azuredevops
azuredevops copied to clipboard
dependency-check
Dependency Check Azure DevOps Extension
[`azuredevops/src/Tasks/dependency-check-build-task/dependency-check-build-task.ts`](https://github.com/dependency-check/azuredevops/blob/main/src/Tasks/dependency-check-build-task/dependency-check-build-task.ts) contains ```typescript await console.log('Downloading ZIP from "' + zipUrl + '"...'); ... tl.rmRF(zipLocation); ``` however this file removal is not unlikely to fail if an anti-virus program is currently...
Hi, obviously loading the whole NVD database for every pipe run is a bad idea. So I thought how to improve it without requiring too much effort or even costs...
I am trying to install the OWASP Dependency Check extension from the Visual Studio Marketplace for our on prem version of TFS 2017. The version of the plugin is 6.1.0.1...
Hi, I would like to suggest adding a separate warning threshold. I know there's warnOnCVSSViolation parameter, but unfortunately it's implemented as boolean only. The idea is to be able to...
Hi keep getting an issue where we get duplicates in the build.tbl_artififact but I have no idea why. ``` Dependency Check completed with exit code 0. Dependency Check reports: 'C:\\agentA\\_work\\2\\TestResults\\dependency-check\\dependency-check-report.html',...
Hi, I'm trying to exclude `_legacy` folder from the dependency check, my yaml is: ``` trigger: branches: include: - main - feature/* - hotfix/* - release/* pool: vmImage: 'windows-latest' steps:...
When I set the failOnCVSS to 10, the task passed, but the junit report still shows the same failure percentage. Is that by design?
 Hi there, we've noticed that the DevOps-extension needs "Build (read and _execute_)" permissions and we where wondering why the execute is needed. Can someone elaborate? Thanks!
Hello I think that most people want to reduce the runtime of their pipelines. Because of that, I recently needed to search for a way to cache dependency-check CVE data...
Scan runs correctly and produces report. However, when I add a suppression file the scan fails with the error below  Looking at the Logs I can see that there...
