azuredevops icon indicating copy to clipboard operation
azuredevops copied to clipboard

Published 20 hours ago verified publisher icon dependency-check

Dependency Report not updated

Open alfstglo-fadv opened this issue 2 months ago • 0 comments

Describe the bug The dependency report being published does not find vulnerabilities. However when I run the dependencyCheck CLI listed in the build output on machine the vulnerabilities are found

I have multi projects all using the same build machine that all use Azure DevOps tasks. Sometimes the build will create the correct dependency report, and sometimes not.

  - task: dependency-check-build-task@6
    inputs:
      dependencyCheckVersion: '8.0.0'
      projectName: 'CA'
      scanPath: '$(system.defaultworkingdirectory)/ca'
      format: 'ALL'
      reportsDirectory: '$(Agent.TempDirectory)/dependency-scan-results/CA'
      additionalArguments: '--format HTML --format JSON --format XML'

The dependency-check-build-task output looks like:

Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 132,849 bytes.
Uploaded 132,849 out of 132,849 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/CA/dependency-check-report.html' to file container: '#/25883364/dependency-check'
Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 2,417 bytes.
Uploaded 2,417 out of 2,417 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/CA/dependency-check-report.json' to file container: '#/25883364/dependency-check'
Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 2,227 bytes.
Uploaded 2,227 out of 2,227 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/CA/dependency-check-report.sarif' to file container: '#/25883364/dependency-check'
Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 2,245 bytes.
Uploaded 2,245 out of 2,245 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/CA/dependency-check-report.xml' to file container: '#/25883364/dependency-check'
Associated artifact 60198 with build 88902
Async Command End: Upload Artifact
Finishing: dependencycheckbuildtask

Artificats are listed: image

But no vulernablities listed image

Any advice on how to trouble is appreciated.

alfstglo-fadv avatar Apr 17 '24 20:04 alfstglo-fadv