-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Data Folder Location #158
Comments
Hi @T1mey, since version v6.2.0 the plugin structure has changed, however you can set the location of the data directory used to store persistent data via |
Hi @mobijmartinez, the dependencies of the Dependency Check tool do not depend from the Azure DevOps plugin. |
Hi @pippolino , thanks for your answer. The issue is that the tool is downloaded into the From the task, unless I download and install manually Dependency Check, I have no way (afaik) of customizing the install directory of the tool. |
Yes this was as well our assumption this morning... As the folder is now in the same checkout dir as our repo. |
Hi @mobijmartinez @T1mey, this hasn't changed from the previous version. Let's check this point further, I'll check the code, it might have been something unwanted. |
Nope, issue still there |
We have the same issue. I'm not super deep into our pipeline, but previously we downloaded the database once, and it was placed inside the directory of the task itself, for example, |
From our experience the folder locations seems to be changed. As outlined by @mobijmartinez the main problem is that the azure devops extension positions the owasp binaries in the work folder. As a result of that an owasp scan will scan it's own libs. Before the change the binaries were located in _tasks folder. |
Hi @T1mey, I found a possible cause. I'm working on restoring functionality |
Restore dependency check installer path #158
@pippolino Did you break smth. else? |
Looks like the creation of the directory - when not available - was removed: #159 (comment) |
This has broken all my builds. New Issue raised #161 |
The version 6.2.3 has been released with a fix. |
Can confirm that 6.2.3 works as expected for us, no manual changes necessary 👍 |
Hello,
it seems that the folder of the cache data was moved with version 6.2.0.
From
$(Agent.WorkFolder)_tasks\dependency-check-build-task**..\dependency-check\data
to
/home/vsts/work/1/s/dependency-check/data
As we can't download all definitions during each pipeline run we need to cache the data dir upfront and restore it once a owasp scan is executed. We're wondering why this is now located in the work dir?
As well if this is right how can we construct the path of the cache dir using variables before OWASP runs?
The text was updated successfully, but these errors were encountered: