14980aa943
Add secret scanning to CI ## PR Context This should prevent us from having any secrets in our history
29 lines
866 B
YAML
29 lines
866 B
YAML
parameters:
|
|
pool: 'Hosted VS2017'
|
|
jobName: 'credscan'
|
|
displayName: Secret Scan
|
|
|
|
jobs:
|
|
- job: ${{ parameters.jobName }}
|
|
pool:
|
|
name: ${{ parameters.pool }}
|
|
|
|
displayName: ${{ parameters.displayName }}
|
|
|
|
steps:
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
|
|
displayName: 'Scan for secrets'
|
|
inputs:
|
|
suppressionsFile: tools/credScan/suppress.json
|
|
debugMode: false
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2
|
|
displayName: 'Publish Secret Scan Logs to Build Artifacts'
|
|
continueOnError: true
|
|
|
|
- task: securedevelopmentteam.vss-secure-development-tools.build-task-postanalysis.PostAnalysis@1
|
|
displayName: 'Check for failures'
|
|
inputs:
|
|
CredScan: true
|
|
ToolLogsNotFoundAction: Error
|