AdvancedSecurity-Dependency-Scanning@1 - Advanced Security Dependency Scanning v1 task

Scan your application for any vulnerabilities in open source components used in your source code. You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.

Syntax

# Advanced Security Dependency Scanning v1
# Scan for open source dependency vulnerabilities in your source code.
- task: AdvancedSecurity-Dependency-Scanning@1
  inputs:
  # Advanced
    #directoryExclusionList: # string. Directory exclusion list.

Inputs

directoryExclusionList - Directory exclusion list
string.

List of relative directory paths to ignore as a set of semi-colon separated values. If no paths are listed, everything under the source directory will be scanned. Filtering supports glob pattern matching of directories.


Task control options

All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.

Output variables

None.

Remarks

Use this task to scan your application for any vulnerabilities in open source components used in your source code.

Important

This task is supported with Azure Repos Git repositories only.

You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.

Prerequisites

For the task to successfully complete and populate the Advanced Security tab for the scanned repository, Advanced Security must be enabled for that repository prior to running a build with the dependency scanning task included.

The task is available to run on self-hosted agents as well as Microsoft-hosted agents. For self-hosted agents, see additional self-hosted agent set-up instructions.

For the most accurate scanning results, add the Advanced Security dependency scanning task after your build steps but before any clean up of the build process, as shown in the following example.

# Authenticate Azure DevOps NuGet feed 
- task: NuGetAuthenticate@1 
  displayName: 'Authenticate Azure DevOps NuGet feed' 

# Restore project 
- task: DotNetCoreCLI@2 
  inputs: 
    command: 'custom' 
    custom: 'restore' 

# Build project 
- task: DotNetCoreCLI@2 
  inputs: 
    command: 'custom' 
    custom: 'build' 
    arguments: '--no-restore' 

# Run dependency scanning 
- task: AdvancedSecurity-Dependency-Scanning@1 
  displayName: 'Advanced Security Dependency Scanning' 

Requirements

Requirement Description
Pipeline types YAML, Classic build, Classic release
Runs on Agent, DeploymentGroup
Demands None
Capabilities This task does not satisfy any demands for subsequent tasks in the job.
Command restrictions Any
Settable variables Any
Agent version 2.206.1 or greater
Task category Utility

See also