Add cache method in documentation
LvffY opened this issue · 2 comments
Hello
I think that most people want to reduce the runtime of their pipelines.
Because of that, I recently needed to search for a way to cache dependency-check CVE data (because it was most of the time of the dependency-check analysis, even for large repositories with many dependencies.)
I think that we need to add an "official" method on how to cache dependency-check data. For example, in my case, my dependency-check analysis passed from 2m19s of execution to 13s ... Which can be greatly appreciated for most users !
My solution
Here is the solution I found (I don't necessarily say that is the best way, just my way, can take advices here :)) :
- task: Bash@3
displayName: 'Look for dependency-check data directory'
inputs:
targetType: 'inline'
script: |
# Find for dependency-check root directory
dc_directory=$(find $AGENT_WORKFOLDER/_tasks -type d -name dependency-check)
echo "##vso[task.setvariable variable=DEPENDENCY_CHECK_DATA]${dc_directory}/data"
- task: Cache@2
displayName: Cache dependency check data
inputs:
key: 'dependency-check | "$(Agent.OS)"'
path: $(DEPENDENCY_CHECK_DATA)
- task: dependency-check-build-task@6
displayName: Run dependency-check analysis
inputs:
projectName: $(System.TeamProject)_$(Build.Repository.Name)
scanPath: '.tox/**/py*'
format: 'ALL'
reportsDirectory: 'dependency-check'
warnOnCVSSViolation: true
enableExperimental: true
Thx for publishing your solution.
We run a nightly job that runs this command and zips up the files in the data
directory.
./dependency-check/bin/dependency-check.sh --updateonly
ls -la ./dependency-check/data
That zip file is pushed to a CDN that provides a fast download for the zip file.
Then, we use the following build task to pull the zip file and unpack it into the data directory before running the scan. The --noupdate
arg tells the scan to skip downloading the latest data sets
- task: dependency-check-build-task@6
displayName: Run OWASP Dependency Check
inputs:
projectName: 'SCA'
scanPath: '/tmp/app.jar'
format: 'ALL'
dependencyCheckVersion: '7.4.4'
dataMirror: 'https://mycdn.com/data/7.4.4.zip'
additionalArguments: '--noupdate'