Open duvanquind opened 2 weeks ago
Assuming you are talking about https://marketplace.visualstudio.com/items?itemName=dependency-check.dependencycheck keep in mind that the Azure DevOps extension is not built/owned by this project.
However note that ODC does not work properly with the output from Yarn Berry (v2+). https://github.com/jeremylong/DependencyCheck/issues/4894 https://github.com/jeremylong/DependencyCheck/issues/4215
Which yarn version are you using and which format/version is your yarn.lock
file?
Is the report generating at all? Do you see vulnerabilities with yarn audit
manually?
The version I am currently using is yarn version 1.22.22 and the yarn.lock file contains v1. And when I run the yarn audit it does generate a vulnerability report. @chadlwilson
Try scanning your project with the ODC CLI on your local machine using similar configuration. If that works, then your problem is with the Azure Dev Ops plugin and you’ll have to ask them.
Anyway, you’re going to need to share more information than that for anyone to help. What you are doing, exactly. What you expect to see. What you actually see.
Look, I have something in particular that I can't find the reason for what happens: I am doing dependency analysis through this tool, in a pipeline execution