Fork me on GitHub

Proxy Configuration

All of the dependency-check clients (CLI, Maven, Gradle, Ant, Jenkins) can be configured to use a proxy to connect to the Internet. See the configuration settings for each:

Note, it may also be possible to use the core Java proxy system properties instead of the configuration above.

Certificate Errors

In some cases if you setup a proxy the connection may still fail due to certificate errors (see the log file from dependency-check). If you know which cert it’s failing on (either your proxy or NVD/CVE) you can either add the certificate itself or the signing chain to your trust store. If you don’t have access to modify the system trust store (in $JAVA_HOME/lib/security/cacerts) you can copy it elsewhere and import it using keytool, then specify that trust store on the command line (mvn or if you need to always have that set, you can set the environment variable JAVA_TOOL_OPTIONS to have

Still failing?

In some cases the proxy is configured to block HEAD requests. While an attempt is made by dependency-check to identify this situation it does not appear to be 100% successful. As such, the last thing to try is to add the property mvn -Ddownloader.quick.query.timestamp=false.

If trying the above and it still fails please open a ticket in the github repo.