Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NodeAuditAnalyzer failed on /builds/projectsperu/projectExample/package-lock.json #6470

Closed
NeisserMS opened this issue Feb 16, 2024 · 3 comments
Closed

NodeAuditAnalyzer failed on /builds/projectsperu/projectExample/package-lock.json #6470

NeisserMS opened this issue Feb 16, 2024 · 3 comments
Labels
bug

Comments

@NeisserMS
Copy link

My project is made with Angular, I have already tried to debug the problem but I don't understand, the node_module and the package-lock.json file are supposed to be present after running npm install, that is why I run commands like pwd to verify my path and ls -la to view the file. Please help me solve this problem, I'm just getting started on this.

variables:
    NODE_VERSION: "18.19.0"
    ANGULAR_CLI_VERSION: "15.0.4"

stages:
    - owasp

owasp:
    stage: owasp
    image:
        name: node:$NODE_VERSION
    cache:
        key:
            files:
                - package-lock.json
        paths:
            - node_modules/
        when: always
        policy: pull-push
    before_script:
        - apt-get update
        - apt-get install -y nodejs npm
        - apt-get install -y openjdk-11-jdk
        - export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
        - export PATH="$JAVA_HOME/bin:$PATH"
        - npm install -g @angular/cli@$ANGULAR_CLI_VERSION
        - pwd
        - ls -la
        - wget https://github.com/jeremylong/DependencyCheck/releases/download/v9.0.9/dependency-check-9.0.9-release.zip
        - unzip dependency-check-9.0.9-release.zip
        - export PATH=$PATH:`pwd`/dependency-check/bin
        - pwd
        - ls -la
    script:
        - pwd
        - npm install
        - ls -la
        - dependency-check.sh
          --project "projectExample"
          --scan .
          --out .
          --format "ALL"
          --disableAssembly
    artifacts:
        paths:
            - $CI_PROJECT_DIR/dependency-check-report.html
            - $CI_PROJECT_DIR/dependency-check-report.json
        when: always

I am wanting to use the dependency-check tool in my pipeline and warnings start to appear in the execution console:

[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[WARN] No lock file exists - this will result in false negatives; please run `npm install --package-lock`
[WARN] Analyzing `/builds/projectsperu/projectExample/src/assets/plugins/bootstrap-session-timeout/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[ERROR] NodeAuditAnalyzer failed on /builds/projectsperu/projectExample/package-lock.json
[ERROR] Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.
@NeisserMS NeisserMS added the bug label Feb 16, 2024
@oliverlockwood
Copy link
Contributor

Having encountered similar, and tested this with a local build of the main branch of Dependency-Check.

I believe that PR #6690 (done in the context of #6437) has fixed this.

@jeremylong
Copy link
Owner

Thank you for testing and confirming this is closed.

@NeisserMS
Copy link
Author

Thank you so much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jeremylong @oliverlockwood @NeisserMS