Closed haugsrud closed 4 years ago
I just found out there is an experimental format, depcheck, which is exactly what I'm looking for.
Ok, cool. If you want to implement a custom format, the reporters are in https://github.com/RetireJS/retire.js/tree/master/node/lib/reporters
The full interface for a logger/report is:
logger = {
info : function(message) { ... },
debug : function(x) { if (config.verbose) ... },
warn : function(x) { ... },
error : function(x) { ... },
logDependency : function(finding) { ... },
logVulnerableDependency: function(finding) { ... },
close: function() { ... }
};
Retire.js version: (
retire --version
):node version: (
node --version
):Type: Question
Description: I am using the dependency-check tool for analyzing dependencies and push them into SonarQube, however this takes a huge amount of time and is not suitable for a CI/CD pipeline imo.
Retire.js takes just seconds, but I can't seem to find a good way to incorporate in my CI/CD pipeline. It would have been great if I were able to push the results into SonarQube and mark them as vulernabilites.
Expected behaviour: