Enabling security scans (Azure#639)

* Enaling security scans * Test commit
juraj-blazek · Aug 6, 2019 · b5553f8 · b5553f8
1 parent 3a6ecec
commit b5553f8
Showing 1 changed file with 73 additions and 73 deletions.
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -9,79 +9,79 @@ variables:
 
 
 jobs: 
-##- job: 
-##  displayName: Static Analysis
-##  pool:
-##    vmImage: '$(VmImage)' # https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops
-##    
-##  steps:
-##  - checkout: self  # self represents the repo where the initial Pipelines YAML file was found
-##    clean: true  # if true, execute `execute git clean -ffdx && git reset --hard HEAD` before fetching
-##    lfs: true  # whether to download Git-LFS files; defaults to false
-##      
-##  #Analyze source code for type of content and target types to help determine which tools to run 
-##  - task: securedevelopmentteam.vss-secure-development-tools.build-task-autoapplicability.AutoApplicability@1
-##    displayName: 'AutoApplicability'
-##    inputs:
-##      VerboseWriter: true
-##      ExternalRelease: true
-##      InternalRelease: true
-##      IsService: true
-##      IsSoftware: true    
-##    
-##  # Analyze source and build output text files for credentials
-##  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
-##    displayName: 'CredScan'
-##    inputs:
-##      scanFolder: $(Build.SourcesDirectory)
-##      suppressionsFile: CredScanSuppressions.json 
-##      debugMode: true
-##  
-##  # Scan text elements including code, code comments, and content/web pages, for sensitive terms based on legal, cultural, or geopolitical reasons
-##  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
-##    displayName: 'PoliCheck'
-##    inputs:
-##      targetType: F
-##      
-##  # AntiMalware scan
-##  - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
-##    displayName: 'AntiMalware'
-##    inputs:
-##      EnableServices: true
-##  
-##  # Run checks for recently discovered vulnerabilities which are not yet incorporated to another tool
-##  - task: securedevelopmentteam.vss-secure-development-tools.build-task-vulnerabilityassessment.VulnerabilityAssessment@0
-##    displayName: 'Vulnerability Assessment'
-##    
-##  - task: DotNetCoreCLI@2
-##    displayName: Build Microsoft.Azure.Cosmos.sln
-##    inputs:
-##      command: build 
-##      projects: 'Microsoft.Azure.Cosmos.sln'
-##      configuration: '$(BuildConfiguration)'
-##      publishTestResults: true 
-##      
-###  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
-###    displayName: 'BinSkim'
-###    inputs:
-###      InputType: Basic
-##
-##  # Publish Analysis Results (position after all tools ran)
-##  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
-##    displayName: 'Publish Security Analysis Logs'
-##
-##  # The Post-Analysis build task will analyze the log files produced by the tools, and introduce a build break
-##  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
-##    displayName: 'Post Analysis'
-##    inputs:
-##      AllTools: true
-##        
-##
-###- template:  templates/build-test.yml
-###  parameters:
-###    BuildConfiguration: Debug
-###    Arguments: $(DebugArguments)
-###    VmImage: $(VmImage)
+- job: 
+  displayName: Static Analysis 
+  pool:
+    vmImage: '$(VmImage)' # https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops
+
+  steps:
+  - checkout: self  # self represents the repo where the initial Pipelines YAML file was found
+    clean: true  # if true, execute `execute git clean -ffdx && git reset --hard HEAD` before fetching
+    lfs: true  # whether to download Git-LFS files; defaults to false
+
+  #Analyze source code for type of content and target types to help determine which tools to run 
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-autoapplicability.AutoApplicability@1
+    displayName: 'AutoApplicability'
+    inputs:
+      VerboseWriter: true
+      ExternalRelease: true
+      InternalRelease: true
+      IsService: true
+      IsSoftware: true    
+
+  # Analyze source and build output text files for credentials
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
+    displayName: 'CredScan'
+    inputs:
+      scanFolder: $(Build.SourcesDirectory)
+      suppressionsFile: CredScanSuppressions.json 
+      debugMode: true
+
+  # Scan text elements including code, code comments, and content/web pages, for sensitive terms based on legal, cultural, or geopolitical reasons
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
+    displayName: 'PoliCheck'
+    inputs:
+      targetType: F
+
+  # AntiMalware scan
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
+    displayName: 'AntiMalware'
+    inputs:
+      EnableServices: true
+
+  # Run checks for recently discovered vulnerabilities which are not yet incorporated to another tool
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-vulnerabilityassessment.VulnerabilityAssessment@0
+    displayName: 'Vulnerability Assessment'
+
+  - task: DotNetCoreCLI@2
+    displayName: Build Microsoft.Azure.Cosmos.sln
+    inputs:
+      command: build 
+      projects: 'Microsoft.Azure.Cosmos.sln'
+      configuration: '$(BuildConfiguration)'
+      publishTestResults: true 
+
+#  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
+#    displayName: 'BinSkim'
+#    inputs:
+#      InputType: Basic
+
+  # Publish Analysis Results (position after all tools ran)
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
+    displayName: 'Publish Security Analysis Logs'
+
+  # The Post-Analysis build task will analyze the log files produced by the tools, and introduce a build break
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
+    displayName: 'Post Analysis'
+    inputs:
+      AllTools: true
+
+
+#- template:  templates/build-test.yml
+#  parameters:
+#    BuildConfiguration: Debug
+#    Arguments: $(DebugArguments)
+#    VmImage: $(VmImage)
 
 - template:  templates/build-test.yml
   parameters: