securitydependenciesowasp

How to run OWASP Dependency Check for an Angular project?

I'm trying to use this in an Angular project:

https://owasp.org/www-project-dependency-check/

We use the Database server approach explained in https://jeremylong.github.io/DependencyCheck/data/database.html in all our builds, but I been unable to trigger this analysis for the Angular project.

The official documentation offers this:

https://jeremylong.github.io/DependencyCheck/analyzers/nodejs.html

Alas, I could not figure out how to use for the angular build. I have also tried the command below with no success either.

$ npm audit

What am I missing here?

Solution

  • Once you have installed OWASP Dependency Checker and have added it to your system path:

    1. cd into {the Angular project directory}
    2. run ng build
    3. Then run dependency-check.bat --project {project name} --scan .\node_modules --out {target directory} -f JSON -f HTML