I'm trying to setup a process to check the known vulnerabilities in an Angular 7 / Node project. How can I run a process like this? Are there any tools to use?
I already tried to run, using maven, the dependency-check-maven plugin but it creates me a report saying 0 things were checked.
Last execution results:
dependency-check version: 4.0.2
Report Generated On: Mar 27, 2019 at 17:02:49 +00:00
Dependencies Scanned: 0 (0 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
Those 0 in the Dependencies Scanned make me think "This is not working".
I just found the owasp plug-in for jenkins that is running perfectly. I don't know if it's the best option, but for now it works for me.