Dependency Report shows no vulnerablities

[alfstglo-fadv]

My OWASP dependency reports stopped listing vulernabilies, when I know there are many. I recently had to do a --purge which might be when they broke. What could be wrong?

Yml

  - task: dependency-check-build-task@6
    inputs:
      dependencyCheckVersion: '8.0.0'
      projectName: 'Mailer'
      scanPath: '$(system.defaultworkingdirectory)/services/mailer'
      format: 'ALL'
      reportsDirectory: '$(Agent.TempDirectory)/dependency-scan-results/

Build Info:

Associated artifact 59630 with build 88751
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 132,867 bytes.
Uploaded 132,867 out of 132,867 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/Mailer/dependency-check-report.html' to file container: '#/25865850/dependency-check'
Associated artifact 59630 with build 88751
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 2,436 bytes.
Uploaded 2,436 out of 2,436 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/Mailer/dependency-check-report.json' to file container: '#/25865850/dependency-check'
Associated artifact 59630 with build 88751
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 2,242 bytes.
Uploaded 2,242 out of 2,242 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/Mailer/dependency-check-report.sarif' to file container: '#/25865850/dependency-check'
Associated artifact 59630 with build 88751
Async Command End: Upload Artifact
Async Command Start: Upload Artifact
Uploading 1 files
Max dedup parallelism: 192
Building file tree
Uploaded 0 out of 2,263 bytes.
Uploaded 2,263 out of 2,263 bytes.
Associating files
Total files: 1 ---- Associated files: 0 (0%)
File upload succeed.
Upload '/home/azdevops/myagent-04/_work/_temp/dependency-scan-results/Mailer/dependency-check-report.xml' to file container: '#/25865850/dependency-check'
Associated artifact 59630 with build 88751
Async Command End: Upload Artifact
Finishing: dependencycheckbuildtask

Report:

Project: Mailer
Scan Information ([show all](https://codequality.com/project/extension/dependencycheck/report_page?
id=mailer&branch=master
dependency-check version: 8.0.0
Report Generated On: Tue, 16 Apr 2024 13:39:30 -0400
Dependencies Scanned: 1 (1 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0

[alfstglo-fadv]

I will add that i have multiple projects using the same build agent folder. Each project use it's own setting report directory. Each build is using the same folder for downloading dependecy-check.

E.g. The folder/command is the same for each project's build
/home/azdevops/myagent-04/_work/_tasks/dependency-check-build-task_47ea1f4a-57ba-414a-b12e-c44f42765e72/6.2.3/dependency-check/bin/dependency-check.sh

Is something cached in the dependency-check folder that is causing the dependecy report to break?
Do I have to use a different build agent for each project ?

[aikebah]

You provide 0 output of dependencycheck. So you need to make your task capture the SysOut/SysErr of the shell command (dependencycheck.sh invocation) if you want this project to give you any advice.

[alfstglo-fadv]

In first comment there is section 'Build Info" that contains all the out for 'dependency-check-build-task'

[aikebah]

You need to check with the authors and documentation of the azure dependency-check-build-task how to obtain the output of the dependencycheck.sh that they invoke in the task.