Commit c295db2f authored by Nick Gaskill's avatar Nick Gaskill

Merge branch 'update-dependency-scanning-local-path-reference-limitation' into 'master'

Provide workaround for DS local file limitation

See merge request gitlab-org/gitlab!32293
parents 7b94aa7f e01b4be6
...@@ -571,15 +571,18 @@ ensure that it can reach your private repository. Here is an example configurati ...@@ -571,15 +571,18 @@ ensure that it can reach your private repository. Here is an example configurati
### Referencing local dependencies using a path in JavaScript projects ### Referencing local dependencies using a path in JavaScript projects
Although dependency scanning doesn't support it, you can reference dependencies by using a The [Retire.js](https://gitlab.com/gitlab-org/security-products/analyzers/retire.js) analyzer
[local path](https://docs.npmjs.com/files/package.json#local-paths) in the `package.json` for a doesn't support dependency references made with [local paths](https://docs.npmjs.com/files/package.json#local-paths)
JavaScript project. The dependency scan generates the following error when you use in the `package.json` of JavaScript projects. The dependency scan outputs the following error for
`file: <path/to/dependency-name>` to reference a package: such references:
```text ```text
ERROR: Could not find dependencies: <dependency-name>. You may need to run npm install ERROR: Could not find dependencies: <dependency-name>. You may need to run npm install
``` ```
As a workaround, remove the [`retire.js`](analyzers.md#selecting-specific-analyzers) analyzer from
[DS_DEFAULT_ANALYZERS](#configuring-dependency-scanning).
## Troubleshooting ## Troubleshooting
### Error response from daemon: error processing tar file: docker-tar: relocation error ### Error response from daemon: error processing tar file: docker-tar: relocation error
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment