Expand my Community achievements bar.

AEM as cloud service - Skip third party dependencies in code scanning step

Avatar

Level 3

In AEM as cloud service build pipeline, there is a step which scans the code for vulnerabilities.

My codebase has references to third party libraries like acs-commons etc. How do i tell the pipeline to exclude these libraries during the code scanning step, because currently it is reporting a ton of critical and blocker bugs from acs-commons 

 

<embedded>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
<groupId>com.adobe.acs</groupId>
<artifactId>acs-aem-commons-ui.apps</artifactId>
<type>zip</type>
<target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
<groupId>com.adobe.acs</groupId>
<artifactId>acs-aem-commons-ui.content</artifactId>
<type>zip</type>
<target>/apps/prj-vendor-packages/content/install</target>
</embedded>

 

Thanks

3 Replies

Avatar

Community Advisor

Hi @subsul1 ,

       After code scan you will get option for review.Click on review and select the option override and approved.

It will overridden the changes and deployed to the cloud.

 

Kr,

Sanjay

Avatar

Level 3

Thanks for the reply, i'm aware of this.

I would like to include only packages part of my source code in the code scanning tool, how do I do that ?

Avatar

Community Advisor

Hi @subsul1 ,

    In that case you need to create separate module for third party dependency and add this module to your parents and all pom.

Kr,

Sanjay