fix: add optional flag that allows skipping npm audit checks with OWA…

…SP dependency-check scanner (#214)

* fix: adding possible flag to disable npm audit reports

* chore: added space

* chore: docs

* fix: set default to false

* chore: update libraries/owasp_dep_check/README.md on typo

Co-authored-by: ltdonner-bah <141174159+ltdonner-bah@users.noreply.github.com>

---------

Co-authored-by: ltdonner-bah <141174159+ltdonner-bah@users.noreply.github.com>

libraries/owasp_dep_check/README.md

@@ -31,6 +31,7 @@ OWASP Dependency Check Library Configuration Options
 | `allow_suppression_file` | Allows whitelisting vulnerabilities using a suppression XML file                                                                                        | `true`                             |
 | `suppression_file`       | Path to the suppression file (see [here](https://jeremylong.github.io/DependencyCheck/general/suppression.html) for how to create a suppression file)   | `dependency-check-suppression.xml` |
 | `image_tag`              | The tag for the scanner Docker image used                                                                                                               | `7.3.0-8.6-2`                      |
+| `skip_node_audit`        | Skips the node audit with `--disableNodeAudit` if set to true. This can be useful if you have other mechanisms to audit npm packages (ex: npm audit).   |                                    |
 
 ## Example Configuration Snippet
 

libraries/owasp_dep_check/steps/application_dependency_scan.groovy

@@ -42,6 +42,11 @@ void call() {
           echo "\"${suppressionFile}\" does not exist. Skipping suppression."
         }
       }
+
+      Boolean skipNodeAudit = config?.skip_node_audit ?: false
+      if (skipNodeAudit) {
+        args += " --disableNodeAudit"
+      } 
 
       // perform the scan
       try {