I have configured Github Advanced Security for three projects in Azure DevOps: one in C#, one in Python, and one in Vue/Vite. The scanning process works as expected for the C# and Python projects, successfully identifying and scanning all packages. However, for the Vue/Vite project, it only outputs one component, even though there are more components in the project.
I attempted to test the functionality by adding an old package with a known vulnerability to the package.json file. Despite this, the scan still only reports one NPM component and states, "Dependency Scanning has detected no package vulnerabilities."
Has anyone successfully implemented Github Advanced Security with a JavaScript/NPM/Vite project in Azure DevOps?
Add
npm install
before "AdvancedSecurity-Dependency-Scanning" task. For example:Then you will see the details like this: