MVP: Base Extension / Scan Settings

[ejohn20]

Create an Azure DevOps extension with the following features:

• Update vulnerability data
• Perform scan on a given artifact
• Add reports to build artifacts

[ejohn20]

Switches to put in v0:

• --project
• --scan (allow 1 for now - not sure if we can put a list in there later)
• --exclude (allow 1 for now - not sure if we can put a list in there later)
• --format (option list including XML, HTML, CSV, JSON, JUNIT, ALL)
• --failOnCVSS
• --suppression (allow 1 for now - not sure if we can put a list in there later)
• --enableExperimental
• --enableRetired
• Arguments box (for manually entered other stuff)

[ejohn20]

Hit road block uploading v0 of the dev extension. Max upload size of 25MB. We're currently at ~ 35MB with all dep check binaries / jars included in the package. I'd really like to avoid downloading and extracting on the fly to dodge size limitations. Opened ticket with MS to request size increase.

[ejohn20]

MS team increased upload size to 100MB. We can officially upload the package that includes the dep check binaries / jar files. Getting close to a MVP.

@jeremylong can you take a look at this markdown page: https://github.com/dependency-check/azuredevops/blob/master/overview.md. Anything that you want added or removed?

[ejohn20]

Beta version is published: https://marketplace.visualstudio.com/items?itemName=dependency-check.dependencycheck