Skip to content

Commit

Permalink
Add policheck to CI run, update policheck steps with common template (#…
Browse files Browse the repository at this point in the history 
…17859)
  • Loading branch information
@chidozieononiwu
chidozieononiwu authored Sep 29, 2021
1 parent da46250 commit 576f2b2
Showing 1 changed file with 4 additions and 26 deletions.
30 changes: 4 additions & 26 deletions eng/pipelines/aggregate-reports.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,32 +68,10 @@ stages:
- job: ComplianceTools
timeoutInMinutes: 120
steps:
- pwsh: |
azcopy copy "https://azuresdkartifacts.blob.core.windows.net/policheck/JavaScriptPoliCheckExclusion.mdb?$(azuresdk-policheck-blob-SAS)" `
"$(Build.BinariesDirectory)"
displayName: 'Download PoliCheck Exclusion Database'
condition: succeededOrFailed()
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
displayName: 'Run PoliCheck'
inputs:
targetType: F
targetArgument: '$(Build.SourcesDirectory)'
result: PoliCheck.sarif
optionsFC: 0
optionsXS: 1
optionsPE: 1|2|3|4
optionsRulesDBPath: "$(Build.BinariesDirectory)/JavaScriptPoliCheckExclusion.mdb"
optionsUEPATH: "$(Build.SourcesDirectory)/eng/guardian-tools/policheck/PolicheckExclusions.xml"
condition: succeededOrFailed()

- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@2
displayName: 'Post Analysis (PoliCheck)'
inputs:
GdnBreakAllTools: false
GdnBreakGdnToolPoliCheck: true
GdnBreakGdnToolPoliCheckSeverity: Warning
continueOnError: true
- template: /eng/common/pipelines/templates/steps/policheck.yml
parameters:
ExclusionDataBaseFileName: "JavaScriptPoliCheckExclusion"
PublishAnalysisLogs: false

- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
displayName: 'Run CredScan'
Expand Down

0 comments on commit 576f2b2

Please sign in to comment.