In AEM as cloud service build pipeline, there is a step which scans the code for vulnerabilities.
My codebase has references to third party libraries like acs-commons etc. How do i tell the pipeline to exclude these libraries during the code scanning step, because currently it is reporting a ton of critical and blocker bugs from acs-commons
<embedded>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
<groupId>com.adobe.acs</groupId>
<artifactId>acs-aem-commons-ui.apps</artifactId>
<type>zip</type>
<target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
<groupId>com.adobe.acs</groupId>
<artifactId>acs-aem-commons-ui.content</artifactId>
<type>zip</type>
<target>/apps/prj-vendor-packages/content/install</target>
</embedded>
Thanks