Azure DevOps fails to read -s parameter (AST-116875) #130

cx-rahul-pidde · 2025-11-20T15:22:45Z

Test Cases

https://checkmarx.atlassian.net/browse/AST-116875
https://checkmarx.atlassian.net/browse/AST-115793

Case 1 - -s,--scan-types command values in double quote

additionalParams: -s "/home/vsts/work/_temp" --scan-types "container-security,sast,sca" --scan-timeout 120 --wait-delay 30 --tags buildId:1150233,pipelineName:wealth-ax-daily-scan,image:localhost/wealth/wealth-auth-service,imageTag:1150233 --container-images docker.io/nginx:latest --containers-local-resolution

Case 2 - -s,--scan-types command values in single quote

additionalParams: -s '/home/vsts/work/_temp' --scan-types 'container-security,sast,sca' --scan-timeout 120 --wait-delay 30 --tags buildId:1150233,pipelineName:wealth-ax-daily-scan,image:localhost/wealth/wealth-auth-service,imageTag:1150233 --container-images docker.io/nginx:latest --containers-local-resolution

Case 3 - -s,--scan-types command values without quote

additionalParams: -s /home/vsts/work/_temp --scan-types container-security,sast,sca --scan-timeout 120 --wait-delay 30 --tags buildId:1150233,pipelineName:wealth-ax-daily-scan,image:localhost/wealth/wealth-auth-service,imageTag:1150233 --container-images docker.io/nginx:latest --containers-local-resolution

Case 4 - --scan-types,--sca-resolver,--sca-resolver-params command values in double quote

additionalParams: --scan-types="sast,sca" --sca-resolver "/home/vsts/work/1/s/ScaResolver" --sca-resolver-params "--gradle-parameters='-Prepository.proxy.url=123 -Prepository.proxy.username=123 -Prepository.proxy.password=123' --log-level Debug"

Case 5 ---scan-types,--sca-resolver command value in single quote and --sca-resolver-params in double quote

additionalParams: --scan-types='sast,sca' --sca-resolver '/home/vsts/work/1/s/ScaResolver' --sca-resolver-params "--gradle-parameters='-Prepository.proxy.url=123 -Prepository.proxy.username=123 -Prepository.proxy.password=123' --log-level Debug"

Case 6 ---scan-types,--sca-resolver command value without quote and --sca-resolver-params in double quote

additionalParams: --scan-types=sast,sca --sca-resolver /home/vsts/work/1/s/ScaResolver --sca-resolver-params "--gradle-parameters='-Prepository.proxy.url=123 -Prepository.proxy.username=123 -Prepository.proxy.password=123' --log-level Debug"

Case 7 ---scan-types,--sca-resolver command value without quote and --sca-resolver-params in double quote

additionalParams: --scan-types=sast,sca --sca-resolver /home/vsts/work/1/s/ScaResolver --sca-resolver-params "--extract-archives zip --log-level debug"

Case 8 -

additionalParams: --scan-types sca --sca-resolver "/home/vsts/work/1/s/ScaResolver" --sca-resolver-params "--extract-depth 5 --extract-archives zip --ignore-dev-dependencies --ignore-test-dependencies" -s /home/vsts/work/_temp

Case 9- in single quote

additionalParams: --scan-types 'sast,api-security,sca,iac-security' --threshold 'sast-high=9999;sast-medium=9999;sast-low=9999;api-security-high=200;api-security-medium=9999;api-security-low=9999;sca-high=9999;sca-medium=9999;sca-low=9999;iac-security-high=1;iac-security-medium=9999;iac-security-low=9999' --sca-resolver "/home/vsts/work/1/s/ScaResolver" --sca-resolver-params "--extract-depth 5 --extract-archives zip --ignore-dev-dependencies --ignore-test-dependencies" -s /home/vsts/work/_temp --sast-filter '!/test/' --sca-filter '!Dockerfile,!dockerfile,!Containerfile,!containerfile,!docker-compose.y*,!/test/' --iac-security-filter '!.gitignore,!/test/,!/tests/,!/Test/,!/Tests/,!.test,!.tests,!.Test,!.Tests' --iac-security-platforms 'Ansible,AzureResourceManager,Buildah,CICD,CloudFormation,Crossplane,DockerCompose,Dockerfile,GRPC,GoogleDeploymentManager,Knative,Kubernetes,OpenAPI,Pulumi,ServerLessFW,Terraform' --scan-timeout 120 --wait-delay 30 --tags buildId:508415,pipelineName:Daily-Scan-of-appsec-service-templates,PluginVersion:3,--debug

Case 10 in double quote

additionalParams: --scan-types "sast,api-security,sca,iac-security" --threshold "sast-high=9999;sast-medium=9999;sast-low=9999;api-security-high=200;api-security-medium=9999;api-security-low=9999;sca-high=9999;sca-medium=9999;sca-low=9999;iac-security-high=1;iac-security-medium=9999;iac-security-low=9999" --sca-resolver "/home/vsts/work/1/s/ScaResolver" --sca-resolver-params "--extract-depth 5 --extract-archives zip --ignore-dev-dependencies --ignore-test-dependencies" -s /home/vsts/work/_temp --sast-filter "!/test/" --sca-filter "!Dockerfile,!dockerfile,!Containerfile,!containerfile,!docker-compose.y*,!/test/" --iac-security-filter "!.gitignore,!/test/,!/tests/,!/Test/,!/Tests/,!.test,!.tests,!.Test,!.Tests" --iac-security-platforms "Ansible,AzureResourceManager,Buildah,CICD,CloudFormation,Crossplane,DockerCompose,Dockerfile,GRPC,GoogleDeploymentManager,Knative,Kubernetes,OpenAPI,Pulumi,ServerLessFW,Terraform" --scan-timeout 120 --wait-delay 30 --tags buildId:508415,pipelineName:Daily-Scan-of-appsec-service-templates,PluginVersion:3,--debug

Case 11- without quote

additionalParams: --scan-types sast,api-security,sca,iac-security --threshold sast-high=9999;sast-medium=9999;sast-low=9999;api-security-high=200;api-security-medium=9999;api-security-low=9999;sca-high=9999;sca-medium=9999;sca-low=9999;iac-security-high=1;iac-security-medium=9999;iac-security-low=9999 --sca-resolver /home/vsts/work/1/s/ScaResolver --sca-resolver-params "--extract-depth 5 --extract-archives zip --ignore-dev-dependencies --ignore-test-dependencies" -s /home/vsts/work/_temp --sast-filter "!/test/" --sca-filter "!Dockerfile,!dockerfile,!Containerfile,!containerfile,!docker-compose.y*,!/test/" --iac-security-filter "!.gitignore,!/test/,!/tests/,!/Test/,!/Tests/,!.test,!.tests,!.Test,!.Tests" --iac-security-platforms Ansible,AzureResourceManager,Buildah,CICD,CloudFormation,Crossplane,DockerCompose,Dockerfile,GRPC,GoogleDeploymentManager,Knative,Kubernetes,OpenAPI,Pulumi,ServerLessFW,Terraform --scan-timeout 120 --wait-delay 30 --tags buildId:508415,pipelineName:Daily-Scan-of-appsec-service-templates,PluginVersion:3,--debug

cx-ben-alvo · 2025-11-20T15:53:39Z

Checkmarx One – Scan Summary & Details – 108123ed-5ef1-4ad9-b517-5a8ed4dc6a26

Great job! No new security vulnerabilities introduced in this pull request

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

cx-anurag-dalke

ok

removed condition

11aabcc

cx-rahul-pidde force-pushed the bug/AST-116875 branch from 352532a to 11aabcc Compare November 21, 2025 05:19

cx-rahul-pidde requested review from cx-anurag-dalke and cx-umesh-waghode November 24, 2025 05:37

cx-rahul-pidde changed the title ~~Test (AST-0000)~~ Azure DevOps fails to read -s parameter (AST-116875) Nov 24, 2025

cx-rahul-pidde added 3 commits November 24, 2025 19:34

Update ExecutionService.ts

19eb16f

removed unused constant

6c3ee20

removed unused comment

4714c5c

cx-anurag-dalke approved these changes Nov 26, 2025

View reviewed changes

skipped test

4e1dad7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Azure DevOps fails to read -s parameter (AST-116875) #130

Azure DevOps fails to read -s parameter (AST-116875) #130

Uh oh!

cx-rahul-pidde commented Nov 20, 2025 •

edited

Loading

Uh oh!

cx-ben-alvo commented Nov 20, 2025 •

edited

Loading

Uh oh!

cx-anurag-dalke left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Azure DevOps fails to read -s parameter (AST-116875) #130

Are you sure you want to change the base?

Azure DevOps fails to read -s parameter (AST-116875) #130

Uh oh!

Conversation

cx-rahul-pidde commented Nov 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

**Case 1 - -s,--scan-types command values in double quote **

Case 2 - -s,--scan-types command values in single quote

Case 3 - -s,--scan-types command values without quote

**Case 4 - --scan-types,--sca-resolver,--sca-resolver-params command values in double quote **

**Case 5 ---scan-types,--sca-resolver command value in single quote and --sca-resolver-params in double quote **

** Case 6 ---scan-types,--sca-resolver command value without quote and --sca-resolver-params in double quote **

** Case 7 ---scan-types,--sca-resolver command value without quote and --sca-resolver-params in double quote **

Case 8 -

Case 9- in single quote

**Case 10 in double quote **

Case 11- without quote

Uh oh!

cx-ben-alvo commented Nov 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Great job! No new security vulnerabilities introduced in this pull request

Uh oh!

cx-anurag-dalke left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

cx-rahul-pidde commented Nov 20, 2025 •

edited

Loading

Case 1 - -s,--scan-types command values in double quote

Case 4 - --scan-types,--sca-resolver,--sca-resolver-params command values in double quote

Case 5 ---scan-types,--sca-resolver command value in single quote and --sca-resolver-params in double quote

Case 6 ---scan-types,--sca-resolver command value without quote and --sca-resolver-params in double quote

Case 7 ---scan-types,--sca-resolver command value without quote and --sca-resolver-params in double quote

Case 10 in double quote

cx-ben-alvo commented Nov 20, 2025 •

edited

Loading