Adobe Experience Manager Sites & More

subsul1 · 2/6/22

In AEM as cloud service build pipeline, there is a step which scans the code for vulnerabilities.

My codebase has references to third party libraries like acs-commons etc. How do i tell the pipeline to exclude these libraries during the code scanning step, because currently it is reporting a ton of critical and blocker bugs from acs-commons

<embedded>
    <groupId>org.jsoup</groupId>
    <artifactId>jsoup</artifactId>
    <target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
    <groupId>com.adobe.acs</groupId>
    <artifactId>acs-aem-commons-ui.apps</artifactId>
    <type>zip</type>
    <target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
    <groupId>com.adobe.acs</groupId>
    <artifactId>acs-aem-commons-ui.content</artifactId>
    <type>zip</type>
    <target>/apps/prj-vendor-packages/content/install</target>
</embedded>

Thanks

Sanjay_Bangar · 2/7/22

Hi @subsul1 ,

After code scan you will get option for review.Click on review and select the option override and approved.

It will overridden the changes and deployed to the cloud.

Kr,

Sanjay

subsul1 · 2/7/22

Thanks for the reply, i'm aware of this.

I would like to include only packages part of my source code in the code scanning tool, how do I do that ?

Sanjay_Bangar · 2/18/22

Hi @subsul1 ,

In that case you need to create separate module for third party dependency and add this module to your parents and all pom.

Kr,

Sanjay

Adobe Experience Manager Sites & More

AEM as cloud service - Skip third party dependencies in code scanning step

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe