I have a White Source task in my Azure DevOps pipeline. The task looks like this:
- task: WhiteSource@21
inputs:
cwd: '$(System.DefaultWorkingDirectory)/sources/'
configuration: |
excludes=**/Examples/**
case.sensitive.glob=false
followSymbolicLinks=true
The problem is that excludes parameter does not work.
In the logs of my pipeline I can see following text:
##### general #####
... <-- some logs here
#excludes=
... <-- some logs here
As you can see, exclude is empty in the logs, although it's not empty in the configs. And in the White Source report I can see a vulnerable library XYZ, which is used by code in projects inside the Examples folder only and which was excluded. Thus I conclude that excludes parameter doesn't work.
I would appreciate for any help.
The exclude parameter needs to be set as an environment variable. The docs mention this: https://docs.mend.io/bundle/unified_agent/page/unified_agent_configuration_parameters.html#Configuration-File-Parameters
However, after some trial and error, I found that the environment variable needs to be named WS_EXCLUDES for it to be picked up correctly by the Whitesource Azure DevOps task.
It can be added as a regular pipeline variable scoped to the pipeline, stage or job.