DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

Owasp Dependency Check devdependency exclusion

Open sametr35 opened this issue 1 year ago • 1 comments
trafficstars

Hello @jeremylong,

I am looking to exclude development dependencies from the OWASP Dependency Check scan. I use the --nodeAuditSkipDevDependencies and --nodePackageSkipDevDependencies parameters for it. However, it does not exclude some of our development dependencies. For a better understanding, can you please explain how this exclusion process works? How does it determine which dependencies are development and which are production?

sametr35 avatar Feb 28 '24 10:02 sametr35

disable the node package analyzer - its garbage and needs to be re-written. If you use just the node audit analyzer - it is really no different the just running npm audit as that is what it does under the covers.

jeremylong avatar Feb 28 '24 13:02 jeremylong