Bug: property nodeAudit in the Gradle plugin dependencyCheckAggregate doesn't work

[eugene-kuntsevich]

Describe the bug
Plugin dependencyCheckAggregate is trying to find package-lock.json during analysing. Logs as example:

Analyzing `/tmp/dctemp111af6e6-7dab-40bb-bea9-5e2b8d643644/check15967221622264312762tmp/154/package/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
No lock file exists - this will result in false negatives; please run `npm install --package-lock`
Unable to find node module: /tmp/dctemp111af6e6-7dab-40bb-bea9-5e2b8d643644/check15967221622264312762tmp/154/package/node_modules/@aws-cdk/asset-awscli-v1/package.json

But I have Java project and don't have this file. I want to disable nodeAudit for dependencyCheckAggregate and trying to follow instruction: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration-aggregate.html

But plugin is not accepting nodeAudit property like that:

dependencyCheck {
        skipConfigurations = ["checkstyle"]
        formats = ["HTML", "JSON"]
        
        nvd {
            apiKey = System.getenv("NVD_APIKEY")
        }

        nodeAudit {
            enabled=false
        }
    }

To Reproduce
Steps to reproduce the behavior:

1. Add property nodeAudit to dependencyCheck task
2. Run OWASP check or simply try to refresh Gradle dependencies
3. Observe error that the property doesn't exist

Expected behavior
I want to disable nodeAudit and yarn and don't see this error:

Caused by: org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during analysis:
	InitializationException: Unable to read yarn audit output.
		caused by IOException: Cannot run program "yarn": error=2, No such file or directory
		caused by IOException: error=2, No such file or directory
	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:693)
	at org.owasp.dependencycheck.gradle.tasks.AbstractAnalyze.analyze(AbstractAnalyze.groovy:100)
	... 128 more

Additional info
I think plugin trying to find package-lock.json because I have file cdk.json which I would like to ignore but don't know how.
Content of the cdk.json:

{
  "app": "../gradlew --no-daemon bootRun",
  "context": {
    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
    "aws-cdk:enableDiffNoFail": "true",
    "@aws-cdk/core:stackRelativeExports": "true",
    "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
    "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
    "@aws-cdk/aws-kms:defaultKeyPolicies": true,
    "@aws-cdk/aws-s3:grantWriteWithoutAcl": true,
    "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": true,
    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
    "@aws-cdk/aws-efs:defaultEncryptionAtRest": true,
    "@aws-cdk/aws-lambda:recognizeVersionProps": true
  }
}

[StasKolodyuk]

Seems like you additionally need to disable yarn with

analyzers {
      nodeAudit {
            enabled = false
            yarnEnabled = false
      }
}

[eugene-kuntsevich]

It works, thanks