White Source Azure DevOps task exclude parameter not working

Question

I have a White Source task in my Azure DevOps pipeline. The task looks like this:

- task: WhiteSource@21
  inputs:
    cwd: '$(System.DefaultWorkingDirectory)/sources/'
    configuration: |
      excludes=**/Examples/**
      case.sensitive.glob=false
      followSymbolicLinks=true

The problem is that excludes parameter does not work.

In the logs of my pipeline I can see following text:

##### general #####
... <-- some logs here
#excludes=
... <-- some logs here

As you can see, exclude is empty in the logs, although it's not empty in the configs. And in the White Source report I can see a vulnerable library XYZ, which is used by code in projects inside the Examples folder only and which was excluded. Thus I conclude that excludes parameter doesn't work.

I would appreciate for any help.

Did you manage to resolve the issue? Currently looking into the exact same issue where the excludes parameter seems to be ignored. — Matthijs de Regt, Jan 12 '22 at 11:35
@MatthijsdeRegt, unfortunately no. The issue is valid so far. — Alexander Lysenko, Jan 12 '22 at 12:32

score 0 · Answer 1 · answered Aug 29 '23 at 09:30

The exclude parameter needs to be set as an environment variable. The docs mention this: https://docs.mend.io/bundle/unified_agent/page/unified_agent_configuration_parameters.html#Configuration-File-Parameters

However, after some trial and error, I found that the environment variable needs to be named WS_EXCLUDES for it to be picked up correctly by the Whitesource Azure DevOps task.

It can be added as a regular pipeline variable scoped to the pipeline, stage or job.

White Source Azure DevOps task exclude parameter not working

1 Answers1