Open weihan1394 opened 1 month ago
Try adding --disableNodeJS
. There are a couple of JS analyzers and that one can cause the dev dependencies to be included and there isn't a way to exclude them. You might also need to disable the retire JS analyzer.
Following from the discussion from this issue created before (https://github.com/jeremylong/DependencyCheck/issues/1806)
Is there a way to exclude the dev-dependency from the dependency-check scan. I realize that with
--nodeAuditSkipDevDependencies
it just does not scan the dev-dependencies but in the HTML report it still reflect the dependency in dev-dependency. Hope anyone could share more insight if it could be remove from the report.Thank you.