You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DependencyCheck supports pnpm based frontend projects out of the box with the PnpmAuditAnalyzer.
With the DependencyCheck gradle task this analyzer will not be activated because the default scanset does not include the relevant pnpm-lock.yaml file.
The PnpmAuditAnalyzer is skipped because it assumes that no pnpm-lock.yaml is present.
Would it be possible to add pnpm-lock.yaml to the default scanset (as e.g. yarn.lock)?
The default scanset does include the file pnpm.lock, which is probably obsolete - neither does pnpm generate this file, not does the PnpmAuditAnalyzer consider it.
The text was updated successfully, but these errors were encountered:
DependencyCheck supports pnpm based frontend projects out of the box with the PnpmAuditAnalyzer.
With the DependencyCheck gradle task this analyzer will not be activated because the default scanset does not include the relevant
pnpm-lock.yamlfile.dependency-check-gradle/src/main/groovy/org/owasp/dependencycheck/gradle/tasks/AbstractAnalyze.groovy
Line 441 in f59680a
The PnpmAuditAnalyzer is skipped because it assumes that no
pnpm-lock.yamlis present.Would it be possible to add
pnpm-lock.yamlto the default scanset (as e.g.yarn.lock)?The default scanset does include the file
pnpm.lock, which is probably obsolete - neither does pnpm generate this file, not does the PnpmAuditAnalyzer consider it.The text was updated successfully, but these errors were encountered: