Creating a npm audit xml report

cli
product

(Christian Stornowski) #1

It should be possibile to execute npm audit --owasp and getting an OWASP Dependency Check XML.

Because nsp has been acquired by npm, Inc. and npm audit is more less a replacement for this https://www.npmjs.com/package/nsp project, the owasp nsp reporter (https://www.npmjs.com/package/@ninjaneers/nsp-reporter-owasp) is also dead.
Instead of relying on 2 “dead” projects for generating an owasp, npm should give a possibility to generate a owasp report.
So we have good foundation for displaying vulnerabilities in SonarQube.


(Metaa) #2

I think being able to choose a format (at least add JSON) should be a requirement for this aswell.