Gemnasium-maven with npm for angular

Currently scanning a project with Angular support. It requires npm for ‘gradle dependencies’ to work. I can get this to work fine in the docker image via running ‘gradle dependencies’ on the cli, but it appears that ‘/analyzer run’ overrides the path so I end up with the following.

• Where:
  Build file ‘/gemnasium-maven/HailQuoteProcessing2/build.gradle’ line: 4

• What went wrong:
  A problem occurred evaluating script.

A problem occurred starting process ‘command ‘npm’’

What do I need to do to add to the path that analyzer (analyzer-binary) uses?

I found a work-around for this issue. I needed to set the path in /etc/profile

Ex: replace “export PATH”
with

NODEJS_HOME=/datadg/node-v16.13.2-linux-x64
PATH=$PATH:$NODEJS_HOME/bin
NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
export NODEJS_HOME
export NODEJS_EXTRA_CA_CERTS

export PATH

In my Dockerfile used to create my version of the image

FROM registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven:2

ENV TZ=America/Chicago
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
...
RUN mkdir -p /datadg

RUN curl -LJO https://nodejs.org/dist/v16.13.2/node-v16.13.2-linux-x64.tar.xz && \
    tar -xvf node-v16.13.2-linux-x64.tar.xz -C /datadg && \
    rm -f node-v16.13.2-linux-x64.tar.xz

ENV NODEJS_HOME /datadg/node-v16.13.2-linux-x64
ENV PATH $PATH:$NODEJS_HOME/bin
ENV NODE_EXTRA_CA_CERTS /etc/ssl/certs/ca-certificates.crt
RUN npm install -g @angular/cli

# Had to use this approach for /analyzer as it was overriding the path set above and couldn't see npm to run 'gradle dependencies'
RUN sed -i 's/export PATH/\nNODEJS_HOME=\/datadg\/node-v16.13.2-linux-x64\nPATH=$PATH:$NODEJS_HOME\/bin\nNODE_EXTRA_CA_CERTS=\/etc\/ssl\/certs\/ca-certificates.crt\nexport NODEJS_HOME\nexport NODEJS_EXTRA_CA_CERTS\n\nexport PATH/' /etc/profile