question: How to configure owasp so that it can run without need of running npm install beforehand

[EmreCihanbeyoglu]

Hi,

I have a pipeline for an node project. I want to add dependency check there but it takes so much time ( like 5 minutes) I am trying to optimize it.

I am wondering if it requires node_modules while running it. If not, can I install only this dependency (might be globally) in the beginning of the pipeline and then trigger scanning? Otherwise, I will be dependent on the job where I am installing and caching npm packages. This changes the order order of the jobs and performance because different times elapsed during different jobs.

I hope the question is clear. :)

Regards

[centi]

Yes, it requires the other NPM modules to be present while running. Maybe, for your use case, it would be simpler, if you would download the CLI (https://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html) at the start of your pipelines, rather then using this NPM module. And then use the CLI directly for dep. checking.

But, in my opinion, you will not shave much time by this. The check itself takes most of the time I think.