At the moment reports are uploaded as an artifact. The report names are not unique so reports that have been overwritten are replaced when a second OWASP dependency run is executed.
Basically this happens when:
The extension is run twice in the same job
Retry attempts
Multiple jobs responsible for their own workload (say back-end or front-end)
Multi stage pipelines
For my use case of this task I have two jobs, one for building the back-end, one for building the front-end. Since dependencies of both jobs needs to be scanned I cannot use this extension.
A possible solution is to append the JobID to the filename of the reports. This JobId is unique and a GUID. Simple change but it changes the way reports are named. So, I think this should be part of a new major release.
At the moment reports are uploaded as an artifact. The report names are not unique so reports that have been overwritten are replaced when a second OWASP dependency run is executed. Basically this happens when:
For my use case of this task I have two jobs, one for building the back-end, one for building the front-end. Since dependencies of both jobs needs to be scanned I cannot use this extension.
A possible solution is to append the JobID to the filename of the reports. This JobId is unique and a GUID. Simple change but it changes the way reports are named. So, I think this should be part of a new major release.