143 lines
4.4 KiB
YAML
143 lines
4.4 KiB
YAML
|
parameters:
|
||
|
parentJobs: []
|
||
|
|
||
|
jobs:
|
||
|
- job: compliance
|
||
|
displayName: Compliance
|
||
|
dependsOn:
|
||
|
${{ parameters.parentJobs }}
|
||
|
pool:
|
||
|
name: Package ES CodeHub Lab E
|
||
|
|
||
|
steps:
|
||
|
- powershell: |
|
||
|
tools/releaseBuild/setReleaseTag.ps1 -ReleaseTag $(ReleaseTagVar) -Variable "ReleaseTagVar"
|
||
|
displayName: 'Set ReleaseTag Variable'
|
||
|
|
||
|
- task: DownloadBuildArtifacts@0
|
||
|
displayName: 'Download artifacts'
|
||
|
inputs:
|
||
|
downloadType: specific
|
||
|
itemPattern: |
|
||
|
**/*.zip
|
||
|
|
||
|
- powershell: |
|
||
|
dir "$(System.ArtifactsDirectory)\*" -Recurse
|
||
|
displayName: 'Capture artifacts directory'
|
||
|
continueOnError: true
|
||
|
|
||
|
- powershell: |
|
||
|
$version = '$(ReleaseTagVar)'.Substring(1)
|
||
|
$vstsCommandString = "vso[task.setvariable variable=Version]$version"
|
||
|
Write-Host "sending " + $vstsCommandString
|
||
|
Write-Host "##$vstsCommandString"
|
||
|
|
||
|
$azureVersion = '$(ReleaseTagVar)'.ToLowerInvariant() -replace '\.', '-'
|
||
|
$vstsCommandString = "vso[task.setvariable variable=AzureVersion]$azureVersion"
|
||
|
Write-Host "sending " + $vstsCommandString
|
||
|
Write-Host "##$vstsCommandString"
|
||
|
|
||
|
displayName: 'Set Version Variable'
|
||
|
|
||
|
- template: expand-compliance.yml
|
||
|
parameters:
|
||
|
architecture: x86
|
||
|
|
||
|
- template: expand-compliance.yml
|
||
|
parameters:
|
||
|
architecture: x64
|
||
|
|
||
|
- template: expand-compliance.yml
|
||
|
parameters:
|
||
|
architecture: fxdependent
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
|
||
|
displayName: 'Run MpCmdRun.exe'
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
|
||
|
displayName: 'Run CredScan'
|
||
|
inputs:
|
||
|
suppressionsFile: tools/credScan/suppress.json
|
||
|
debugMode: false
|
||
|
continueOnError: true
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
|
||
|
displayName: 'Run PoliCheck'
|
||
|
inputs:
|
||
|
targetType: F
|
||
|
optionsFC: 0
|
||
|
optionsXS: 0
|
||
|
optionsPE: '1|2|3|4'
|
||
|
optionsHMENABLE: 0
|
||
|
optionsRulesDBPath: '$(Build.SourcesDirectory)\tools\terms\PowerShell-Terms-Rules.mdb'
|
||
|
optionsFTPATH: '$(Build.SourcesDirectory)\tools\terms\FileTypeSet.xml'
|
||
|
continueOnError: true
|
||
|
|
||
|
# add RoslynAnalyzers
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-autoapplicability.AutoApplicability@1
|
||
|
displayName: 'Run AutoApplicability'
|
||
|
inputs:
|
||
|
ExternalRelease: true
|
||
|
IsSoftware: true
|
||
|
DataSensitivity: lbi
|
||
|
continueOnError: true
|
||
|
|
||
|
# add codeMetrics
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-vulnerabilityassessment.VulnerabilityAssessment@0
|
||
|
displayName: 'Run Vulnerability Assessment'
|
||
|
continueOnError: true
|
||
|
|
||
|
# FXCop is not applicable
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
|
||
|
displayName: 'Publish Security Analysis Logs to Build Artifacts'
|
||
|
continueOnError: true
|
||
|
|
||
|
# PreFASt is not applicable
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
|
||
|
displayName: 'Run PoliCheck'
|
||
|
inputs:
|
||
|
targetType: F
|
||
|
optionsFC: 0
|
||
|
optionsXS: 0
|
||
|
optionsPE: '1|2|3|4'
|
||
|
optionsHMENABLE: 0
|
||
|
optionsRulesDBPath: '$(Build.SourcesDirectory)\tools\terms\PowerShell-Terms-Rules.mdb'
|
||
|
optionsFTPATH: '$(Build.SourcesDirectory)\tools\terms\FileTypeSet.xml'
|
||
|
continueOnError: true
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-apiscan.APIScan@1
|
||
|
displayName: 'Run APIScan'
|
||
|
inputs:
|
||
|
softwareFolder: '$(CompliancePath)'
|
||
|
softwareName: PowerShell
|
||
|
softwareVersionNum: '$(ReleaseTagVar)'
|
||
|
isLargeApp: false
|
||
|
preserveTempFiles: true
|
||
|
continueOnError: true
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1
|
||
|
displayName: 'TSA upload to Codebase: PowerShellCore_201807 Stamp: Azure'
|
||
|
inputs:
|
||
|
tsaStamp: $(TsaStamp)
|
||
|
codeBaseName: $(CodeBaseName)
|
||
|
uploadFortifySCA: false
|
||
|
uploadFxCop: false
|
||
|
uploadModernCop: false
|
||
|
uploadPREfast: false
|
||
|
uploadRoslyn: false
|
||
|
uploadTSLint: false
|
||
|
|
||
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1
|
||
|
displayName: 'Create Security Analysis Report'
|
||
|
inputs:
|
||
|
TsvFile: false
|
||
|
APIScan: true
|
||
|
BinSkim: true
|
||
|
CredScan: true
|
||
|
PoliCheck: true
|
||
|
PoliCheckBreakOn: Severity2Above
|