| title | description | ms.date | monikerRange |
|---|---|---|---|
AdvancedSecurity-Dependency-Scanning@1 - Advanced Security Dependency Scanning v1 task |
Scan for open source dependency vulnerabilities in your source code. |
07/02/2024 |
=azure-pipelines |
:::moniker range="=azure-pipelines"
Scan your application for any vulnerabilities in open source components used in your source code. You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.
:::moniker-end
:::moniker range="=azure-pipelines"
# Advanced Security Dependency Scanning v1
# Scan for open source dependency vulnerabilities in your source code.
- task: AdvancedSecurity-Dependency-Scanning@1
inputs:
# Advanced
#directoryExclusionList: # string. Directory exclusion list.:::moniker-end
:::moniker range="=azure-pipelines"
directoryExclusionList - Directory exclusion list
string.
List of relative directory paths to ignore as a set of semi-colon separated values. If no paths are listed, everything under the source directory will be scanned. Filtering supports glob pattern matching of directories.
:::moniker-end
All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.
:::moniker range="=azure-pipelines"
None.
:::moniker-end
Use this task to scan your application for any vulnerabilities in open source components used in your source code.
Important
This task is supported with Azure Repos Git repositories only.
You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.
For the task to successfully complete and populate the Advanced Security tab for the scanned repository, Advanced Security must be enabled for that repository prior to running a build with the dependency scanning task included.
The task is available to run on self-hosted agents as well as Microsoft-hosted agents. For self-hosted agents, see additional self-hosted agent set-up instructions.
For the most accurate scanning results, add the Advanced Security dependency scanning task after your build steps but before any clean up of the build process, as shown in the following example.
# Authenticate Azure DevOps NuGet feed
- task: NuGetAuthenticate@1
displayName: 'Authenticate Azure DevOps NuGet feed'
# Restore project
- task: DotNetCoreCLI@2
inputs:
command: 'custom'
custom: 'restore'
# Build project
- task: DotNetCoreCLI@2
inputs:
command: 'custom'
custom: 'build'
arguments: '--no-restore'
# Run dependency scanning
- task: AdvancedSecurity-Dependency-Scanning@1
displayName: 'Advanced Security Dependency Scanning' :::moniker range="=azure-pipelines"
| Requirement | Description |
|---|---|
| Pipeline types | YAML, Classic build, Classic release |
| Runs on | Agent, DeploymentGroup |
| Demands | None |
| Capabilities | This task does not satisfy any demands for subsequent tasks in the job. |
| Command restrictions | Any |
| Settable variables | Any |
| Agent version | 2.206.1 or greater |
| Task category | Utility |
:::moniker-end