New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude directory #5398
Comments
See issue #4995 - args: >
--failOnCVSS 6
--exclude '**/examples/**'
--enableExperimental The exclude uses ant style globbing and we are matching against files not directories - so two asterisks are required. |
Hey, thank you for the quick response! |
Can you add: args: >
--failOnCVSS 6
--exclude '**/examples/**'
--enableExperimental
--log odc.log
- name: Archive ODC log
id: archive-logs
if: always()
uses: actions/upload-artifact@v3
with:
name: odc-logs
retention-days: 7
path: odc.log Then download and provide the log? |
Here :) |
I am unable to reproduce this locally. If I run: dependency-check.sh --scan . --enableExperimental --failOnCVSS 8 --exclude "**/examples/" --exclude "**/.git/" Or dependency-check.sh --scan . --enableExperimental --failOnCVSS 8 --exclude "**/examples/**" --exclude "**/.git/**" The
But in the action the
I'm at a bit of a loss on this one... |
Glad to hear I am not the only one 😅 |
The solution was discovered dependency-check/Dependency-Check_Action#20 (comment), the problem were the quotes around the |
Hey,
Describe the bug
I am unsuccessfully trying to exclude a directory from a github action analysis:
The directory layout of the project is so that the top level directory containes
src/
andexamples/
, withexamples
further containing a directory in which apackage-lock.json
lies.You can take a look at the layout here
Version of dependency-check used
dependency-check/Dependency-Check_Action@main
I filed an issue there, but was redirected here
Log file
log file
To Reproduce
I set up the action as follows:
Expected behavior
The examples directory gets excluded from the analysis, no vulnerabilities are reported.
Additional context
The analysis fails due to vulnerable dependencies in the examples directory
The text was updated successfully, but these errors were encountered: