Dependency Scanning fails to find nodejs vulnerability
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
Dependency Scanning fails to find vulnerabilities in nodejs project.
Steps to reproduce
- Create a nodeJS project
- Set Auto Devops to the project.
- Create a
package.jsonwith an old package containing vulnerabilities (like this)
Example Project
- https://gitlab.com/le.storm1er/autodevopsreact/
- https://gitlab.com/le.storm1er/autodevopsreact/-/jobs/194804171
What is the current bug behavior?
Vulnerabilities are detected while dependency_scanning jobs but are not listed and neither reported in merge request.
What is the expected correct behavior?
Vulnerabilities should be displayed in jobs and reported in merge_request.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Possible fixes
Unknown
Edited by 🤖 GitLab Bot 🤖