In AEM as cloud service build pipeline, there is a step which scans the code for vulnerabilities.
My codebase has references to third party libraries like acs-commons etc. How do i tell the pipeline to exclude these libraries during the code scanning step, because currently it is reporting a ton of critical and blocker bugs from acs-commons
<embedded>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
<groupId>com.adobe.acs</groupId>
<artifactId>acs-aem-commons-ui.apps</artifactId>
<type>zip</type>
<target>/apps/prj-vendor-packages/application/install</target>
</embedded>
<embedded>
<groupId>com.adobe.acs</groupId>
<artifactId>acs-aem-commons-ui.content</artifactId>
<type>zip</type>
<target>/apps/prj-vendor-packages/content/install</target>
</embedded>
Thanks
Views
Replies
Total Likes
Hi @subsul1 ,
After code scan you will get option for review.Click on review and select the option override and approved.
It will overridden the changes and deployed to the cloud.
Kr,
Sanjay
Thanks for the reply, i'm aware of this.
I would like to include only packages part of my source code in the code scanning tool, how do I do that ?
Views
Likes
Replies
Views
Likes
Replies