maxmustermann/PowerShell
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
PowerShell/tools/releaseBuild/azureDevOps/templates/compliance.yml
Travis Plunk fed0ef0a20
Add binskim to coordinated build and increase timout (#8834) 
Add binskim to coordinated build and increase timout 

## PR Context  

Total timeout for the old build was 220 minutes.
The portions before the compliance take ~30 minutes.
So, I went with 180.

I also found I missed binskim when doing this work
2019-02-05 15:58:43 -08:00

147 lines
4.3 KiB
YAML
Raw Blame History

parameters:
parentJobs: []
jobs:
- job: compliance
displayName: Compliance
dependsOn:
${{ parameters.parentJobs }}
pool:
name: Package ES CodeHub Lab E
# APIScan can take a long time
timeoutInMinutes: 180
steps:
- template: SetVersionVariables.yml
parameters:
ReleaseTagVar: $(ReleaseTagVar)
- task: DownloadBuildArtifacts@0
displayName: 'Download artifacts'
inputs:
downloadType: specific
itemPattern: |
**/*.zip
- powershell: |
dir "$(System.ArtifactsDirectory)\*" -Recurse
displayName: 'Capture artifacts directory'
continueOnError: true
- template: expand-compliance.yml
parameters:
architecture: x86
version: $(version)
- template: expand-compliance.yml
parameters:
architecture: x64
version: $(version)
- template: expand-compliance.yml
parameters:
architecture: fxdependent
version: $(version)
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
displayName: 'Run Defender Scan'
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
displayName: 'Run CredScan'
inputs:
suppressionsFile: tools/credScan/suppress.json
debugMode: false
continueOnError: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3
displayName: 'Run BinSkim '
inputs:
InputType: Basic
AnalyzeTarget: '$(CompliancePath)\*.dll;$(CompliancePath)\*.exe'
AnalyzeSymPath: 'SRV*'
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeStatistics: true
continueOnError: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
displayName: 'Run PoliCheck'
inputs:
targetType: F
optionsFC: 0
optionsXS: 0
optionsPE: '1|2|3|4'
optionsHMENABLE: 0
optionsRulesDBPath: '$(Build.SourcesDirectory)\tools\terms\PowerShell-Terms-Rules.mdb'
optionsFTPATH: '$(Build.SourcesDirectory)\tools\terms\FileTypeSet.xml'
continueOnError: true
# add RoslynAnalyzers
- task: securedevelopmentteam.vss-secure-development-tools.build-task-autoapplicability.AutoApplicability@1
displayName: 'Run AutoApplicability'
inputs:
ExternalRelease: true
IsSoftware: true
DataSensitivity: lbi
continueOnError: true
# add codeMetrics
- task: securedevelopmentteam.vss-secure-development-tools.build-task-vulnerabilityassessment.VulnerabilityAssessment@0
displayName: 'Run Vulnerability Assessment'
continueOnError: true
# FXCop is not applicable
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
displayName: 'Publish Security Analysis Logs to Build Artifacts'
continueOnError: true
# PreFASt is not applicable
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
displayName: 'Run PoliCheck'
inputs:
targetType: F
optionsFC: 0
optionsXS: 0
optionsPE: '1|2|3|4'
optionsHMENABLE: 0
optionsRulesDBPath: '$(Build.SourcesDirectory)\tools\terms\PowerShell-Terms-Rules.mdb'
optionsFTPATH: '$(Build.SourcesDirectory)\tools\terms\FileTypeSet.xml'
continueOnError: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-apiscan.APIScan@1
displayName: 'Run APIScan'
inputs:
softwareFolder: '$(CompliancePath)'
softwareName: PowerShell
softwareVersionNum: '$(ReleaseTagVar)'
isLargeApp: false
preserveTempFiles: true
continueOnError: true
- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1
displayName: 'TSA upload to Codebase: PowerShellCore_201807 Stamp: Azure'
inputs:
tsaStamp: $(TsaStamp)
codeBaseName: $(CodeBaseName)
uploadFortifySCA: false
uploadFxCop: false
uploadModernCop: false
uploadPREfast: false
uploadRoslyn: false
uploadTSLint: false
- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1
displayName: 'Create Security Analysis Report'
inputs:
TsvFile: false
APIScan: true
BinSkim: true
CredScan: true
PoliCheck: true
PoliCheckBreakOn: Severity2Above
Reference in a new issue View git blame Copy permalink