The Azure Pipeline only installs the package with all its dependencies, and then generates an index of the installed direct and indirect dependencies. These are then read by component governance to check for dependency versions with known vulnerabilities as well as license issues.
The Azure Pipeline only installs the package with all its dependencies, and then generates an index of the installed direct and indirect dependencies. These are then read by component governance to check for dependency versions with known vulnerabilities as well as license issues.