Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency Track API Server - error with H2 "AFFECTEDVERSIONATTRIBUTION" after mirroring #4573

Open
2 tasks done
jonhall54 opened this issue Jan 21, 2025 · 4 comments
Open
2 tasks done

Dependency Track API Server - error with H2 "AFFECTEDVERSIONATTRIBUTION" after mirroring #4573

jonhall54 opened this issue Jan 21, 2025 · 4 comments
Labels
defect Something isn't working in triage

Comments

@jonhall54
Copy link

Current Behavior

After setting up dependency track with a new volume, and the API server logs show it has completed the NistApiMirrorTask and EpssMirrorTask a h2 error is thrown which does not clear on restart:

2025-01-21 16:46:19,959 INFO [RequirementsVerifier] Initializing requirements verifier
2025-01-21 16:46:19,960 INFO [UpgradeInitializer] Initializing upgrade framework
2025-01-21 16:47:22,284 WARN [Schema] Exception thrown while querying indices for table=AFFECTEDVERSIONATTRIBUTION
org.h2.jdbc.JdbcSQLNonTransientException: General error: "org.h2.mvstore.MVStoreException: Chunk 19247 not found [2.3.232/9]" [50000-232]

Steps to Reproduce

  1. Start dependency track with new docker volume via docker compose.
  2. Configure the following:
    1. Admin user password change.
    2. NVD API mirroring with an NVD API Key.
    3. OSV with vuln ID matching.
  3. Upload a BOM.
  4. Await completion of [NistApiMirrorTask], [EpssMirrorTask], and [EpssParser].
  5. Await [EmbeddedJettyServer] doing a config dump, followed by the error.

Expected Behavior

API server not to throw an error, indices from AFFECTEDVERSIONATTRIBUTION to match intended state.

Dependency-Track Version

4.12.2

Dependency-Track Distribution

Container Image

Database Server

H2

Database Server Version

No response

Browser

Google Chrome

Checklist
@jonhall54 jonhall54 added defect Something isn't working in triage labels Jan 21, 2025
@valentijnscholten
Copy link
Contributor

My experience is that H2 will eventually get corrupted and throw errors like this. Can you switch to a "real" database?

@jonhall54
Copy link
Author

No reason I couldn't but it does present a barrier to entry for doing a short proof of concept/ proof of value - note that another OWASP project defectdojo defaults to containerized postgres: https://github.com/DefectDojo/django-DefectDojo/blob/537298495f3ee6fa43a1a6928d91659a9633b58e/docker-compose.yml#L107 if H2 can be a bit flaky this could be considered?

@valentijnscholten
Copy link
Contributor

I like that approach better indeed. I believe for v4 DT will only support postgres: https://github.com/DependencyTrack/hyades

nscuro added a commit to nscuro/dependency-track that referenced this issue Jan 22, 2025
@nscuro
Update quickstart Compose file to use Postgres instead of H2
23a8e1c 
Since we don't recommend using H2, and H2 keeps causing issues, we shouldn't have it as a default for new users.

Relates to DependencyTrack#4573

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro mentioned this issue Jan 22, 2025
Merged
2 tasks
@nscuro
Copy link
Member

nscuro commented Jan 22, 2025

[...] if H2 can be a bit flaky this could be considered?

Good suggestion, here you go: #4576

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working in triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@valentijnscholten @nscuro @jonhall54