I use pipeline to make the dependency check to find vulnerabilities in dependencies
name: Generate Vulnerabilities Report
- mvn compile org.owasp:dependency-check-maven:aggregate
Then, an HTML report is generated, shown in build console as follows:
[INFO] Writing report to: /opt/atlassian/pipelines/agent/build/target/dependency-check-report.html
My concern is how to make this report available to be reviewed later and be shown the pipeline result.
Thanks for your help
Hi @Wassim Drira ,
You can add the following in your bitbucket-pipelines.yml file, in the script that generates this file, after the command that generates it:
- cat target/dependency-check-report.html
When a build finishes, if you expand this command in the Pipelines log, you will see the content of this file.
Is this something that works for you?
Thank you for your reply.
I'm not sure what are the contents of this file, but if the issue with the 'cat' command is html tags cluttering the output, you can try using a text-based web browser, like lynx or w3m.
You can install either of these tools during the Pipelines build and then display the contents of the report. If you're using in Pipelines a Docker image based on Ubuntu, you can do the installation and display the report by using these commands in your yml file:
- apt-get install -y w3m
- w3m -dump target/dependency-check-report.html
- apt-get install -y lynx
- lynx -dump target/dependency-check-report.html
Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events