AEM as cloud service - Skip third party dependencies in code scanning step | Community
Skip to main content
S
subsul1
Level 2
February 7, 2022

AEM as cloud service - Skip third party dependencies in code scanning step

  • February 7, 2022
  • 1 reply
  • 1176 views

In AEM as cloud service build pipeline, there is a step which scans the code for vulnerabilities.

My codebase has references to third party libraries like acs-commons etc. How do i tell the pipeline to exclude these libraries during the code scanning step, because currently it is reporting a ton of critical and blocker bugs from acs-commons 😑

 

<embedded>
    <groupId>org.jsoup</groupId>
    <artifactId>jsoup</artifactId>
    <target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
    <groupId>com.adobe.acs</groupId>
    <artifactId>acs-aem-commons-ui.apps</artifactId>
    <type>zip</type>
    <target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
    <groupId>com.adobe.acs</groupId>
    <artifactId>acs-aem-commons-ui.content</artifactId>
    <type>zip</type>
    <target>/apps/prj-vendor-packages/content/install</target>
</embedded>

 

Thanks

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

Sanjay_Bangar
Community Advisor
Sanjay_BangarCommunity Advisor
Community Advisor
February 7, 2022

Hi @subsul1 ,

       After code scan you will get option for review.Click on review and select the option override and approved.

It will overridden the changes and deployed to the cloud.

 

Kr,

Sanjay

    S
    subsul1Author
    Level 2
    February 7, 2022

    Thanks for the reply, i'm aware of this.

    I would like to include only packages part of my source code in the code scanning tool, how do I do that ?

      Sanjay_Bangar
      Community Advisor
      Sanjay_BangarCommunity Advisor
      Community Advisor
      February 18, 2022

      Hi @subsul1 ,

          In that case you need to create separate module for third party dependency and add this module to your parents and all pom.

      Kr,

      Sanjay

        Terms & ConditionsAccessibility statement

        Loading footer...