Error Analyzing Angular App + node-gyp dependency

[jmtt89]

Describe the bug Dependency check operation breaks when run in an Angular app with node-gyp dependency installed

Version of dependency-check used The problem occurs using version 10.0.2

Log file

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.


   About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
   False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html

💖 Sponsor: https://github.com/sponsors/jeremylong


[INFO] Analysis Started
[INFO] Finished Archive Analyzer (5 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (2 seconds)
[INFO] Finished Central Analyzer (10 seconds)
[ERROR] ----------------------------------------------------
[ERROR] .NET Assembly Analyzer could not be initialized and at least one 'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the path; either disable the Assembly Analyzer or add the path to dotnet core in the configuration.
[ERROR] The dotnet 8.0 core runtime or SDK is required to analyze assemblies
[ERROR] ----------------------------------------------------
[INFO] Finished Python Distribution Analyzer (0 seconds)
[INFO] Finished Python Package Analyzer (0 seconds)
[WARN] An unexpected error occurred during analysis of '/home/jtorres/experiments/base/demo-project/node_modules/node-gyp/gyp/pyproject.toml' (Poetry Analyzer): java.lang.IllegalStateException: Invalid key on line 41: lint.select
[ERROR]
java.lang.RuntimeException: java.lang.IllegalStateException: Invalid key on line 41: lint.select
        at com.moandjiezana.toml.Toml.read(Toml.java:74)
        at org.owasp.dependencycheck.analyzer.PoetryAnalyzer.analyzeDependency(PoetryAnalyzer.java:150)
        at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
        at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
        at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.lang.IllegalStateException: Invalid key on line 41: lint.select
        at com.moandjiezana.toml.Toml.read(Toml.java:140)
        at com.moandjiezana.toml.Toml.read(Toml.java:107)
        at com.moandjiezana.toml.Toml.read(Toml.java:72)
        ... 8 common frames omitted
[INFO] Finished Poetry Analyzer (0 seconds)
[WARN] dependency skipped: node module @esbuild/aix-ppc64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/android-arm seems optional and not installed
[WARN] dependency skipped: node module @esbuild/android-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/android-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/darwin-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/darwin-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/freebsd-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/freebsd-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-arm seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-ia32 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-loong64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-mips64el seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-ppc64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-riscv64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-s390x seems optional and not installed
[WARN] dependency skipped: node module @esbuild/netbsd-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/openbsd-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/sunos-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/win32-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/win32-ia32 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/win32-x64 seems optional and not installed
[WARN] dependency skipped: package.json contain an alias for string-width-cjs => string-width@^4.2.0 npm audit doesn't support aliases
[WARN] dependency skipped: package.json contain an alias for strip-ansi-cjs => strip-ansi@^6.0.1 npm audit doesn't support aliases
[WARN] dependency skipped: package.json contain an alias for wrap-ansi-cjs => wrap-ansi@^7.0.0 npm audit doesn't support aliases
[WARN] dependency skipped: node module @rollup/rollup-android-arm-eabi seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-android-arm64 seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-darwin-arm64 seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-darwin-x64 seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-linux-arm-gnueabihf seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-linux-arm-musleabihf seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-linux-arm64-gnu seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-linux-arm64-musl seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-linux-powerpc64le-gnu seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-linux-riscv64-gnu seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-linux-s390x-gnu seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-win32-arm64-msvc seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-win32-ia32-msvc seems optional and not installed
[WARN] dependency skipped: node module @rollup/rollup-win32-x64-msvc seems optional and not installed
[WARN] dependency skipped: node module fsevents seems optional and not installed
[WARN] dependency skipped: node module @esbuild/aix-ppc64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/android-arm seems optional and not installed
[WARN] dependency skipped: node module @esbuild/android-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/android-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/darwin-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/darwin-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/freebsd-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/freebsd-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-arm seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-ia32 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-loong64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-mips64el seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-ppc64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-riscv64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/linux-s390x seems optional and not installed
[WARN] dependency skipped: node module @esbuild/netbsd-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/openbsd-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/sunos-x64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/win32-arm64 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/win32-ia32 seems optional and not installed
[WARN] dependency skipped: node module @esbuild/win32-x64 seems optional and not installed
[INFO] Finished Node.js Package Analyzer (7 seconds)
[INFO] Finished PE Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (1 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished NPM CPE Analyzer (3 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (21 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[WARN] dependency skipped: package.json contain an alias for string-width-cjs => string-width@^4.2.0 npm audit doesn't support aliases
[WARN] dependency skipped: package.json contain an alias for strip-ansi-cjs => strip-ansi@^6.0.1 npm audit doesn't support aliases
[WARN] dependency skipped: package.json contain an alias for wrap-ansi-cjs => wrap-ansi@^7.0.0 npm audit doesn't support aliases
[INFO] Finished Node Audit Analyzer (1 seconds)
[WARN] The Yarn Audit Analyzer has been disabled. Yarn executable was not found.
[ERROR] Exception occurred initializing Yarn Audit Analyzer.
[INFO] Finished RetireJS Analyzer (102 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (8 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (19 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (185 seconds)
[INFO] Writing XML report to: /home/jtorres/experiments/base/demo-project/./dependency-check-report.xml
[INFO] Writing HTML report to: /home/jtorres/experiments/base/demo-project/./dependency-check-report.html
[INFO] Writing JSON report to: /home/jtorres/experiments/base/demo-project/./dependency-check-report.json
[INFO] Writing CSV report to: /home/jtorres/experiments/base/demo-project/./dependency-check-report.csv
[INFO] Writing SARIF report to: /home/jtorres/experiments/base/demo-project/./dependency-check-report.sarif
[INFO] Writing JENKINS report to: /home/jtorres/experiments/base/demo-project/./dependency-check-jenkins.html
[INFO] Writing JUNIT report to: /home/jtorres/experiments/base/demo-project/./dependency-check-junit.xml
[INFO] Writing GITLAB report to: /home/jtorres/experiments/base/demo-project/./dependency-check-gitlab.json
[ERROR] java.lang.IllegalStateException: Invalid key on line 41: lint.select
[ERROR] Unable to read yarn audit output.

To Reproduce Steps to reproduce the behavior:

1. ng new demo-project
2. cd demo-project
3. npm install node-gyp
4. $ VERSION=$(curl -s https://jeremylong.github.io/DependencyCheck/current.txt)
5. $ curl -Ls "https://github.com/jeremylong/DependencyCheck/releases/download/v$VERSION/dependency-check-$VERSION-release.zip" --output dependency-check.zip
6. unzip dependency-check.zip
7. ./dependency-check/bin/dependency-check.sh --format ALL --out . --scan . --enableExperimental --prettyPrint

Expected behavior successful finish

Additional context The reports are successfully written to the directory, but the command execution fails which breaks my CICD process, my current workaround is to add || true at the end of dependency-check.sh command