NVD integration failing consistently

superhumanben · ‎01-05-2024

Since rolling out VR late last year we've never seen a fully clean pull from NVD. Recently with the change from API 1.0 to 2.0, we have not been able to pull anything at all. The initial errors are either NVD:0 or 404 errors. We're at a supported application version, we've signed up and implemented an API key, still having errors. Any thoughts on how to troubleshoot this issue further?

Jan Spurlin · ‎01-07-2024

Just upgraded a few instances that I use to teach. Got a new NVD API key. Input it and the integration failed. I went and requested a new key - entered it - and this one worked. Not sure why... Trying to get people that know more about this than me involved :-). In the mean time, try getting a new API key.

superhumanben · ‎01-08-2024

Thank you Jan for the testing. I've requested a new API key and nothing changed, same errors. I did not change the URL.

First VINTPRC

Error: Invalid response code received from NVD: 0

Consecutive results from the same run.

Error: Invalid response code received from NVD: Not Found 404 The URL is incorrect. Encountered process error running the integration.

Scott Flynn · ‎01-08-2024

The NIST API key could need to be requested and saved to the SN instance several times until the job runs without error. I saw this exact same 404 error in December on my own instance. My 4th API key request of the NIST finally allowed an Integration Run to sync and complete to the NIST NVD.

superhumanben · ‎01-08-2024

I've updated our API key several times now with no change in results. I'm not sure how changing it more times is really going to help unless VR is just not accepting / updating the key appropriately. Here's a snapshot from the outbound HTTP logs. The URL matches what NIST says to use.