DAST scan not triggering via Azure Pipeline when using FCLI ≥ 3.9.0 #917
Description
Current Behavior
When triggering a DAST scan (DAST Automated Scan Type) via FCLI from an Azure DevOps pipeline for a new release, the scan does not start automatically.
The DAST scan only triggers successfully in these cases:
• If the release already has at least one existing scan (for example, a SAST scan)
• If the DAST scan is started manually from the OpenText portal
Effectively, FCLI is unable to initiate the first scan for a new release starting from version 3.9.0.
Expected Behavior
The DAST scan should trigger automatically from the Azure DevOps pipeline even when no previous scan exists for a new release, as it does when using FCLI version 3.8.1 and earlier.
Steps To Reproduce
Steps To Reproduce
1. Create a new release in OpenText CAS (no existing scans associated).
2. Configure an Azure DevOps pipeline to trigger a DAST scan using FCLI (DAST Automated Scan Type).
3. Run the pipeline using FCLI version 3.9.0 or later.
4. Observe that the DAST scan does not start with azure pipeline
Optional verification:
5. Manually trigger the DAST scan from the OpenText portal — scan starts successfully.
6. Alternatively, create a SAST scan for the same release.
7. Re-run the pipeline — DAST scan now starts successfully.
Repeat the same steps using FCLI 3.8.1 and observe that the DAST scan triggers correctly from azure pipeline even for a brand-new release.
Environment
CI/CD: Azure DevOps Pipeline running on VMSS Agents
• Scan Type: DAST Automated Scan
• FCLI versions tested:
• 3.8.1 – Works as expected
• 3.9.0+ – Fails for new releases without prior scans
• OpenText CAS (cloud)Anything else?
OpenText CAS support confirmed the issue is not on the CAS side and appears to originate from FCLI.
• They recommended raising this issue with the FCLI development team.