suppressionFile must be specified in absolute path in Azure DevOps pipeline

[tongd2020]

While something like this work perfectly fine in local maven verify:

suppression.xml

This will fail in Azure pipeline with the error message: [WARNING] Unable to read suppression file 'suppression.xml' [ERROR] Exception occurred initializing CPE Analyzer. ... [ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.1.2:check (default) on project someproject: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis: [ERROR] InitializationException: Warn initializing the suppression analyzer: Failed to load suppression.xml, caused by Unable to read suppression file. [ERROR] caused by SuppressionParseException: Failed to load suppression.xml, caused by Unable to read suppression file.

The workaround is by providing the absolute path (as on the pipeline agent) to the suppression file like this:

/agent/_work/2/s/someproject/suppression.xml

The suppression file suppression.xml is in the git repository under the same folder as pom.xml

[aikebah]

Sounds like Azure pipeline triggers the maven build with the current working directory outside of the maven project. Try configuration of the filter to ${project.basedir}/suppression.xml that should work for both regular maven invocations and the invocation in an azure pipeline as project.basedir property points to the folder where the pom.xml of the project being built resides.

[tongd2020]

Thank you, ${project.basedir} is a perfect solution, works on both Azure (via pipeline variable) and local maven build.