AdvancedSecurity-Dependency-Scanning@1 - Advanced Security Dependency Scanning v1 task
Scan your application for any vulnerabilities in open source components used in your source code. You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.
Syntax
# Advanced Security Dependency Scanning v1
# Scan for open source dependency vulnerabilities in your source code.
- task: AdvancedSecurity-Dependency-Scanning@1
inputs:
# Advanced
#directoryExclusionList: # string. Directory exclusion list.
Inputs
directoryExclusionList
- Directory exclusion list
string
.
List of relative directory paths to ignore as a set of semi-colon separated values. If no paths are listed, everything under the source directory will be scanned. Filtering supports glob pattern matching of directories.
Task control options
All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.
Output variables
None.
Remarks
Use this task to scan your application for any vulnerabilities in open source components used in your source code.
Important
This task is supported with Azure Repos Git repositories only.
You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.
Prerequisites
For the task to successfully complete and populate the Advanced Security tab for the scanned repository, Advanced Security must be enabled for that repository prior to running a build with the dependency scanning task included.
The task is available to run on self-hosted agents as well as Microsoft-hosted agents. For self-hosted agents, see additional self-hosted agent set-up instructions.
For the most accurate scanning results, add the Advanced Security dependency scanning task after your build steps but before any clean up of the build process, as shown in the following example.
# Authenticate Azure DevOps NuGet feed
- task: NuGetAuthenticate@1
displayName: 'Authenticate Azure DevOps NuGet feed'
# Restore project
- task: DotNetCoreCLI@2
inputs:
command: 'custom'
custom: 'restore'
# Build project
- task: DotNetCoreCLI@2
inputs:
command: 'custom'
custom: 'build'
arguments: '--no-restore'
# Run dependency scanning
- task: AdvancedSecurity-Dependency-Scanning@1
displayName: 'Advanced Security Dependency Scanning'
Requirements
Requirement | Description |
---|---|
Pipeline types | YAML, Classic build, Classic release |
Runs on | Agent, DeploymentGroup |
Demands | None |
Capabilities | This task does not satisfy any demands for subsequent tasks in the job. |
Command restrictions | Any |
Settable variables | Any |
Agent version | 2.206.1 or greater |
Task category | Utility |