Closed EmreCihanbeyoglu closed 3 months ago
Katheeja-Yasmin
commented
3 months ago I am also facing the similar issue. when i try to run owasp-dependency-check plugin for javascript project and point it to package-lock.json to scan,it takes around 20-25 mins to execute and generate report in the specified path.
martin-traverse
commented
3 months ago I had this problem and after looking on various related sites for documentation, there are basically two answers:
The CLI documentation describes the arguments needed to use both the API Key and the data feed.
I found some level of improvement from using the API Key, but the thing that really made a difference was the data feed mechanism which brought my compliance CI jobs back down to just a few minutes. Also, make sure you are using caching - set the data directory where the tool stores its cache files and database, then make sure that is cached and restored in your CI pipeline.
centi
commented
3 months ago This NPM package serves as a wrapper for the official CLI only. So this question should be directed to the authors (https://github.com/jeremylong/DependencyCheck).
Try the CLI (https://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html) directly and if the time is the same (similar) than this package cannot do much more.
Hi,
This is a question about execution time. I have seen that it takes 4-6 minutes to complete its job in Gitla CI which is long time for a pipeline. To be able to use it effectively I need to find a way to reduce this time. I have seen some good implementations for Java / Maven projects. It looks like it is possible to download libraries which are required by owasp for scanning (in a docker image) and then refer this to the dependency so that it will not try to install them again. it reduces time for 4 minutes to 1 minute.
I am wondering if this can be achieved for this package also for a Vue app. Which options should I use to define library path (which can be provided by a docker ) or any other suggestion?
Kind regards Emre