To better demonstrate the scanning results of the OWASP dependency check, we will use the WebGoat project instead of NodeGoat. The WebGoat project can be downloaded from Git. WebGoat is a purpose-built vulnerable web project used to practice security testing:
$ git clone https://github.com/WebGoat/WebGoat
We will also use the latest version of OWASP dependency-check, which can be downloaded here: https://bintray.com/jeremy-long/owasp/dependency-check.