Match new CVSS score failure exit code on Dependency-Check v8 or higher

dependency-check / azuredevops

Dependency Check Azure DevOps Extension

Apache License 2.0

44 stars 26 forks source link

Match new CVSS score failure exit code on Dependency-Check v8 or higher #116

Closed guidojw closed 1 year ago

guidojw commented 1 year ago

In v8.0.0, the CVSS score failure exit code was changed from 1 to 15 (PR: https://github.com/jeremylong/DependencyCheck/pull/4511), which is why this extension now fails instead of warns on these because it still expects an exit code of 1.

This PR adds support for this by comparing the exitCode with 1 if the input dependency-check version starts with [0-7]., and otherwise a 15.

guidojw commented 1 year ago

Hi @ejohn20, this extension not supporting the breaking change from v8 forces us to pin to v7.4.4. It would be greatly appreciated if this could be resolved in a timely manner.

ejohn20 commented 1 year ago

Merging to the develop branch so I can test the dev version of the extension before releasing.

ejohn20 commented 1 year ago

I'm unable to reproduce this in my demo pipelines. I have merged this and released in v6.1.0. Please verify that the fix is working as expected.

guidojw commented 1 year ago

It happened when setting warnOnCVSSViolation to true, not anymore as of v6.1.1 of this extension. Thanks for the quick response!