Open kessenich opened 5 years ago
I have similar issue
DEBUG - Could not connect to Node Audit API. Received response code: 500 Internal Server Error
npm audit
works fine
npm: '6.14.8'
same situation :[ERROR] NodeAuditAnalyzer failed on /opt/atlassian/pipelines/agent/build/package-lock.json
Hi,
I created an issue with the NPM support, and the problem has been fixed.
There was a timeout on the npm audit endpoint used by the OWASP dependency check projet (https://registry.npmjs.org/-/npm/v1/security/audits) too short for the processing of a heavy package-lock.json. They extended the timeout and the error is gone.
Hi, I am also facing this issue but the package-lock.json is only 700KB. Is there any solution to this?
dependency check version: 6.2.2 Error faced in both CI and local
I am also intermittently having the same issue as @chloepa. I'm using the Azure DevOps task and that error occurs 2/10 times I run my OWASP check on my build servers.
The package-lock.json file's size is only 2.1 KB for my scan.
Unfortunately I don't have any additional information as when I try and get verbose output from the servers it causes the task to run for 90+ minutes and then my build times out when it normally takes around 10-15 minutes for the OWASP scan to run.
Any assistance or guidance on things to try would be appreciated.
Hi, I created an issue with the NPM support, and the problem has been fixed. There was a timeout on the npm audit endpoint used by the OWASP dependency check projet (https://registry.npmjs.org/-/npm/v1/security/audits) too short for the processing of a heavy package-lock.json. They extended the timeout and the error is gone.
Can you tell which version fix the issue ?
@aurelienchapinseite Could you let me know how you solved this issue here? I experienced this issue today (May, 2022) with the following versions: Depdendency-Check: 7.1.0 NPM: 8.10.0
I'm also seeing this issue on Azure DevOps, when analyzing a Vite project. Any suggestions?
Describe the bug Dependency Check fails on Node Audit Analysis with an error, when the package-lock.json size is more than 1 MB.
Version of dependency-check used The problem occurs using version 5.1.1 of the the cli
Log file Unfortunately the log file is to huge for uploading it with more than 300MB. But, I have a gist with an example package.json and package-lock.json for tests: https://gist.github.com/kessenich/ff21cbe3e9d7d989fab43a699d507111
To Reproduce Steps to reproduce the behavior:
sh dependency-check/bin/dependency-check.sh -s . --disableAssembly --disableBundleAudit --disableRetireJS -o report.html -l log.txt
Expected behavior Dependency check runs without errors
Additional context When I run
npm audit
everything works fine. When I delete randomly a few packages from the package.json than the dependency check works fine.