Added SARIF to output format options

dependency-check / azuredevops

Dependency Check Azure DevOps Extension

Apache License 2.0

44 stars 26 forks source link

Added SARIF to output format options #134

Closed LucaBlackDragon closed 4 months ago

LucaBlackDragon commented 8 months ago

Adds SARIF to output format options, since OWASP Dependency Check CLI --format argument supports it.

LucaBlackDragon commented 8 months ago

I forgot to mention that I am already using SARIF as output format in my pipelines, e.g.:

- task: dependency-check-build-task@6
  displayName: OWASP Dependency Check
  inputs:
    projectName: '$(mainProject)'
    scanPath: '$(Build.ArtifactsStagingDirectory)'
    format: 'SARIF' # ← this is marked as an error in Azure DevOps
    suppressionPath: 'owasp-suppressions.xml'

and it Just Works™

LucaBlackDragon commented 4 months ago

@pippolino I think this will be included in #155, if not so feel free to re-open it