Describe the bug
For NPM Audit results that have CWE data in the Audit API response the CWE is missing on the dependency-check reports
Version of dependency-check used
The problem occurs using version 8.1.2
To Reproduce
Steps to reproduce the behavior:
- Create an npm project depending on [email protected]
- Run dependencyCheck
- Observe that CWE-1321 is not reported in the NPM advisory while it is present on the advisory as hosted on GHSA
Expected behavior
CWE-1321 also reported in the dependency-check report
Additional context
Root cause is at an error in the NPMAuditParser. The cwe field is retrieved as an optional String, but the field in the API response is an array.
Describe the bug
For NPM Audit results that have CWE data in the Audit API response the CWE is missing on the dependency-check reports
Version of dependency-check used
The problem occurs using version 8.1.2
To Reproduce
Steps to reproduce the behavior:
Expected behavior
CWE-1321 also reported in the dependency-check report
Additional context
Root cause is at an error in the NPMAuditParser. The
cwefield is retrieved as an optional String, but the field in the API response is an array.