Skip to content

Bug: Failed to fetch vulnerabilities from OpenSCA server (code 500003) #342

Open
Open
Bug: Failed to fetch vulnerabilities from OpenSCA server (code 500003)#342
Assignees
luotianqi777
Labels
bugSomething isn't working
@harusame-tyou

Description

@harusame-tyou
harusame-tyou
opened on Apr 28, 2026

🐛 Bug: Failed to fetch vulnerabilities from OpenSCA server (code 500003)

Description

When running OpenSCA CLI scan, the client fails to retrieve vulnerability and license data from the server API.

The scan completes successfully but reports 0 vulnerabilities, which appears to be incorrect because the server request returns an error.

Logs

[INFO] prepare report
[INFO] load 0 vulnerability
[INFO] get server vuln
[WARN] url:https://opensca.xmirror.cn/oss-saas/api-v1/open-sca-client/detect code:500003 message: 操作失败
[INFO] get server license
[WARN] url:https://opensca.xmirror.cn/oss-saas/api-v1/open-sca-client/detect code:500003 message: 操作失败
[INFO] calculate indirect vuln
[WARN] database origin error: 操作失败
[INFO] result save to out.json
Complete!
Components:16941 C:0 H:0 M:0 L:0
Vulnerabilities:0 C:0 H:0 M:0 L:0

Expected Behavior

  • The client should successfully retrieve vulnerability and license data from the server
  • Or at least return a clear error instead of reporting 0 vulnerabilities

Actual Behavior

  • Server API returns:

    code:500003 message: 操作失败

  • No vulnerability data is returned

  • Final report shows:

    Vulnerabilities: 0

    which is misleading

Environment

  • OpenSCA CLI version: 3.0.10
  • Deployment method: Docker
  • OS: Linux
  • Network: internal network

Steps to Reproduce

  1. Run OpenSCA scan (via Docker or CLI)
  2. Observe logs when fetching server data
  3. See API failure and empty vulnerability result

Additional Context

  • Network connectivity to opensca.xmirror.cn is normal
  • The issue seems to be related to server-side API (/detect) returning error 500003
  • This results in misleading scan output (0 vulnerabilities)

Questions

  • What does error code 500003 mean?
  • Is this a known issue or service instability?
  • Is there a fallback or offline mode recommended?

Suggestion

  • Return a clear failure status instead of 0 vulnerabilities
  • Provide better error message or retry mechanism

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions