Excluding NPM Dependencies
By default, OpenText SAST translates only the NPM dependencies that are imported in the code. You can change this behavior with the following two properties:
The
com.fortify.sca.follow.importsproperty directs OpenText SAST to resolve all imported files and include them in the translation.This property is enabled by default. Setting this property to false prevents NPM dependencies that are not explicitly included on the command-line from being included in the translation.
The
com.fortify.sca.exclude.unimported.node.modulesproperty directs OpenText SAST to exclude all files in any node_modules directory from the translation except files that are specifically imported by thecom.fortify.sca.follow.importsproperty.This property is enabled by default to avoid translating dependencies that are not needed for the final project such as those only required for the build system.