I am trying to integrate a pipeline with Veracode (which uses a Java jar file in the pipeline process) but don't want to install Java on the agent. Rather I am just using a container to run the command in like so:
resources:
containers:
- container: java
image: somepackagerepo.com/java-build
...(omitted)
- script: |
curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
unzip -o pipeline-scan-LATEST.zip
java -jar pipeline-scan.jar -vid $(ID) -vkey $(SECRET) -f $(build.ArtifactStagingDirectory)\MyApi || true
target:
container: java
displayName: Run Veracode Scan
The issue is I always end up getting
Insufficient permissions to read file: '/__w/6/aMyApi
(not sure what the a in front of the MyApi comes from?)
I figure that the container that the command is running in is having an issue reading the artifact that is published in the $(build.ArtifactStagingDirectory) area on the agent. Is there a way that I can copy my artifact down into my container or change permissions so it can be able to read it?
Insufficient permissions to read file: '/__w/6/aMyApi
The a in front of the MyApi is from the Pipeline variable: $(build.ArtifactStagingDirectory).
The value of the variable is : /__w/6/a.
It doesn't seem to miss the \ in your command. You can change to use \\ in Ubuntu System.
For example:
java -jar pipeline-scan.jar -vid $(ID) -vkey $(SECRET) -f $(build.ArtifactStagingDirectory)\\MyApi || true