forked from Azure/azure-cosmos-dotnet-v3
-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-pipelines.yml
93 lines (76 loc) · 3.42 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
pr:
branches:
include:
- releases/*
# - master
variables:
DebugArguments: ' --filter "TestCategory!=Quarantine" --verbosity detailed'
ReleaseArguments: ' --filter "TestCategory!=Quarantine" --verbosity detailed '
VmImage: windows-latest # https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops
jobs:
- job:
displayName: Static Analysis
pool:
vmImage: '$(VmImage)' # https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops
steps:
- checkout: self # self represents the repo where the initial Pipelines YAML file was found
clean: true # if true, execute `execute git clean -ffdx && git reset --hard HEAD` before fetching
lfs: true # whether to download Git-LFS files; defaults to false
#Analyze source code for type of content and target types to help determine which tools to run
- task: securedevelopmentteam.vss-secure-development-tools.build-task-autoapplicability.AutoApplicability@1
displayName: 'AutoApplicability'
inputs:
VerboseWriter: true
ExternalRelease: true
InternalRelease: true
IsService: true
IsSoftware: true
# Analyze source and build output text files for credentials
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
displayName: 'CredScan'
inputs:
scanFolder: $(Build.SourcesDirectory)
suppressionsFile: CredScanSuppressions.json
debugMode: true
# Scan text elements including code, code comments, and content/web pages, for sensitive terms based on legal, cultural, or geopolitical reasons
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
displayName: 'PoliCheck'
inputs:
targetType: F
# AntiMalware scan
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
displayName: 'AntiMalware'
inputs:
EnableServices: true
# Run checks for recently discovered vulnerabilities which are not yet incorporated to another tool
- task: securedevelopmentteam.vss-secure-development-tools.build-task-vulnerabilityassessment.VulnerabilityAssessment@0
displayName: 'Vulnerability Assessment'
- task: DotNetCoreCLI@2
displayName: Build Microsoft.Azure.Cosmos.sln
inputs:
command: build
projects: 'Microsoft.Azure.Cosmos.sln'
configuration: '$(BuildConfiguration)'
publishTestResults: true
# - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
# displayName: 'BinSkim'
# inputs:
# InputType: Basic
# Publish Analysis Results (position after all tools ran)
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
displayName: 'Publish Security Analysis Logs'
# The Post-Analysis build task will analyze the log files produced by the tools, and introduce a build break
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
displayName: 'Post Analysis'
inputs:
AllTools: true
#- template: templates/build-test.yml
# parameters:
# BuildConfiguration: Debug
# Arguments: $(DebugArguments)
# VmImage: $(VmImage)
- template: templates/build-test.yml
parameters:
BuildConfiguration: Release
Arguments: $(ReleaseArguments)
VmImage: $(VmImage)