...
1# cSpell:ignore changedfiles
2# cSpell:ignore credscan
3# cSpell:ignore securedevelopmentteam
4# cSpell:ignore postanalysis
5parameters:
6 SuppressionFilePath: 'eng/CredScanSuppression.json'
7 BaselineFilePath: ''
8 SourceDirectory: $(Build.SourcesDirectory)
9 ServiceDirectory: ''
10
11steps:
12- pwsh: |
13 if ("$(Build.Reason)" -eq 'PullRequest') {
14 $changedFiles = & "eng/common/scripts/get-changedfiles.ps1"
15 $changedFiles | ForEach-Object { Add-Content -Path "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$_"}
16 }
17 else {
18 $scanFolder = ""
19 if ("${{ parameters.ServiceDirectory }}" -ne '') {
20 $scanFolder = "sdk/${{ parameters.ServiceDirectory }}"
21 }
22 Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder"
23 }
24 if(Test-Path "${{ parameters.SourceDirectory }}/credscan.tsv") {
25 Get-Content "${{ parameters.SourceDirectory }}/credscan.tsv"
26 }
27 else {
28 Write-Host "##vso[task.setvariable variable=SKIP_CREDSCAN]true"
29 }
30 displayName: CredScan setup
31- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
32 displayName: CredScan running
33 condition: and(succeededOrFailed(), ne(variables['SKIP_CREDSCAN'], true))
34 inputs:
35 toolVersion: 2.2.7.8
36 scanFolder: "${{ parameters.SourceDirectory }}/credscan.tsv"
37 suppressionsFile: ${{ parameters.SuppressionFilePath }}
38- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
39 displayName: CredScan result analysis
40 condition: and(succeededOrFailed(), ne(variables['SKIP_CREDSCAN'], true))
41 inputs:
42 GdnBreakBaselineFiles: ${{ parameters.BaselineFilePath }}
43 GdnBreakAllTools: false
44 GdnBreakGdnToolCredScan: true
45 GdnBreakGdnToolCredScanSeverity: Error
46 GdnBreakBaselines: baseline
47 # Used for generating baseline file.
48 # GdnBreakOutputBaselineFile: baseline
49 # GdnBreakOutputBaseline: baseline
50- pwsh: |
51 Write-Host "Please check https://aka.ms/azsdk/credscan for more information about the cred scan failure."
52 displayName: CredScan troubleshooting guide
53 condition: and(failed(), ne(variables['SKIP_CREDSCAN'], true))
View as plain text