Open veita opened 1 year ago
It will tell you in the reports how many dependencies in total were scanned
In Teamcity's tests view there is no indication that anything might have gone wrong. But your are correct, in the native dependency check "Dependencies Scanned" are shown.
Gut feel: TeamCity in your setup uses the JUnit report, which only contains the found vulnerabilities. If TeamCity would display in some way the results from the XML-, JSON- or SARIF-report the full dependecy information would be available.
Edit: even the JUnit report contains all dependencies. No clue why your TeamCity setup would not show the 'passing' testsuites (which are the dependencies with no found vulnerabilities)
Describe the bug After update from Gradle plugin version 6.4.1.1 to 8.2.1 for some reason all previously reported vulnerabilities disappeared. In the build log the message
appeared.
Unfortunately, from this message one cannot know if there are no vulnerabilities (which I doubt) or if no vulnerabilities have been found because nothing has been scanned (e.g. due to a misconfiguration of the plugin).
Version of dependency-check used The problem occurs using version 8.2.1 of the gradle plugin.
Expected behavior The plugin should not only report how many vulnerabilities have been found, but also how many artifacts have been scanned.