencyCheck/issues/4535#issuecomment-1137191625

@OrangeDog https://github.com/jeremylong/DependencyCheck/issues/4535#issuecomment-1137233391

> Similar error, I think on an older version. > > ``` > [error] org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to request component-reports > [error] at org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:149) > [error] at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131) > [error] at...

@uwesinha have you tried in the last 20 mins? I've passed your message onto the team and we will verify those specific packages.

We at Sonatype really appreciate everyone's patience as we work through these issues. I can assure you we did extensively test these changes over the last 2 months but there...

@norrs All of the cases we've investigated so far have in fact not been false positives but because of the way we're currently presenting the data it is giving that...

> Any possibility to not use user and password in clear? Any token? > […](#) OSSI supports generating an API Token https://ossindex.sonatype.org/doc/api-token

@ctnelson1997 these issues should be resolved now

> Just so I understand correctly: The rate limiting issues are fixed on OSS Index so a user account is not needed anymore? > > By the way, after I...