Skip to main content
Skip table of contents

Configuring the Unified Agent for Bower

This article covers best practices and configuration recommendations for using the Unified Agent to scan Bower projects.

Best Practices

Before scanning a Bower project, ensure the following for the most accurate results:

  1. You are using Bower version 1.8.12+

  2. The project can be built successfully on the machine where you are running the scan

  3. You have a bower.json manifest file available within the directory that is being scanned

  4. You are using the latest Unified Agent. You can download the latest version here

Configuring Unified Agent Parameters

The following parameter should always be set to resolve Bower dependencies using the Unified Agent:

CODE
bower.resolveDependencies=true

Additional Parameters

If you are running the bower install command prior to the scan, set the following Unified Agent parameter:

CODE
bower.runPreStep=false

This means that the Unified Agent will rely on the bower_components folder that was created prior to the scan. If you wish to have the Unified Agent run bower install and generate the bower_components folder from the bower.json file, set this parameter to true.

If you would like to ignore source files related to Bower (recommended), set the following Unified Agent parameter:

CODE
bower.ignoreSourceFiles=true

This will add the following file extensions to the excludes parameter of the Unified Agent: .js, .ts, .tsx, .coffee. If you wish to include these files within your scan, set this parameter to false.

Frequently Asked Questions

Q: I am running the Unified Agent scan on my Bower project and I have a bower.json file available, why am I receiving zero Bower dependencies in my scan results?

A: This is typically caused by the absence of a related bower_components folder. Unlike NPM, Bower does not have a lock file that can be utilized when resolving dependencies. Therefore, a bower_components folder must exist when scanning Bower dependencies with the Unified Agent. To generate this folder, run bower install prior to the Unified Agent scan, or, set the following Unified Agent parameter: bower.runPreStep=true.

Q: Can I exclude Dev dependencies from the Unified Agent scan for my Bower project?

A: We do not currently offer a Unified Agent parameter to exclude Dev dependencies for Bower. If you would like to exclude these from your results, we recommend running the bower install command using the --production flag prior to the scan, and setting bower.runPreStep to false.

Q: I am getting the following warning message on some of my Bower dependencies: the "" has a version of type branch. This version type is not supported, so the dependency will be ignored. Why aren't these dependencies being included in my scan results?

A: The Unified Agent treats these packages that are configured in the bower.json file as a GitHub version (example: "ng-grid": https://github.com/FernCreek/ng-grid#seapine%22,). These types of versions are not currently supported.

Q: I am getting the following warning message on some of my Bower dependencies: bower: the "" dependency has no resolution. It will be ignored. Why aren't these dependencies being included in my scan results?

A: In order for us to parse dependencies for the Bower resolution, there needs to be a .bower.json file under the bower_components folder of each dependency. Within the .bower.json file, we check the "_resolution" block, which contains information like the type, branch and commit, for example:

CODE
  "_resolution": {
    "type": "branch",
    "branch": "seapine",
    "commit": "dfa14d8f1f6370b6942843864a339ffdc5d4ac7a"
  },

If this block is not found in the .bower.json file, then the scanner will skip this dependency.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.