Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependency Report not updated #164

Open
alfstglo-fadv opened this issue Apr 17, 2024 · 0 comments
Open

Dependency Report not updated #164

alfstglo-fadv opened this issue Apr 17, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@alfstglo-fadv
Copy link

alfstglo-fadv commented Apr 17, 2024

Describe the bug
The dependency report being published does not find vulnerabilities. However when I run the dependencyCheck CLI listed in the build output on machine the vulnerabilities are found

I have multi projects all using the same build machine that all use Azure DevOps tasks. Sometimes the build will create the correct dependency report, and sometimes not.

  - task: dependency-check-build-task@6
    inputs:
      dependencyCheckVersion: '8.0.0'
      projectName: 'CA'
      scanPath: '$(system.defaultworkingdirectory)/ca'
      format: 'ALL'
      reportsDirectory: '$(Agent.TempDirectory)/dependency-scan-results/CA'
      additionalArguments: '--format HTML --format JSON --format XML'

The dependency-check-build-task output looks like:

Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 132,849 bytes.
Uploaded 132,849 out of 132,849 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/CA/dependency-check-report.html' to file container: '#/25883364/dependency-check'
Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 2,417 bytes.
Uploaded 2,417 out of 2,417 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/CA/dependency-check-report.json' to file container: '#/25883364/dependency-check'
Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 2,227 bytes.
Uploaded 2,227 out of 2,227 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/CA/dependency-check-report.sarif' to file container: '#/25883364/dependency-check'
Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 2,245 bytes.
Uploaded 2,245 out of 2,245 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/CA/dependency-check-report.xml' to file container: '#/25883364/dependency-check'
Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Finishing: dependencycheckbuildtask

Artificats are listed:
image

But no vulernablities listed
image

Any advice on how to trouble is appreciated.

@alfstglo-fadv alfstglo-fadv added the bug Something isn't working label Apr 17, 2024
@alfstglo-fadv alfstglo-fadv changed the title Dependency Report not updated SonarQube & issues not created Dependency Report not updated Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant