azuredevops icon indicating copy to clipboard operation
azuredevops copied to clipboard

Published 20 hours ago verified publisher icon dependency-check

--exclude not working & can't use it multiple times

Open klaudiogurraj opened this issue 3 years ago • 1 comments

Hi, I think the --exclude option is not working.

I have the following directory structure after git checkout : s/ -- changelogs -- tests -- src -- helper -- some other files and directories

This is the YAML Task `

  • task: dependency-check-build-task@6 displayName: "Dependency-Check 3 Party Analysis" inputs: projectName: 'Project1' scanPath: '$(Agent.BuildDirectory)/s/' excludePath: '/tests/**' format: 'HTML' failOnCVSS: '7' suppressionPath: 'suppress.xml' warnOnCVSSViolation: true `

Although I am trying to exclude tests I am still getting these files Paths
_/home/vsts/work/1/s/tests/E2E.Cypress/package-lock.json?lodash_

and

[WARN] Analyzing `/home/vsts/work/1/s/tests/E2E.Cypress/package-lock.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
[WARN] Analyzing `/home/vsts/work/1/s/changelogs/validation/package-lock.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check

Command used in job is: ` Path: /home/vsts/work/_tasks/dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72/6.0.4/dependency-check/bin/dependency-check.sh Arguments: --project "Backend" --scan "/home/vsts/work/1/s/" --out "/home/vsts/work/1/TestResults/dependency-check" --exclude "/tests/**" --format HTML --failOnCVSS 7 --suppression "/home/vsts/work/1/s/suppress.xml"

`

Using the same commands on my workstation (Windows System) :

.\dependency-check.bat -s "C:\Backend" --exclude "/tests/**" works without problems.

I can also use the --exclude command multiple times, for example to remove also changelogs folder from the path

--exclude "/tests/" --exclude "/changelogs/"

Cannot use the excludePath multiple Times in YAML due to key problems...

EDIT: I can use the Extra Arguments Field and it works with multiple exclude arguments or only one!

klaudiogurraj avatar May 27 '21 13:05 klaudiogurraj

I have the same issue. I believe the issue may be that the excludePath option generates an exclude option which includes the working directory, whereas when @klaudiogurraj is passing it as additional arguments, it is a relative path, e.g.

with excludePath: '/tests/**', the generated CLI command ends up being something like --exclude: "/home/vsts/work/1/s/tests/"rather than just--exclude: "/tests/"`

sxmanton avatar May 29 '22 15:05 sxmanton