Hello,
We gave a pipeline running `atlassian/bitbucket-dependency-scanner:0.8.0` and it started failing with the following warning.
I tried some ways to pass the `--propertyfile`, but they failed.
Is there any guidance on how to do that?
Could we pass a variable like is done for `NVD_API_KEY`?
Error message:
✖ Dependency scan failed. The result status code: 14, [WARN] ossIndexPassword used on the command line, consider moving the password to a properties file using the key `analyzer.ossindex.password` and using the --propertyfile argument instead
How it is implemented:
- step:
name: Dependency Vulnerability Scan
script:
- npm ci
- pipe: atlassian/bitbucket-dependency-scanner:0.8.0
variables:
NVD_API_KEY: $NVD_API_KEY
EXTRA_ARGS:
- '--ossIndexUsername=$OSS_INDEX_USERNAME'
- '--ossIndexPassword=$OSS_INDEX_PASSWORD'
- '--failOnCVSS=4' # Medium
