Skip to content

Why does the OWASP Dependency-Check fail reaching⚓︎


Why does the OWASP Dependency-Check fail reaching


As of February 2015, Sonatype is explicitly blocking the requests against made by OWASP Dependency-Check.


The OWASP Dependency-Check is a third-party tool not maintained by Sonatype that had a default configuration which sent GET requests to to get checksums for components.

An alternative endpoint using has been provided to the tool authors. Changes to use the new endpoint by default were made in version 1.2.6 of the tool.

Dependency Check tool users should upgrade OWASP dependency check to version 1.2.6 or greater to make use of the endpoint. Alternately, configure the tool to use your own Nexus Repository Manager instance.