Hi all
I know the jenkins plugin is an orphan right now, and it's using an older version of the dependency check core.
I also know that we've been having issues with node scans not honouring the --nodeAuditSkipDevDependencies flag, which has been fixed in 6.0.3.
I've disabled my retirejs and nodejs packages as below in a properties file
analyzer.node.package.enabled=false
analyzer.retirejs.enabled=false
I've now tried to use the plugin, with the flag, and getting this error
[DependencyCheck] Unrecognized option: --nodeAuditSkipDevDependencies
[DependencyCheck] usage: Dependency-Check Core
My question is this
Is it possible to use the most up to date jenkins plugin and tell it to skip the dev dependencies, but only in the .properties file?
I'm pretty sure I'm going to have to stop using the plugin for node module scans until it gets updated, and install the updated CLI onto the jenkins node itself and do it like that, this is a hail mary!!
Thanks
Matt