CODEWITHSUNDEEP
azureazure-devopsazure-pipelines
dkhayutin
dkhayutin

Reputation: 33

Azure DevOps Pipeline Fail: Sequence was not expected

I am very new to azure, so I apologize if this is a bit hard to follow or unclear. I will do my best. I am attempting to use the OWASP Dependency Check within the pipeline tasks to scan for vulnerabilities with a simple React Web App. I imported the repo from github and set up a pipeline successfully (I believe), but when I tried to add the OWASP Dependency Check the run failed and returned a Encountered error(s) while parsing pipeline YAML: /azure-pipelines.yml (Line: 2, Col: 1): A sequence was not expected /azure-pipelines.yml: (Line: 13, Col: 1, Idx: 427) - (Line: 13, Col: 1, Idx: 427): While scanning a simple key, could not find expected ':'.

For reference, here is what the azure-pipeline.yml looks like

# Node.js
- task: OWASPDependencyCheck@0
  inputs:
    outputDirectory: '$(Agent.TempDirectory)/dependency-scan-results'
    scanDirectory: '$(Build.SourcesDirectory)'
    outputFormat: 'ALL'
    useSonarQubeIntegration: true
# Build a general Node.js project with npm.
# Add steps that analyze code, save build artifacts, deploy, and more:
# https://learn.microsoft.com/azure/devops/pipelines/languages/javascript

trigger:
- master

pool:
  vmImage: ubuntu-latest

steps:
- task: NodeTool@0
  inputs:
    versionSpec: '10.x'
  displayName: 'Install Node.js'

- script: |
    npm install
    npm run build
  displayName: 'npm install and build'

I am honestly not to sure where to go from here or what other info I could provide to help solve this issue, but if anyone has any suggestions, I'd love to hear them.

Upvotes: 0

Views: 4327

Answers (1)

Krzysztof Madej
Krzysztof Madej

Reputation: 40849

The issue is your OWASPDependencyCheck@0. Please put it inside the steps.

# Build a general Node.js project with npm.
# Add steps that analyze code, save build artifacts, deploy, and more:
# https://learn.microsoft.com/azure/devops/pipelines/languages/javascript

trigger:
- master

pool:
  vmImage: ubuntu-latest

steps:
- task: NodeTool@0
  inputs:
    versionSpec: '10.x'
  displayName: 'Install Node.js'

- script: |
    npm install
    npm run build
  displayName: 'npm install and build'

- task: OWASPDependencyCheck@0
  inputs:
    outputDirectory: '$(Agent.TempDirectory)/dependency-scan-results'
    scanDirectory: '$(Build.SourcesDirectory)'
    outputFormat: 'ALL'
    useSonarQubeIntegration: true

Upvotes: 2

Related Questions