using: “Nexus IQ for Azure DevOps” v1.3.28 (classic mode)
Maybe someone could help me to understand how to configure the “Scan Targets” in the right way.
We have a node.js project which should be scanned. The following behave could be observed in the logs:
a) leaving “Scan Targets” empty
User input: scanTargetPatterns = **\*.jar, **\*.war, **\*.ear, **\*.zip, **\*.tar.gz
No files have been found to scan
b) entering “**”
User input: scanTargetPatterns = **
Scanned 16941 total files
additionally: as well “.git” folder is scanned
Also: no excludes are there (see below)
If we download manually the nexus cli scanner and use it, there are auto-excludes:
[INFO] Scan target: D:\Builds\xxxxxx\s\. [INFO] Scan configuration properties: [INFO] dirExcludes=**/.*, **/CVS [INFO] dirIncludes= [INFO] fileExcludes= [INFO] fileIncludes=
Which raises more questions:
- Why are no auto-excludes in the Azure DevOps Task?
- How to configure excludes in the Azure DevOps Task?