Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Question #7365

Open
DeuxCatPotes opened this issue Jan 30, 2025 · 1 comment
Open

Question #7365

DeuxCatPotes opened this issue Jan 30, 2025 · 1 comment
Labels
pending more information question

Comments

@DeuxCatPotes
Copy link

Hello,

I'm not an expert not in dependency check nor in yarn/node.
I currently have a project that use npm for build, etc. It also use command line Dependency Check for scan.

How Dependency Check manage/detect what kind of project is it.
I currently have 2 behavior with or without following argument :

  • disableYarnAudit

I think the good option is to set the option as it's a node/npm project. Not a yarn one.

The yarn scanner find security issues not find when it's disable. (as dependencies are not vulnerable).

One other thing is Dependency Check use a LAN database mirror.

Is just the detection can be improve ? or there is thing i miss ?
@jeremylong
Copy link
Owner

We would need a lot more detail and samples to be able to give any guidance or make improvements.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
pending more information question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeremylong @DeuxCatPotes