...

Text file src/github.com/Azure/azure-sdk-for-go/eng/common/pipelines/templates/steps/policheck.yml

Documentation: github.com/Azure/azure-sdk-for-go/eng/common/pipelines/templates/steps

     1parameters:
     2  ExclusionDataBaseFileName: ''
     3  TargetDirectory: ''
     4  PublishAnalysisLogs: false
     5  PoliCheckBlobSAS: "$(azuresdk-policheck-blob-SAS)"
     6  ExclusionFilePath: "$(Build.SourcesDirectory)/eng/guardian-tools/policheck/PolicheckExclusions.xml"
     7
     8steps:
     9  - pwsh: |
    10      azcopy copy "https://azuresdkartifacts.blob.core.windows.net/policheck/${{ parameters.ExclusionDataBaseFileName }}.mdb?${{ parameters.PoliCheckBlobSAS }}" `
    11      "$(Build.BinariesDirectory)"
    12    displayName: 'Download PoliCheck Exclusion Database'
    13
    14  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
    15    displayName: 'Run PoliCheck'
    16    inputs:
    17      targetType: F
    18      targetArgument: "$(Build.SourcesDirectory)/${{ parameters.TargetDirectory }}"
    19      result: PoliCheck.sarif
    20      optionsFC: 0
    21      optionsXS: 1
    22      optionsPE: 1|2|3|4
    23      optionsRulesDBPath: "$(Build.BinariesDirectory)/${{ parameters.ExclusionDataBaseFileName }}.mdb"
    24      optionsUEPATH: ${{ parameters.ExclusionFilePath }}
    25
    26  - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
    27    displayName: 'Post Analysis (PoliCheck)'
    28    inputs:
    29      GdnBreakAllTools: false
    30      GdnBreakGdnToolPoliCheck: true
    31      GdnBreakGdnToolPoliCheckSeverity: Warning
    32    continueOnError: true
    33
    34  - ${{ if eq(parameters.PublishAnalysisLogs, 'true') }}:
    35    - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3
    36      displayName: 'Publish Security Analysis Logs'

View as plain text