From 7368a0d4b5b29f1e688184fadf734b2de65bc47b Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 1 Apr 2019 11:35:40 -0700 Subject: [PATCH 1/2] Add CredScan CI --- .vsts-ci/misc-anlysis.yml | 21 +++++++++++++++++++++ .vsts-ci/templates/credscan.yml | 31 +++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 .vsts-ci/misc-anlysis.yml create mode 100644 .vsts-ci/templates/credscan.yml diff --git a/.vsts-ci/misc-anlysis.yml b/.vsts-ci/misc-anlysis.yml new file mode 100644 index 0000000..d8a63fb --- /dev/null +++ b/.vsts-ci/misc-anlysis.yml @@ -0,0 +1,21 @@ +name: PR-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)$(Rev:.rr) +trigger: + # Batch merge builds together while a merge build is running + batch: true + branches: + include: + - master + - release* + +pr: + branches: + include: + - master + - release* + +resources: +- repo: self + clean: true + +jobs: +- template: templates/credscan.yml \ No newline at end of file diff --git a/.vsts-ci/templates/credscan.yml b/.vsts-ci/templates/credscan.yml new file mode 100644 index 0000000..3aa26a3 --- /dev/null +++ b/.vsts-ci/templates/credscan.yml @@ -0,0 +1,31 @@ +parameters: + pool: 'Hosted VS2017' + jobName: 'credscan' + displayName: Secret Scan + +jobs: +- job: ${{ parameters.jobName }} + pool: + name: ${{ parameters.pool }} + + displayName: ${{ parameters.displayName }} + + steps: + - powershell: Write-Host "##vso[build.updatebuildnumber]$env:BUILD_SOURCEBRANCHNAME-$env:BUILD_SOURCEVERSION-$((get-date).ToString("yyyyMMddhhmmss"))" + displayName: Set Build Name for Non-PR + condition: ne(variables['Build.Reason'], 'PullRequest') + + - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 + displayName: 'Scan for secrets' + inputs: + debugMode: false + + - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2 + displayName: 'Publish Secret Scan Logs to Build Artifacts' + continueOnError: true + + - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1 + displayName: 'Check for failures' + inputs: + CredScan: true + ToolLogsNotFoundAction: Error \ No newline at end of file From 90047f7628be9a0c3289e06778861b48e162d0c8 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 1 Apr 2019 11:39:46 -0700 Subject: [PATCH 2/2] Fix typo in file name --- .vsts-ci/{misc-anlysis.yml => misc-analysis.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .vsts-ci/{misc-anlysis.yml => misc-analysis.yml} (100%) diff --git a/.vsts-ci/misc-anlysis.yml b/.vsts-ci/misc-analysis.yml similarity index 100% rename from .vsts-ci/misc-anlysis.yml rename to .vsts-ci/misc-analysis.yml