Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Support Yarn #367

Copy link
Copy link
Open
Open
Copy link
@quinnturner

Description

@quinnturner
Issue body actions

With the release of Dependency-Check v6.1.0 (and subsequent fixes in v6.1.1), Yarn auditing is supported natively.

In this plugin, the logs that I receive during my CI pipeline suggest that Yarn is not directly supported.

INFO: Sensor Dependency-Check [dependencycheck]
INFO: Process Dependency-Check report
INFO: Using JSON-Reportparser
INFO: No project configuration file, e.g. pom.xml, *.gradle, *.gradle.kts, package-lock.json found, therefore it isn't possible to correctly link dependencies with files.

Where the project's sonar-project.properties contains the value:

sonar.sources=src,yarn.lock

Describe the solution you'd like

This plugin should support Yarn now that Dependency-Check supports auditing with yarn audit --verbose with the file yarn.lock.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementlifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.Indicates that an issue or PR should not be auto-closed due to staleness.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      Morty Proxy This is a proxified and sanitized view of the page, visit original site.