Hi,
I'm new to ODC and would like understand the the correct command line parameters I should be using.
Version: Command Line / 6.0.2
The project is built using Yarn package manager. I read that ODC requires a package-lock.json file. The commands I'm running are:
npm install --package-lock-only --production
dependency-check.sh -s "[root folder]" --disableNodeJS --disableRetireJS --nodeAuditSkipDevDependencies
This only reports scanning 27 dependencies when the package.json has 52 dependencies. And the report doesn't make sense in respect to the vulnerable packages listed are not in the package.json
So, my question is, what commands should I be running in order to scan correctly?
Many thanks
Hi,
I'm new to ODC and would like understand the the correct command line parameters I should be using.
Version: Command Line / 6.0.2
The project is built using Yarn package manager. I read that ODC requires a
package-lock.jsonfile. The commands I'm running are:npm install --package-lock-only --productiondependency-check.sh -s "[root folder]" --disableNodeJS --disableRetireJS --nodeAuditSkipDevDependenciesThis only reports scanning 27 dependencies when the
package.jsonhas 52 dependencies. And the report doesn't make sense in respect to the vulnerable packages listed are not in thepackage.jsonSo, my question is, what commands should I be running in order to scan correctly?
Many thanks