Unified Agent Configuration for Native Integrations

Overview

This page describes the Unified Agent configuration parameters used when running a scan via either the Azure DevOps Services integration or Repo integrations.

Ignored Configuration File Parameters

This section contains a list of all Unified Agent configuration sections (including their parameters) that are ignored when running a scan via the Azure DevOps Services integration or Repo integrations.

• Organization Vitals

• Policies

• General

  • except for commandTimeout which can be set

• Scan Modes

• SCM Settings

Configuration File Parameters

Package Manager Dependency Resolvers

Java

Maven

• maven.aggregateModules=true

• maven.ignoreSourceFiles=true

• maven.ignoreMvnTreeErrors=true

• maven.ignoredScopes=<empty> (by default, no scopes are ignored)

Gradle

• gradle.aggregateModules=true

• gradle.ignoreSourceFiles=true

JavaScript

NPM + Yarn

• npm.runPreStep=true

• npm.ignoreNpmLsErrors=true

• npm.includeDevDependencies=true

• npm.identifyByNameAndVersion=true

• npm.ignoreScripts=true

  • Setting npm.ignoreScripts=false allows npm lifecycle scripts to run during installation, which may be useful in some edge cases where packages require setup steps.

  • This option is not supported in Repository Integrations and will be ignored by design. This restriction helps prevent execution of potentially malicious scripts present in public or compromised packages.

Bower

• bower.runPreStep=true

• bower.ignoreSourceFiles=true

C#

NuGet

• nuget.runPreStep=true

Paket

• paket.runPreStep=true

Python

• python.ignorePipInstallErrors=true

• python.installVirtualenv=true

• python.resolveSetupFiles=true

• python.runPipenvPreStep=true

• python.IgnorePipenvInstallErrors=true

• python.runPoetryPreStep=true

Go

• go.collectDependenciesAtRuntime=true

• go.ignoreSourceFiles=true

Scala

• sbt.runPreStep=true

R

• r.runPreStep=true

• r.cranMirrorUrl=https://cloud.r-project.org/

PHP

• php.runPreStep=true

Ruby

• ruby.installMissingGems=true

• ruby.runBundleInstall=true

Objective C, Swift

CocoaPods

• cocoapods.runPreStep=true

Elixir, Erlang

Hex

• hex.runPreStep=true

Haskell

• haskell.runPreStep=true

• haskell.ignorePreStepErrors=true

General Parameters

• projectPerFolder=false

In Repo integrations, this parameter is always false.

Includes/Excludes Glob Patterns

• includes=**/*c **/*cc **/*cp **/*cpp **/*cxx **/*c++ **/*h **/*hh **/*hpp **/*hxx **/*h++ **/*m **/*mm **/*pch **/*c# **/*cs **/*csharp **/*go **/*goc **/*js **/*pl **/*plx **/*pm **/*ph **/*cgi **/*fcgi **/*pod **/*psgi **/*al **/*perl **/*t **/*pl6 **/*p6m **/*p6l **/*pm6 **/*nqp **/*6pl **/*6pm **/*p6 **/*php **/*py **/*rb **/*swift **/*java **/*clj **/*cljx **/*cljs **/*cljc **/*jar **/*egg **/*dll **/*tar.gz **/*tgz **/*zip **/*whl **/*gem **/*apk **/*air **/*dmg **/*exe **/*gem **/*gzip **/*msi **/*nupkg **/*swc **/*swf **/tar.bz2 **/pkg.tar.xz **/(u)?deb **/(a)?rpm

• excludes=*/., **/node_modules, **/src/test, **/testdata, **/*sources.jar, **/*javadoc.jar

Archive Properties

• archiveExtractionDepth=0

• archiveIncludes=**/*war **/*ear **/*zip **/*whl **/*tar.gz **/*tgz **/*tar **/*car

• archiveExcludes=**/*sources.jar **/*javadoc.jar /tests/

Environment Variables

The Unified Agent can be configured in the Scanner of the repository integrations using the convention explained here.

Reachability Parameter Enforcement

When reachability is activated, the following UA parameters are enforced:

• npm.removeDuplicateDependencies

• Gradle.innerModulesAsDependencies

• keepTempFolders