I have a .net core application for which I’m trying to add Sonatype scanning. I have the following task definition running on an ubuntu Azure DevOps build agent:
- task: NexusIqPipelineTask@1
displayName: "Sonatype Lifecycle Scan"
inputs:
nexusIqService: 'myConnection'
applicationId: 'myApplication'
stage: 'Build'
scanTargets: '/home/vsts/.nuget/packages/**/*.nupkg'
I’ve been able to validate that all the packages are, in fact, restored to /home/vsts/.nuget/packages prior to this task’s execution. The task result is:
Starting: Sonatype Lifecycle Scan
==============================================================
Task : Nexus IQ for Azure DevOps
Description : The Nexus IQ for Azure DevOps extension provides full component intelligence and the ability to run policy against your application.
Version : 1.2.6
Author : SonatypeIntegrations
Help :
==============================================================
adca41d5-4b6d-4547-a21e-7c8c20eebb82 exists true
===============================================================
User input: applicationId = myApplication
User input: stage = Build
User input: scanTargetPatterns = /home/vsts/.nuget/packages/**/*.nupkg
User input: ignoreSystemError = false
User input: javaSystemProperties = null
==============================================================
Nexus IQ Endpoint: url = https://MyUrl/
Nexus IQ Endpoint: user = ***
===============================================================
##[error]No files have been found to scan
Document with latest policy results has been updated
Finishing: Sonatype Lifecycle Scan
Please advise on the correct syntax for the task to pick up .nupkg files.
Thanks!