Azure CI OWASP Dependency check task failing to download

[milyas-salik]

I installed the dependency check extension for my Azure CI. As mentioned in the link : https://marketplace.visualstudio.com/items?itemName=dependency-check.dependencycheck&ssr=false#qna I followed the steps mentioned, but getting the below issue..

*Hostname/IP doesn't match certificate's altnames: "Host: api.github.com. is not in the cert's altnames: DNS:.ABC.com, DNS:ABC.com" Unhandled error condition detected.**

Please do the needful.

[ejohn20]

Are you running the extension on premise or on an Azure hosted builder? I'm guessing this is due to running on prem behind a network appliance that is intercepting egress traffic.

In on-prem, you can use the localInstallPath parameter to tell the extension where dependency check is located and it will skip pulling the release package from GitHub. Although, I suspect you will need to configure your network to allow dependency check to pull down the CVE data files as well during execution. Or, pull them down out of band and place them into the data directory.

[Saturate]

Closing this due to no response and inactivity.