Vulnerability integration run fails for NVD CVSS3.0 integration


Description

Symptoms

 Vulnerability integration process for the vulnerability integration run gives the error message 'Import set complete with error' in the processing notes. The  corresponding import set that gets created will have no import set rows. The Vulnerability integration process record contains 'At least one import queue entry is in error. No more data to process at this  time.' error message 

Cause

NVD CVSS3.0 integration makes a call to this end point https://nvd.nist.gov/vuln/data-feeds#JSON_FEED to get the zipped JSON file. 

This ZIP file decompresses into a 200MB+ JSON file, which is larger than the default platform limit of 100MB for JSON imports, which is why the import set fails to load the data. 

Resolution

Increase the system property that controls this limit to 250MB or higher, in order to allow the import set system to correctly process it. 

This system property can be found under System Properties -> Import Export -> Import Properties -> JSON Format -> "Maximum file size for import (MB)".