Veracode SCA supports vulnerable method analysis for NPM packages using the NPM and Yarn package managers. It does not support vulnerable method analysis with Bower.
To complete this task:
In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
Click the Agent-Based Scan tab.
Select your workspace.
Click Regular Expression Denial Of Service (ReDoS) in the Vulnerabilities table.
The Vulnerable Methods section shows that the
marked.InlineLexermethod is the vulnerable part of the library.
To address the identified vulnerable method, do one of these tasks:
- Change your code to perform in the same manner without relying on this particular method.
- Follow the provided instructions to update the library to a safe version.