Solution to scan the environment.yml python dependencies using OWASP Dep Check in Jenkins pipeline

[Aseem-DevOps]

trafficstars

Hi,

I'm using a dependency check 8.2.0 version via Jenkins file and following below set-up as one of the stage - but every time I see, report generates with zero vulnerabilities.

after the scm checkout, I expected to consider an environment.yml file which contains the dependencies associated for the python application. But I am sure it's not getting scanned. So I added --enableExperimental to have this from a python analyzer standpoint.

stage('OWASP Scan') { steps { dependencyCheck additionalArguments: ''' -o './' -s './' -f 'ALL' --enableExperimental --prettyPrint''', odcInstallation: 'dependency-checker' dependencyCheckPublisher pattern: 'dependency-check-report.xml' } }

Any help in this regard would be much appreciated..

[jeremylong]

We do not currently support conda's environment.yml files yet. We accept PRs if you are interested in contributing.