Text file src/github.com/Azure/azure-sdk-for-go/eng/common/pipelines/templates/steps/credscan.yml

Documentation: github.com/Azure/azure-sdk-for-go/eng/common/pipelines/templates/steps

     1# cSpell:ignore changedfiles
     2# cSpell:ignore credscan
     3# cSpell:ignore securedevelopmentteam
     4# cSpell:ignore postanalysis
     5parameters:
     6  SuppressionFilePath: 'eng/CredScanSuppression.json'
     7  BaselineFilePath: ''
     8  SourceDirectory: $(Build.SourcesDirectory)
     9  ServiceDirectory: ''
    10
    11steps:
    12- pwsh: |
    13    if ("$(Build.Reason)" -eq 'PullRequest') {
    14      $changedFiles = & "eng/common/scripts/get-changedfiles.ps1"
    15      $changedFiles | ForEach-Object { Add-Content -Path "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$_"}
    16    }
    17    else {
    18      $scanFolder = ""
    19      if ("${{ parameters.ServiceDirectory }}" -ne '') {
    20        $scanFolder = "sdk/${{ parameters.ServiceDirectory }}"
    21      }
    22      Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder"
    23    }
    24    if(Test-Path "${{ parameters.SourceDirectory }}/credscan.tsv") {
    25      Get-Content "${{ parameters.SourceDirectory }}/credscan.tsv"
    26    }
    27    else {
    28      Write-Host "##vso[task.setvariable variable=SKIP_CREDSCAN]true"
    29    }
    30  displayName: CredScan setup
    31- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
    32  displayName: CredScan running
    33  condition: and(succeededOrFailed(), ne(variables['SKIP_CREDSCAN'], true))
    34  inputs:
    35    toolVersion: 2.2.7.8 
    36    scanFolder: "${{ parameters.SourceDirectory }}/credscan.tsv"
    37    suppressionsFile: ${{ parameters.SuppressionFilePath }}
    38- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
    39  displayName: CredScan result analysis
    40  condition: and(succeededOrFailed(), ne(variables['SKIP_CREDSCAN'], true))
    41  inputs:
    42    GdnBreakBaselineFiles: ${{ parameters.BaselineFilePath }}
    43    GdnBreakAllTools: false
    44    GdnBreakGdnToolCredScan: true
    45    GdnBreakGdnToolCredScanSeverity: Error
    46    GdnBreakBaselines: baseline
    47    # Used for generating baseline file.
    48    # GdnBreakOutputBaselineFile: baseline
    49    # GdnBreakOutputBaseline: baseline
    50- pwsh: |
    51    Write-Host "Please check https://aka.ms/azsdk/credscan for more information about the cred scan failure."
    52  displayName: CredScan troubleshooting guide
    53  condition: and(failed(), ne(variables['SKIP_CREDSCAN'], true))

View as plain text