Retire.js analyzer fails in offline environment
Summary
Offline environment (air-gapped) support for Retire.JS has been implemented with #33719 (closed) but unfortunately, this is failing, probably due to usage of self-signed certificate.
Steps to reproduce
- Setup Dependency Scanning for offline mode on a JS project using npm
- run pipeline and see retire.js job failing
Example Project
What is the current bug behavior?
Retire.JS analysis is failing (exit status 1)
What is the expected correct behavior?
Retire.JS analysis succeeds
Relevant logs and/or screenshots
Possible fixes
Disable ssl check when fetching external JSON files for vulnerability DB?