Hello,
I use pipeline to make the dependency check to find vulnerabilities in dependencies
pipelines:
custom:
generateVulnerabilitiesReport:
- step:
name: Generate Vulnerabilities Report
caches:
- maven
script:
- mvn compile org.owasp:dependency-check-maven:aggregate
Then, an HTML report is generated, shown in build console as follows:
[INFO] Writing report to: /opt/atlassian/pipelines/agent/build/target/dependency-check-report.html
My concern is how to make this report available to be reviewed later and be shown the pipeline result.
Thanks for your help
Hi @Wassim Drira ,
You can add the following in your bitbucket-pipelines.yml file, in the script that generates this file, after the command that generates it:
- cat target/dependency-check-report.html
When a build finishes, if you expand this command in the Pipelines log, you will see the content of this file.
Is this something that works for you?
Kind regards,
Theodora
Hi,
Thanks for your help. I am looking for better solution to make report readable on the execution result.
best regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Wassim,
Thank you for your reply.
I'm not sure what are the contents of this file, but if the issue with the 'cat' command is html tags cluttering the output, you can try using a text-based web browser, like lynx or w3m.
You can install either of these tools during the Pipelines build and then display the contents of the report. If you're using in Pipelines a Docker image based on Ubuntu, you can do the installation and display the report by using these commands in your yml file:
w3m:
- apt-get install -y w3m
- w3m -dump target/dependency-check-report.html
lynx:
- apt-get install -y lynx
- lynx -dump target/dependency-check-report.html
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.