Describe the bug
The newly released dependency check docker image was unable to locate the node_modules folder, while the previous image works.
The problem is the same as mentioned by another user, jeremylong/DependencyCheck#5116 (comment).
Version of dependency-check used
The problem occurs using version 7.4.0, running with docker commands that was published in Docker Hub. The script file used is exactly the same as previous successful runs.
Log file
With image tag 7.4.0,
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[WARN] Unable to find node module: /src/node_modules/@ampproject/remapping/node_modules/@jridgewell/gen-mapping/package.json
[WARN] Unable to find node module: /src/node_modules/@ampproject/remapping/node_modules/@jridgewell/trace-mapping/package.json
Run with image tag 7.3.2,
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Node.js Package Analyzer (23 seconds)
[INFO] Finished Dependency Merging Analyzer (2 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (9 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Node Audit Analyzer (0 seconds)
[INFO] Finished Yarn Audit Analyzer (1 seconds)
[INFO] Finished RetireJS Analyzer (59 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (22 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (33 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (155 seconds)
To Reproduce
Try to run the docker image to scan a NodeJS project with the script published in Docker Hub.
- Create a NodeJS module. The NodeJS and npm version shouldn't matter, but just in case, we try with a react app that is created with NodeJS 18.12.1 , npm v8 .
- Copy the script in https://hub.docker.com/r/owasp/dependency-check into
./bin/owasp-dependency-check-docker.
- Set DC_VERSION="7.4.0" and DC_VERSION="7.3.2".
npx create-react-app my-app-owasp-check
cd my-app-owasp-check
./bin/owasp-dependency-check-docker
Expected behavior
It should pass the node_modules resolution phase and start Node.js Package Analyzer.
Additional context
NA
Describe the bug
The newly released dependency check docker image was unable to locate the
node_modulesfolder, while the previous image works.The problem is the same as mentioned by another user, jeremylong/DependencyCheck#5116 (comment).
Version of dependency-check used
The problem occurs using version 7.4.0, running with docker commands that was published in Docker Hub. The script file used is exactly the same as previous successful runs.
Log file
With image tag 7.4.0,
Run with image tag 7.3.2,
To Reproduce
Try to run the docker image to scan a NodeJS project with the script published in Docker Hub.
./bin/owasp-dependency-check-docker.Expected behavior
It should pass the
node_modulesresolution phase and start Node.js Package Analyzer.Additional context
NA