From 0b804d1358c3107c111b351ed05d1e83a0836122 Mon Sep 17 00:00:00 2001 From: Tyler Leonhardt Date: Tue, 2 Apr 2019 10:52:17 -0700 Subject: [PATCH] add initial credscan ymls --- .vsts-ci/misc-analysis.yml | 21 +++++++++++++++++++++ .vsts-ci/templates/credscan.yml | 31 +++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 .vsts-ci/misc-analysis.yml create mode 100644 .vsts-ci/templates/credscan.yml diff --git a/.vsts-ci/misc-analysis.yml b/.vsts-ci/misc-analysis.yml new file mode 100644 index 0000000000..0832d62eb0 --- /dev/null +++ b/.vsts-ci/misc-analysis.yml @@ -0,0 +1,21 @@ +name: PR-$(System.PullRequest.PullRequestNumber)-$(Date:yyyyMMdd)$(Rev:.rr) +trigger: + # Batch merge builds together while a merge build is running + batch: true + branches: + include: + - master + - legacy/1.x + +pr: + branches: + include: + - master + - legacy/1.x + +resources: +- repo: self + clean: true + +jobs: +- template: templates/credscan.yml diff --git a/.vsts-ci/templates/credscan.yml b/.vsts-ci/templates/credscan.yml new file mode 100644 index 0000000000..eb711c8e0f --- /dev/null +++ b/.vsts-ci/templates/credscan.yml @@ -0,0 +1,31 @@ +parameters: + pool: 'Hosted VS2017' + jobName: 'credscan' + displayName: Secret Scan + +jobs: +- job: ${{ parameters.jobName }} + pool: + name: ${{ parameters.pool }} + + displayName: ${{ parameters.displayName }} + + steps: + - powershell: Write-Host "##vso[build.updatebuildnumber]$env:BUILD_SOURCEBRANCHNAME-$env:BUILD_SOURCEVERSION-$((get-date).ToString("yyyyMMddhhmmss"))" + displayName: Set Build Name for Non-PR + condition: ne(variables['Build.Reason'], 'PullRequest') + + - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 + displayName: 'Scan for secrets' + inputs: + debugMode: false + + - task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2 + displayName: 'Publish Secret Scan Logs to Build Artifacts' + continueOnError: true + + - task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1 + displayName: 'Check for failures' + inputs: + CredScan: true + ToolLogsNotFoundAction: Error