Azure DevOps - Nexus IQ Extension issue with scan Targets for Java Maven

Hi

I have created Java Maven pipeline using YAML.

Wherein i am using Nexus IQ Extension 1.2.1 for Nexus IQ Policy Evaluation

below is the Task in my pipeline -

- task: SonatypeIntegrations.nexus-iq-azure-extension.nexus-iq-azure-pipeline-ask.NexusIqPipelineTask@1
displayName: ‘Nexus IQ Policy Evaluation’
inputs:
nexusIqService: $(Serviceconnection.Nexus.IQ.Name)
applicationId: $(appname_nexus_lc)
scanTargets: '**/
.jar, **/.war, **/.ear, **/*.tar.gz’

Nexus IQ is unable to scan targets in the Azure DevOps -> Java Build Pipeline.

I have also tried with giving scan targets as below-

scanTargets : ‘$(Build.ArtifactsStagingDirectory)/**/*.war’’

Also with hard coded values scanTargets is unable to scan the Artifacts.

any ideas.

I believe this is related, https://ideas.sonatype.com/ideas/IDEAS-I-612, copying the response from there:

The ability to scan the Artifacts Staging Directory is on the list of improvements we’d like to add to the Azure DevOps extension. The team rotates investment through our portfolio of integrations and there isn’t any planned work on Azure DevOps, however, when we circle back to it we will entertain how to fulfill this. Thanks for the idea.

Hi Justin
I think Im facing the exact same problem. The task does not find anything from the Build.ArtifactStagingDirectory even though my .war is right there.
Am I right to assume that basically right now the extention cannot scan from the Artifacts Staging Directory, but it would from some other directory?

Correct, currently the scanning occurs within “Build.Repository.LocalPath” but not in “Build.ArtifactStagingDirectory”. We have a ticket in the backlog to fix but no timetable as to when we will be able to address this.

In the meantime, as a workaround you could create a directory symlink from “Build.Repository.LocalPath” to “Build.ArtifactStagingDirectory”