Add CredScan job to CI (Azure#1125)

jddarby · Nov 29, 2019 · e6d3ecd · e6d3ecd
1 parent b380d35
commit e6d3ecd
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 0 deletions.
diff --git a/CredScanSuppressions.json b/CredScanSuppressions.json
@@ -0,0 +1,26 @@
+{
+  "tool": "Credential Scanner",
+  "suppressions": [
+    {
+      "placeholder": "ManangementGroupServicePrincipal%40123",
+      "_justification": "[ManagementGroups] hard code dummy password"
+    },
+    {
+      "file": [
+        "src\\eventgrid\\azext_eventgrid\\tests\\latest\\recordings\\test_create_domain.yaml",
+        "src\\eventgrid\\azext_eventgrid\\tests\\latest\\recordings\\test_create_topic.yaml"
+      ],
+      "_justification": "false alarm about 'Found General Symmetric Key'"
+    },
+    {
+      "file": [
+        "src\\mixed-reality\\azext_mixed_reality\\tests\\latest\\recordings\\test_spatial_anchors_account_scenario.yaml"
+      ],
+      "_justification": "[MixedReality] Found Azure Shared Access Key / Web Hook Token"
+    },
+    {
+      "placeholder": "aduser",
+      "_justification": "[NetAppFiles] Add suppression for false alarm in comments of _help.py"
+    }
+  ]
+}
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -8,6 +8,33 @@ trigger:
     - '*'
 
 jobs:
+- job: CredScan
+  displayName: "Credential Scan"
+
+  pool:
+    vmImage: "windows-2019"
+  steps:
+  - task: CredScan@2
+    inputs:
+      toolMajorVersion: 'V2'
+
+  - task: PostAnalysis@1
+    inputs:
+      AllTools: false
+      APIScan: false
+      BinSkim: false
+      CodesignValidation: false
+      CredScan: true
+      FortifySCA: false
+      FxCop: false
+      ModernCop: false
+      PoliCheck: false
+      RoslynAnalyzers: false
+      SDLNativeRules: false
+      Semmle: false
+      TSLint: false
+      ToolLogsNotFoundAction: 'Standard'
+
 # - job: SourceStatic
 #   displayName: "Source Code Static Check"
 #   pool: