I have a multi module gradle project that I am try to scan using Black Duck to identify open source software and risks associated with them.
My problem is that when I use following settings for scanning my frontend modules (backend modules are different) then the Gradle package manager is scanned and BOM scan is performed. But the package.json is not scanned and I get the following error:
error [main] --- one or more required detector types were not found: npm
My blackduck settings:
--detect.required.detector.types=GRADLE,NPM --detect.gradle.path="${bamboo.capability.system.builder.gradle.Gradle 7.4.2}/bin/gradle" --detect.npm.path="${bamboo.capability.system.builder.npm.Npm (Node.js 14.19.3)}"
As you mentioned that you have separate frontend modules, then in that case each of your frontend module may be having a package.json at
that module's root folder. For example, for a frontend module say "common-ui" you may have a package.json at common-ui/package.json.
So, in order to scan package.json you need to increase the search depth of the BlackDuck scanner. Add following configuration to your existing configuration:
--detect.detector.search.depth=5
You can of course decrease (its highly unlikely you would need the scan depth > 5) the scan depth as per your frontend module structure.