To improve robustness in the use case where NVD update is performed in a separate Jenkins job to the jobs that perform analysis,  it would help if Disable NVD auto-update were extended such that the update can be performed anyway when the data is no longer valid.  eg plugin has been updated but  the separate NVD update job has not yet been run.

On upgrading to plugin v3.0.1 and performing an analysis before an NVD update was performed, the following was logged:

[DependencyCheck] Analyzing Dependencies
[DependencyCheck] One or more exceptions were thrown while executing Dependency-Check
[DependencyCheck] Exception Caught: java.lang.IllegalArgumentException
[DependencyCheck] Message: Comparison method violates its general contract!
[DependencyCheck] java.lang.IllegalArgumentException: Comparison method violates its general contract!
[DependencyCheck]     at java.util.ComparableTimSort.mergeHi(ComparableTimSort.java:866)
[DependencyCheck]     at java.util.ComparableTimSort.mergeAt(ComparableTimSort.java:483)
[DependencyCheck]     at java.util.ComparableTimSort.mergeForceCollapse(ComparableTimSort.java:422)
[DependencyCheck]     at java.util.ComparableTimSort.sort(ComparableTimSort.java:222)
[DependencyCheck]     at java.util.Arrays.sort(Arrays.java:1312)
...
[DependencyCheck]
Build step 'Invoke OWASP Dependency-Check analysis' changed build result to FAILURE

After NVD update was performed, there were no more exceptions like this.

I do not see this as a defect...  it was my fault that things ran in the wrong order.

However, I suggest that the login in Disable NVD auto-update could be extended.  if the plugin checked the database validity (eg database version?) before performing an analysis then it could then perform a one-off NVD update on-the-fly...  an update which would occur automatically for the first analysis job that executes after plugin upgrade (and which would not occur if the NVD update has already run in its own job).