Closed Cosmin-Apopei closed 1 year ago
Hi @Cosmin-Apopei,
Regards 1.:
This happens in the OWASP Dependency Check itself that is wrapped in this Azure DevOps extension.
Here's the code.
It seems to download the definition files and imports them. Indeed, there happens much more under the hood, therefore the aforementioned code reference.
Regards 2.: Please see Regards 1.
Regards 3.: To reduce the execution time, you can cache all downloaded data. Please check this #110. But, this works in Azure Pipelines only, it won't work for Azure DevOps Server <= 2019 (on-prem), because the Cache-task is not compatible/exists for this version. Regards Azure DevOps Server 2022 I cannot say.
I have no idea how the azure pipeline task is setup or used as the project is maintained by a different team.
In general - there is a data directory that should be cached. If you run the dependency-check update at least once evey 7 days only a very small XML file is downloaded and processed.
Thank you both for your answers. Adding caching to my pipeline has reduced its time significantly.
Hello, I was looking into ways of speeding up the amount of time the dependency check scan took when ran in a Azure Pipeline using the "OWASP Dependency Check" task.
Reading the logs, it seems that a lot of the time is going into downloading and processing the CVE files:
My questions are:
Thank you in advance.