Security scan fails because requirements need package installation
My project uses IBM MQ infrastructure. We’re utilizing pymq as a client library. Unfortunately, it needs IBM packages (debs or rpms) installed on the system before python dependencies installation.
Enterprise policy enables security scans via Policies, by calling dependency_scanning action. Obviously scanning fails on the requirement installation due to missing rpms. I tested and I can import Dependency-Scanning component, use pre-script and install missing debs (they’re stored in the git to simplify deployment). But the policy-triggered task is still there and is failing.
What can I do? Is there any way to impact scan execution policy job in order to install missing debs? Any hooks? Or maybe I can somehow disable the scanning on the project level?
thanks!
Olek