This repository has been archived by the owner on Mar 26, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #31 from microsoft/credscan
Credscan and CG
- Loading branch information
Showing
7 changed files
with
1,876 additions
and
93 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
trigger: | ||
- master | ||
- main | ||
|
||
pool: | ||
vmImage: 'ubuntu-latest' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Checks for Component Governance and CredScan | ||
trigger: | ||
- main | ||
|
||
pool: | ||
vmImage: ubuntu-18.04 | ||
demands: | ||
- msbuild | ||
- npm | ||
|
||
variables: | ||
GDN_VERSION: '0.110.0-linux' | ||
GDNP_VERSION: '1.61.0-linux' | ||
|
||
steps: | ||
- template: templates/credscan.yml | ||
parameters: | ||
buildName: 'android-app-size-diff-$(Build.SourceBranch)' | ||
|
||
- template: templates/component-governance.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
steps: | ||
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 | ||
displayName: 'Component Detection' | ||
inputs: | ||
failOnAlert: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# Run the Credential Scanner check for security compliance. This then also | ||
# publishes the artifacts in a Microsoft compliant way. | ||
parameters: | ||
isShipped: false | ||
# This will be used for the Asset group name and should not have spaces as it may cause problems with ARROW processing. | ||
buildName: 'android-app-size-diff' | ||
|
||
steps: | ||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3 | ||
displayName: 'Run Credential Scanner' | ||
inputs: | ||
debugMode: false | ||
|
||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@3 | ||
displayName: 'Publish Guardian Artifacts' | ||
inputs: | ||
ArtifactType: M365 | ||
|
||
- task: dikalya.AssetRetention.asset-retention-task.AssetRetention@3 | ||
displayName: 'ARtifact Retention Orchestrator Workflow (ARROW)' | ||
inputs: | ||
ArrowServiceConnection: 'Arrow_msresearch_JAVTUN' | ||
AssetGroupName: '$(System.TeamProject)_${{ parameters.buildName }}' | ||
AssetNumber: '$(Build.BuildId)' | ||
IsShipped: ${{ parameters.isShipped }} | ||
DropsToRetain: 'CodeAnalysisLogs' | ||
condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/heads/')) | ||
|
||
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2 | ||
displayName: 'Guardian Break' | ||
inputs: | ||
GdnBreakPolicyMinSev: Warning | ||
GdnBreakAllTools: true | ||
GdnBreakGdnToolCredScan: true | ||
GdnBreakGdnToolCredScanSeverity: Warning | ||
GdnBreakPolicy: M365 |
Oops, something went wrong.