I have a .net core application for which I’m trying to add Sonatype scanning. I have the following task definition running on an ubuntu Azure DevOps build agent:
- task: NexusIqPipelineTask@1 displayName: "Sonatype Lifecycle Scan" inputs: nexusIqService: 'myConnection' applicationId: 'myApplication' stage: 'Build' scanTargets: '/home/vsts/.nuget/packages/**/*.nupkg'
I’ve been able to validate that all the packages are, in fact, restored to /home/vsts/.nuget/packages prior to this task’s execution. The task result is:
Starting: Sonatype Lifecycle Scan ============================================================== Task : Nexus IQ for Azure DevOps Description : The Nexus IQ for Azure DevOps extension provides full component intelligence and the ability to run policy against your application. Version : 1.2.6 Author : SonatypeIntegrations Help : ============================================================== adca41d5-4b6d-4547-a21e-7c8c20eebb82 exists true =============================================================== User input: applicationId = myApplication User input: stage = Build User input: scanTargetPatterns = /home/vsts/.nuget/packages/**/*.nupkg User input: ignoreSystemError = false User input: javaSystemProperties = null ============================================================== Nexus IQ Endpoint: url = https://MyUrl/ Nexus IQ Endpoint: user = *** =============================================================== ##[error]No files have been found to scan Document with latest policy results has been updated Finishing: Sonatype Lifecycle Scan
Please advise on the correct syntax for the task to pick up .nupkg files.