Closed stirrblig closed 1 year ago
The dependency checker version 8.0.0 has changed its exit codes. https://github.com/jeremylong/DependencyCheck/releases/tag/v8.0.0
The exit codes from the CLI have been changed to be in the range from 0-255
Because of this, the check in https://github.com/dependency-check/azuredevops/blob/main/src/Tasks/dependency-check-build-task/dependency-check-build-task.ts is no longer working, since it's expecting error code 1:
let failed = exitCode != 0; let isViolation = exitCode == 1; ... if (failed) { if(isViolation) { message = "CVSS threshold violation."; if(warnOnCVSSViolation) { result = tl.TaskResult.SucceededWithIssues } else { result = tl.TaskResult.Failed
This means that the build step fails, instead of throwing error, even when warnOnCVSSViolation is set to true.
warnOnCVSSViolation
true
Workaround In the azure-pipeline.yaml, specify specific version to the previous version:
dependencyCheckVersion: '7.4.4'
I'm unable to reproduce this in my demo pipelines. I have merged this and released in v6.1.0. Please verify that the fix is working as expected.
The dependency checker version 8.0.0 has changed its exit codes. https://github.com/jeremylong/DependencyCheck/releases/tag/v8.0.0
Because of this, the check in https://github.com/dependency-check/azuredevops/blob/main/src/Tasks/dependency-check-build-task/dependency-check-build-task.ts is no longer working, since it's expecting error code 1:
This means that the build step fails, instead of throwing error, even when
warnOnCVSSViolation
is set totrue
.Workaround In the azure-pipeline.yaml, specify specific version to the previous version: