File: credscan.yml

package info (click to toggle)
golang-github-azure-azure-sdk-for-go 68.0.0-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 556,256 kB
  • sloc: javascript: 196; sh: 96; makefile: 7
file content (53 lines) | stat: -rw-r--r-- 2,253 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# cSpell:ignore changedfiles
# cSpell:ignore credscan
# cSpell:ignore securedevelopmentteam
# cSpell:ignore postanalysis
parameters:
  SuppressionFilePath: 'eng/CredScanSuppression.json'
  BaselineFilePath: ''
  SourceDirectory: $(Build.SourcesDirectory)
  ServiceDirectory: ''

steps:
- pwsh: |
    if ("$(Build.Reason)" -eq 'PullRequest') {
      $changedFiles = & "eng/common/scripts/get-changedfiles.ps1"
      $changedFiles | ForEach-Object { Add-Content -Path "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$_"}
    }
    else {
      $scanFolder = ""
      if ("${{ parameters.ServiceDirectory }}" -ne '') {
        $scanFolder = "sdk/${{ parameters.ServiceDirectory }}"
      }
      Set-Content "${{ parameters.SourceDirectory }}/credscan.tsv" -Value "${{ parameters.SourceDirectory }}/$scanFolder"
    }
    if(Test-Path "${{ parameters.SourceDirectory }}/credscan.tsv") {
      Get-Content "${{ parameters.SourceDirectory }}/credscan.tsv"
    }
    else {
      Write-Host "##vso[task.setvariable variable=SKIP_CREDSCAN]true"
    }
  displayName: CredScan setup
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
  displayName: CredScan running
  condition: and(succeededOrFailed(), ne(variables['SKIP_CREDSCAN'], true))
  inputs:
    toolVersion: 2.2.7.8 
    scanFolder: "${{ parameters.SourceDirectory }}/credscan.tsv"
    suppressionsFile: ${{ parameters.SuppressionFilePath }}
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
  displayName: CredScan result analysis
  condition: and(succeededOrFailed(), ne(variables['SKIP_CREDSCAN'], true))
  inputs:
    GdnBreakBaselineFiles: ${{ parameters.BaselineFilePath }}
    GdnBreakAllTools: false
    GdnBreakGdnToolCredScan: true
    GdnBreakGdnToolCredScanSeverity: Error
    GdnBreakBaselines: baseline
    # Used for generating baseline file.
    # GdnBreakOutputBaselineFile: baseline
    # GdnBreakOutputBaseline: baseline
- pwsh: |
    Write-Host "Please check https://aka.ms/azsdk/credscan for more information about the cred scan failure."
  displayName: CredScan troubleshooting guide
  condition: and(failed(), ne(variables['SKIP_CREDSCAN'], true))