32561022ca
## PR Summary Move Final artifacts from universal build to `finalResults` folder
134 lines
4 KiB
YAML
134 lines
4 KiB
YAML
parameters:
|
|
parentJobs: []
|
|
|
|
jobs:
|
|
- job: compliance
|
|
displayName: Compliance
|
|
dependsOn:
|
|
${{ parameters.parentJobs }}
|
|
pool:
|
|
name: Package ES CodeHub Lab E
|
|
# APIScan can take a long time
|
|
timeoutInMinutes: 90
|
|
|
|
steps:
|
|
- template: SetVersionVariables.yml
|
|
parameters:
|
|
ReleaseTagVar: $(ReleaseTagVar)
|
|
|
|
- task: DownloadBuildArtifacts@0
|
|
displayName: 'Download artifacts'
|
|
inputs:
|
|
downloadType: specific
|
|
itemPattern: |
|
|
**/*.zip
|
|
|
|
- powershell: |
|
|
dir "$(System.ArtifactsDirectory)\*" -Recurse
|
|
displayName: 'Capture artifacts directory'
|
|
continueOnError: true
|
|
|
|
- template: expand-compliance.yml
|
|
parameters:
|
|
architecture: x86
|
|
version: $(version)
|
|
|
|
- template: expand-compliance.yml
|
|
parameters:
|
|
architecture: x64
|
|
version: $(version)
|
|
|
|
- template: expand-compliance.yml
|
|
parameters:
|
|
architecture: fxdependent
|
|
version: $(version)
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3
|
|
displayName: 'Run Defender Scan'
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
|
|
displayName: 'Run CredScan'
|
|
inputs:
|
|
suppressionsFile: tools/credScan/suppress.json
|
|
debugMode: false
|
|
continueOnError: true
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
|
|
displayName: 'Run PoliCheck'
|
|
inputs:
|
|
targetType: F
|
|
optionsFC: 0
|
|
optionsXS: 0
|
|
optionsPE: '1|2|3|4'
|
|
optionsHMENABLE: 0
|
|
optionsRulesDBPath: '$(Build.SourcesDirectory)\tools\terms\PowerShell-Terms-Rules.mdb'
|
|
optionsFTPATH: '$(Build.SourcesDirectory)\tools\terms\FileTypeSet.xml'
|
|
continueOnError: true
|
|
|
|
# add RoslynAnalyzers
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-autoapplicability.AutoApplicability@1
|
|
displayName: 'Run AutoApplicability'
|
|
inputs:
|
|
ExternalRelease: true
|
|
IsSoftware: true
|
|
DataSensitivity: lbi
|
|
continueOnError: true
|
|
|
|
# add codeMetrics
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-vulnerabilityassessment.VulnerabilityAssessment@0
|
|
displayName: 'Run Vulnerability Assessment'
|
|
continueOnError: true
|
|
|
|
# FXCop is not applicable
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
|
|
displayName: 'Publish Security Analysis Logs to Build Artifacts'
|
|
continueOnError: true
|
|
|
|
# PreFASt is not applicable
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1
|
|
displayName: 'Run PoliCheck'
|
|
inputs:
|
|
targetType: F
|
|
optionsFC: 0
|
|
optionsXS: 0
|
|
optionsPE: '1|2|3|4'
|
|
optionsHMENABLE: 0
|
|
optionsRulesDBPath: '$(Build.SourcesDirectory)\tools\terms\PowerShell-Terms-Rules.mdb'
|
|
optionsFTPATH: '$(Build.SourcesDirectory)\tools\terms\FileTypeSet.xml'
|
|
continueOnError: true
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-apiscan.APIScan@1
|
|
displayName: 'Run APIScan'
|
|
inputs:
|
|
softwareFolder: '$(CompliancePath)'
|
|
softwareName: PowerShell
|
|
softwareVersionNum: '$(ReleaseTagVar)'
|
|
isLargeApp: false
|
|
preserveTempFiles: true
|
|
continueOnError: true
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1
|
|
displayName: 'TSA upload to Codebase: PowerShellCore_201807 Stamp: Azure'
|
|
inputs:
|
|
tsaStamp: $(TsaStamp)
|
|
codeBaseName: $(CodeBaseName)
|
|
uploadFortifySCA: false
|
|
uploadFxCop: false
|
|
uploadModernCop: false
|
|
uploadPREfast: false
|
|
uploadRoslyn: false
|
|
uploadTSLint: false
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1
|
|
displayName: 'Create Security Analysis Report'
|
|
inputs:
|
|
TsvFile: false
|
|
APIScan: true
|
|
BinSkim: true
|
|
CredScan: true
|
|
PoliCheck: true
|
|
PoliCheckBreakOn: Severity2Above
|