-
Notifications
You must be signed in to change notification settings - Fork 350
/
credscan.yml
82 lines (74 loc) · 2.18 KB
/
credscan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
steps:
# CredScan
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
displayName: 'Run CredScan - Src'
inputs:
scanFolder: '$(Build.SourcesDirectory)\src'
debugMode: false
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
displayName: 'Run CredScan - Test'
inputs:
scanFolder: '$(Build.SourcesDirectory)\test'
debugMode: false
- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
displayName: 'Run CredScan - Tools'
inputs:
scanFolder: '$(Build.SourcesDirectory)\tools'
debugMode: false
- task: BinSkim@3
displayName: 'Run BinSkim - Product Binaries'
inputs:
InputType: Basic
AnalyzeTarget: |
$(productBinPathEdm)\**\$(mainDllEdm)
AnalyzeSymPath: |
$(productBinPathEdm)
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeEnvironment: true
- task: BinSkim@3
displayName: 'Run BinSkim - Product Binaries'
inputs:
InputType: Basic
AnalyzeTarget: |
$(productBinPathCore)\**\$(mainDllCore)
AnalyzeSymPath: |
$(productBinPathCore)
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeEnvironment: true
- task: BinSkim@3
displayName: 'Run BinSkim - Product Binaries'
inputs:
InputType: Basic
AnalyzeTarget: |
$(productBinPathSpatial)\**\$(mainDllSpatial)
AnalyzeSymPath: |
$(productBinPathSpatial)
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeEnvironment: true
- task: BinSkim@3
displayName: 'Run BinSkim - Product Binaries'
inputs:
InputType: Basic
AnalyzeTarget: |
$(productBinPathClient)\**\$(mainDllClient)
AnalyzeSymPath: |
$(productBinPathClient)
AnalyzeVerbose: true
AnalyzeHashes: true
AnalyzeEnvironment: true
- task: PublishSecurityAnalysisLogs@2
displayName: 'Publish Security Analysis Logs'
inputs:
ArtifactName: SecurityLogs
- task: PostAnalysis@1
displayName: 'Post Analysis'
inputs:
BinSkim: true
CredScan: true
PoliCheck: true
PoliCheckBreakOn: Severity2Above
enabled: true
continueOnError: true