...
1parameters:
2 ExclusionDataBaseFileName: ''
3 TargetDirectory: ''
4 PublishAnalysisLogs: false
5 PoliCheckBlobSAS: "$(azuresdk-policheck-blob-SAS)"
6 ExclusionFilePath: "$(Build.SourcesDirectory)/eng/guardian-tools/policheck/PolicheckExclusions.xml"
7
8steps:
9 - pwsh: |
10 azcopy copy "https://azuresdkartifacts.blob.core.windows.net/policheck/${{ parameters.ExclusionDataBaseFileName }}.mdb?${{ parameters.PoliCheckBlobSAS }}" `
11 "$(Build.BinariesDirectory)"
12 displayName: 'Download PoliCheck Exclusion Database'
13
14 - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
15 displayName: 'Run PoliCheck'
16 inputs:
17 targetType: F
18 targetArgument: "$(Build.SourcesDirectory)/${{ parameters.TargetDirectory }}"
19 result: PoliCheck.sarif
20 optionsFC: 0
21 optionsXS: 1
22 optionsPE: 1|2|3|4
23 optionsRulesDBPath: "$(Build.BinariesDirectory)/${{ parameters.ExclusionDataBaseFileName }}.mdb"
24 optionsUEPATH: ${{ parameters.ExclusionFilePath }}
25
26 - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
27 displayName: 'Post Analysis (PoliCheck)'
28 inputs:
29 GdnBreakAllTools: false
30 GdnBreakGdnToolPoliCheck: true
31 GdnBreakGdnToolPoliCheckSeverity: Warning
32 continueOnError: true
33
34 - ${{ if eq(parameters.PublishAnalysisLogs, 'true') }}:
35 - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
36 displayName: 'Publish Security Analysis Logs'
View as plain text