forked from veracode/verademo
-
Notifications
You must be signed in to change notification settings - Fork 1
/
azure-pipelines-pipelinescan.yml
47 lines (42 loc) · 1.37 KB
/
azure-pipelines-pipelinescan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Maven
# Build your Java project and run tests with Apache Maven.
# Add steps that analyze code, save build artifacts, deploy, and more:
# https://docs.microsoft.com/azure/devops/pipelines/languages/java
trigger:
- master
pool:
vmImage: ubuntu-latest
steps:
- task: Maven@3
displayName: 'build verademo'
inputs:
mavenPomFile: 'pom.xml'
mavenOptions: '-Xmx3072m'
javaHomeOption: 'JDKVersion'
jdkVersionOption: '1.8'
jdkArchitectureOption: 'x64'
publishJUnitResults: true
testResultsFiles: '**/surefire-reports/TEST-*.xml'
goals: 'package'
- task: Bash@3
displayName: 'Veracode SCA scan'
inputs:
targetType: 'inline'
script: |
export SRCCLR_SCM_URI=https://github.com/christyson/verademo
export SRCCLR_API_TOKEN="$(SRCCLR_API_TOKEN)"
export SRCCLR_SCM_REF=master
export SRCCLR_SCM_REF_TYPE=branch
export SRCCLR_SCM_REV="$(build.buildNumber)"
curl -sSL https://download.sourceclear.com/ci.sh | bash -s -- scan --update-advisor
continueOnError: true
env:
SRCCLR_API_TOKEN: $(SRCCLR_API_TOKEN)
- task: VeracodePipelineScan@0
displayName: 'Download Veracode Pipeline Scanner'
inputs:
VeracodeAPIID: '$(VERACODE_API_ID)'
VeracodeAPIsecret: '$(VERACODE_API_KEY)'
fileToScan: '/home/vsts/work/1/s/target/verademo.war'
policyName: 'OWASP'
continueOnError: true