If npm audit shows vulnerabilities, shouldn't DependencyTrack also show them? #1344
-
I am introducing this into our projects, and on the first project I am wondering:
I then ran cyclonedx and uploaded the bom to dependency Track.
I do have Internal, Sonatype and NPM analyzers active, and since licenses and version updates are resolved well, I think recognition of the package should be fine. |
Beta Was this translation helpful? Give feedback.
Answered by
stevespringett
Jan 21, 2022
Replies: 1 comment 2 replies
-
All due to breaking changes made by GitHub. Refer to #1225 for full explanations and details about where NPM support is at. |
Beta Was this translation helpful? Give feedback.
2 replies
Answer selected by
rkg-mm
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
All due to breaking changes made by GitHub. Refer to #1225 for full explanations and details about where NPM support is at.