To better demonstrate the scanning results of the OWASP dependency check, we will use the WebGoat project instead of NodeGoat. The WebGoat project can be downloaded from Git. WebGoat is a purpose-built vulnerable web project used to practice security testing:

$ git    clone    https://github.com/WebGoat/WebGoat

We will also use the latest version of OWASP dependency-check, which can be downloaded here: https://bintray.com/jeremy-long/owasp/dependency-check.