TechQA.

Github Advanced Security not finding NPM packages (Azure Devops)

127 views Asked by At

I have configured Github Advanced Security for three projects in Azure DevOps: one in C#, one in Python, and one in Vue/Vite. The scanning process works as expected for the C# and Python projects, successfully identifying and scanning all packages. However, for the Vue/Vite project, it only outputs one component, even though there are more components in the project.

I attempted to test the functionality by adding an old package with a known vulnerability to the package.json file. Despite this, the scan still only reports one NPM component and states, "Dependency Scanning has detected no package vulnerabilities."

Has anyone successfully implemented Github Advanced Security with a JavaScript/NPM/Vite project in Azure DevOps?

enter image description here

azure-devops github-advanced-security
Original Q&A
1

There are 1 answers

0
Ziyang Liu-MSFT On BEST ANSWER

Add npm install before "AdvancedSecurity-Dependency-Scanning" task. For example:

- task: CmdLine@2
  inputs:
    script: |
      cd my-vue-app
      npm install
- task: AdvancedSecurity-Dependency-Scanning@1

Then you will see the details like this: enter image description here

Related Questions in AZURE-DEVOPS

Related Questions in GITHUB-ADVANCED-SECURITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions